Re: Eggs out of pancakes
The analogy is really simple.
He wants a single skeleton key that opens every door in the land.
Would you *give* someone a master key to your house? Would you give the police a copy of your keys? Whether or not they "only" use them when authorised to do so, and though you could justify it as "it saves police time as they'll be able to get into places when they have a search warrant without needing the owner's co-operation", it's a really, really bad idea. Because such a key's existence totally compromises everyone's security (as it will also open all the big City banks, etc.), access to that key can't be controlled if so many organisations require it, and the criminals only need see that key once to open EVERYONE'S home.
It's a really, really, really dumb idea.
Now... there might well be a way to implement it. There are a number of encryption schemes built around combinations of access keys, where you only need to hold a certain number of them to open the encryption while ordinary users still have encryption/decryption keys as normal and can't open other's messages. But their very existence is a huge chasm of potential compromise.
And exactly those people who you NEED to decrypt their communications won't ever use such a system for anything they don't want the FBI etc. to know. It's just that simple. It's like giving everyone a safe that the government can always open and then expecting criminals to put all their ill-gotten gains and bank vault plans into it. It's ridiculous.
Organisations need to accept that encryption is a double-edged sword, and a feature that you can't uninvent - you would be much better off putting all your resources into old fashioned policing and spying than trying to ensure that the criminals haven't used an encryption that's impossible to break. After all - at some point they have to decrypt those things, and that's your avenue, not mass surveillance and breaking into every machine on the planet and filtering out everyone's Facebook posts.
Literally, the signal-to-noise of what they want plummets the second that you capture ordinary people in the loop, so they're not helping anyone. This was always my argument against the "acres of datacentres" tripe. Maybe they do have those. But, guess what? All that does it make it even harder to spot what you were after compared to just tailing the guy you're interested in and putting a bug on his computer. At great expense.
Encryption is like "deception". It's a natural part of life now. And you can't just demand that criminals "never deceive you" or that you should be given the ability to always tell when they are being deceptive. We all are carrying devices that can run open-code that provides military-grade encryption written by people who are nothing to do with the US government, capable of encrypting hundreds of megabytes of data a second without even flinching, to the point that the encryption is irreversible within the age of the universe with current technology. Give it up. Sure, you USED to be able to not have to deal with that. Now you can't.
If the PGP / Zimmerman suit had prevailed, you might have had some control. But any mathematician with a numerical recipes book, any decent coder, anybody with a copy of Maple or Matlab or similar can give you a maths puzzle that you can never reasonably solve without having to do more than include a library or run a function. And every member of the public has a device in their pocket that's encrypting hundreds of connections an hour.
There is no backdoor that you can reasonably use.
Biting the hand that feeds IT
