What encryption lets us do is say, "Yes, the Internet is insecure." Bad guys are able to compromise computers everywhere, but we're able to tolerate that because if they do intercept our messages, they can't do any harm with it.

As we build systems that are more and more complex, we make more and more subtle but very high-impact mistakes. As we use computers for more things and as we build more complex systems, this problem of unreliability and insecurity is actually getting worse, with no real sign of abating anytime soon.

Telephone handsets are particularly in need of built-in security. We have almost every aspect of our personal and work lives reflected on them and we lose them all the time. We leave them in taxis. We leave them on airplanes. The consequences of one of these devices falling into the wrong hands are very, very serious.

As the local police department might want to decrypt a phone of a criminal suspect, so would the Chinese or the Russian or the Iranian intelligence agencies like to be able to do exactly the same thing.

Clipper took a relatively simple problem, encryption between two phones, and turned it into a much more complex problem, encryption between two phones but that can be decrypted by the government under certain conditions and, by making the problem that complicated, that made it very easy for subtle flaws to slip by unnoticed. I think it demonstrated that this problem is not just a tough public policy problem, but it's also a tough technical problem.

So, in 1993, in what was probably the first salvo of the first Crypto War, there was concern coming from the National Security Agency and the FBI that encryption would soon be incorporated into lots of communications devices, and that that would cause wiretaps to go dark. There was not that much commercial use of encryption at that point. Encryption, particularly for communications traffic, was mostly something done by the government.

From a policymaker's point of view, [the back door] must look like a perfect solution. "We'll hold onto a separate copy of the keys, and we'll try to keep them really, really safe so that only in an emergency and if it's authorized by a court will we bring out those keys and use them." And, from a policy point of view, when you describe it that way, who could be against that?