The security of computers and the Internet is a horrible and dangerous mess. Every week we hear about breaches of databases of Social Security numbers and financial information and health records, and about critical infrastructure being insecure.

It's only after you get down into the technical weeds - and they are admittedly rather weedy - that it becomes clear that this is much harder than it seems and not something we're going to be able to solve.

I think it's interesting because the 1990s ended with the government pretty much giving up. There was a recognition that encryption was important. In 2000, the government considerably loosened the export controls on encryption technology and really went about actively encouraging the use of encryption rather than discouraging it.

We basically have only two real tried and true techniques that can help counter this. One of them is to make systems as simple as we can, and there are limits to that because we can only simplify things so much. The other is the use of encryption.

On balance, the use of encryption, just like the use of good locks on doors, has the net effect of preventing a lot more crime than it might assist.

Telephone handsets are particularly in need of built-in security. We have almost every aspect of our personal and work lives reflected on them and we lose them all the time. We leave them in taxis. We leave them on airplanes. The consequences of one of these devices falling into the wrong hands are very, very serious.

Computer science doesn't know how to build complex systems that work reliably. This has been a well-understood problem since the very beginning of programmable computers.