The security of computers and the Internet is a horrible and dangerous mess. Every week we hear about breaches of databases of Social Security numbers and financial information and health records, and about critical infrastructure being insecure.

It may be true that encryption makes certain investigations of crime more difficult. It can close down certain investigative techniques or make it harder to get access to certain kinds of electronic evidence. But it also prevents crime by making our computers, our infrastructure, our medical records, our financial records, more robust against criminals. It prevents crime.

What encryption lets us do is say, "Yes, the Internet is insecure." Bad guys are able to compromise computers everywhere, but we're able to tolerate that because if they do intercept our messages, they can't do any harm with it.

We basically have only two real tried and true techniques that can help counter this. One of them is to make systems as simple as we can, and there are limits to that because we can only simplify things so much. The other is the use of encryption.

On balance, the use of encryption, just like the use of good locks on doors, has the net effect of preventing a lot more crime than it might assist.

The people working in my field also are quite skeptical of our ability to do this. It ultimately boils down to the problem of building complex systems that are reliable and that work, and that problem has long predated the problem of access to encryption keys.

Computer science doesn't know how to build complex systems that work reliably. This has been a well-understood problem since the very beginning of programmable computers.