As we build systems that are more and more complex, we make more and more subtle but very high-impact mistakes. As we use computers for more things and as we build more complex systems, this problem of unreliability and insecurity is actually getting worse, with no real sign of abating anytime soon.
Matt BlazeIf we try to prohibit encryption or discourage it or make it more difficult to use, we're going to suffer the consequences that will be far reaching and very difficult to reverse, and we seem to have realized that in the wake of the September 11th attacks. To the extent there is any reason to be hopeful, perhaps that's where we'll end up here.
Matt BlazeWhen the September 11th attacks happened, only about a year later, the crypto community was holding its breath because here was a time when we just had an absolutely horrific terrorist attack on U.S. soil, and if the NSA and the FBI were unhappy with anything, Congress was ready to pass any law they wanted. The PATRIOT Act got pushed through very, very quickly with bipartisan support and very, very little debate, yet it didn't include anything about encryption.
Matt BlazeFrom a policymaker's point of view, [the back door] must look like a perfect solution. "We'll hold onto a separate copy of the keys, and we'll try to keep them really, really safe so that only in an emergency and if it's authorized by a court will we bring out those keys and use them." And, from a policy point of view, when you describe it that way, who could be against that?
Matt BlazeComputer science doesn't know how to build complex systems that work reliably. This has been a well-understood problem since the very beginning of programmable computers.
Matt BlazeWe basically have only two real tried and true techniques that can help counter this. One of them is to make systems as simple as we can, and there are limits to that because we can only simplify things so much. The other is the use of encryption.
Matt BlazeThe perspective that law enforcement is presenting seems to be a very narrow one that's focused very, very heavily on investigations of past crimes rather than on preventing future crimes. It's very important for policymakers to take that broader view because they're the ones who are trusted to look at the big picture.
Matt Blaze