Computer science doesn't know how to build complex systems that work reliably. This has been a well-understood problem since the very beginning of programmable computers.

When the September 11th attacks happened, only about a year later, the crypto community was holding its breath because here was a time when we just had an absolutely horrific terrorist attack on U.S. soil, and if the NSA and the FBI were unhappy with anything, Congress was ready to pass any law they wanted. The PATRIOT Act got pushed through very, very quickly with bipartisan support and very, very little debate, yet it didn't include anything about encryption.

It may be true that encryption makes certain investigations of crime more difficult. It can close down certain investigative techniques or make it harder to get access to certain kinds of electronic evidence. But it also prevents crime by making our computers, our infrastructure, our medical records, our financial records, more robust against criminals. It prevents crime.

If it were possible to hold onto this sort of database and really be assured that only good guys get access to it, we might have a different discussion. Unfortunately, we don't know how to build systems that work that way. We don't know how to do this without creating a big target and a big vulnerability.

We basically have only two real tried and true techniques that can help counter this. One of them is to make systems as simple as we can, and there are limits to that because we can only simplify things so much. The other is the use of encryption.

I believed then, and continue to believe now, that the benefits to our security and freedom of widely available cryptography far, far outweigh the inevitable damage that comes from its use by criminals and terrorists. I believed, and continue to believe, that the arguments against widely available cryptography, while certainly advanced by people of good will, did not hold up against the cold light of reason and were inconsistent with the most basic American values.

There's been a certain amount of opportunism in the wake of the Paris attacks in 2015, when there was almost a reflexive assumption that, "Oh, if only we didn't have strong encryption out there, these attacks could have been prevented." But, as more evidence has come out - and we don't know all the facts yet - we're seeing very little to support the idea that the Paris attackers were making any kind of use of encryption.