I think it's interesting because the 1990s ended with the government pretty much giving up. There was a recognition that encryption was important. In 2000, the government considerably loosened the export controls on encryption technology and really went about actively encouraging the use of encryption rather than discouraging it.
Matt BlazeFrom a policymaker's point of view, [the back door] must look like a perfect solution. "We'll hold onto a separate copy of the keys, and we'll try to keep them really, really safe so that only in an emergency and if it's authorized by a court will we bring out those keys and use them." And, from a policy point of view, when you describe it that way, who could be against that?
Matt BlazeWhat encryption lets us do is say, "Yes, the Internet is insecure." Bad guys are able to compromise computers everywhere, but we're able to tolerate that because if they do intercept our messages, they can't do any harm with it.
Matt BlazeIt's only after you get down into the technical weeds - and they are admittedly rather weedy - that it becomes clear that this is much harder than it seems and not something we're going to be able to solve.
Matt BlazeClipper took a relatively simple problem, encryption between two phones, and turned it into a much more complex problem, encryption between two phones but that can be decrypted by the government under certain conditions and, by making the problem that complicated, that made it very easy for subtle flaws to slip by unnoticed. I think it demonstrated that this problem is not just a tough public policy problem, but it's also a tough technical problem.
Matt BlazeComputer science doesn't know how to build complex systems that work reliably. This has been a well-understood problem since the very beginning of programmable computers.
Matt BlazeIf it were possible to hold onto this sort of database and really be assured that only good guys get access to it, we might have a different discussion. Unfortunately, we don't know how to build systems that work that way. We don't know how to do this without creating a big target and a big vulnerability.
Matt Blaze