Two decades ago US law enforcement sought laws requiring communication providers to be able to decrypt communications when served with a court order. The proposed technology to accomplish this was escrowed encryption — keys stored by the government — and the methodology is the now infamous Clipper chip.

In 1997 a group of cryptographers and security experts — including our own Bruce Schneier — warned that such escrowed encryption created serious security risks and that it was infeasible for an international setting; after all, which nation would hold the keys? It would be fun to claim the computer scientists were prescient; a more sober assessment is that they were realistic. Two years later the US government agreed, ending its efforts on escrowed encryption. I have heard intelligence officials remark that that mistaken effort is a partial cause for our current poor state of computer security. Certainly the attempt to force escrowed encryption was no help in securing communication or computer systems.

It seems that FBI Director Comey and UK Prime Minister Cameron have not learned the lessons of the past. Both are pressing hard for laws requiring “exceptional access” mechanisms. This is some form of technology that would enable government access to content even if the content was encrypted. Yesterday Director Comey again wrote about his concerns, explaining the dangers that would ensue if devices and communications are locked, with law enforcement having no ability to get at the data even in an emergency. That’s not exactly the case. But whether or not law enforcement can tackle encrypted systems — and there is evidence that they can in many cases — is not the issue I want to discuss today.

Read the Remainder at LawfareBlog