A Response to Paul Rosenzweig's Modest Proposal on Encryption

By Herb Lin
Thursday, July 9, 2015, 12:17 AM

Paul proposes a simple rule -- "encryption providers may be required to adopt a government sponsored "back door" technology if, and only if, the methodology for that technology has been published publicly for more than 12 months and no efforts to subvert or defeat it have been successful."

This rule would certainly be a step forward from where we are today. But because human practices are often at the root of hacking a system, we also need to know who will be building the system (and what processes they will use), who will be operating the system (and what processes they will use). Otherwise, the system being analyzed is incomplete.