On Lawfare, law professor Alan Rozenshtein thinks the problem of 3rd party access to cryptographic systems may be resolvable, progress is being made, and that at least some of the problem is cultural, rather than technological or mathematical:
Again, we still don’t know whether secure third-party access is possible. None of these researchers (nor anyone else) have publicly put forward proposals at the level of detail that would be required for a full evaluation. And if they did, it’s almost certain that the research community would find serious, perhaps even fatal, flaws. But that’s how cryptographic research moves forward, and we ought to put our energy into such research rather than spend it on what Herb Lin described in 2015 as a “theological clash of absolutes”: that is, the abstract “it can’t be done/it can be done” debate that has dominated the encryption conversation. (Benjamin Wittes made a similar point around that time.)
At least for scholars and policy analysts, the question should be how to encourage this incipient line of research. It’s understandable that the government would prefer that technology companies come up with the solutions, but Washington now has an important opportunity to drive a pragmatic, research-based process. Perhaps the National Institute for Standards and Technology should lead the way, just as it successfully ran a multi-year, global, and public competition to select what became the widely used AES cryptographic protocol. But that’s just one option out of many. The larger point is that after years of bitter stalemate, the debate over law-enforcement access to encrypted systems may finally be making real progress. And to track this progress, we should focus less on the war of words between the government and certain parts of the information-security community and instead focus on those security researchers—whether in academia or industry—who are working to discover whether secure third-party access really is a contradiction in terms.
He focuses on the questions of secure vs secure enough, and wonders if we have explored the latter option thoroughly. The success of these systems will not come from amazing mathematical insights, but from hard work and security protocols – and that will then lead to the question of what to do with systems that do not have 3rd party access built into them. Do they then become illegal?
