It's just a tacit admission that our telecommunications infrastructure - down to and including mobile handsets - is so thoroughly owned that there's simply no need to focus on encryption in the vast majority of cases.
For the first (and quite probably last) jury that I was on, The judge encouraged us to take notes, and the jury was allowed to submit written questions to the judge at any time during the trial, who could then determine if they would be asked of the prosecution and defense lawyers, and potentially witnesses. We received specific instructions about how to submit questions from the judge prior to the start of the trial.
3 or 4 of us did so over the course of a 9-ish day trial. That was 12, 13 years ago in Maricopa County Superior Court. I have no idea if the rule is still in effect, but the answers to my questions definitely had an impact with respect to how I voted on one of the counts in front of us.
Also, once we got into deliberations, the jury was able to request evidence submitted by both sides for further up close and hands on inspection for discussion without the judge or lawyers present. We requested and were allowed to inspect and discuss without the judge or lawyers present.
It was a good model. No idea if its still in place or not. I hope so.
Yeah, that's an awfully big caveat, even for a politician.
In the real world, he doesn't get to implement that caveat. The Chinese pass a law, which is as entirely valid as a law passed in the US, and now they have an entirely legal reason to demand the unicorn-key.
"Them, they, us, good guys, bad guys". A large part of the problem with the debate is that it's not sufficiently personal for those directly involved with it.
"Mr. Comey, please state for the record that you are comfortable with law enforcement and intelligence community members (whom have a legitimate interest, albeit under an entirely separate justice system) from Russia and China utilizing the Unicorn-key you're suggesting we mandate to decrypt all of your personnel correspondence and financial information, at will and without your knowledge."
or maybe one better:
"Mr. Comey, are you prepared to explain to Mr. Chaney that staffers at the International Court of Justice in The Hague, Netherlands, utilized your mandated Unicorn-key to acquire sufficient privileged information to indict Mr. Chaney on War Crimes related charges which led to the extradition warrant in front of me?"
"presumably these corporations would not be compelled to respond to warrants from other nations, but would be for US-issued warrants."
Or money. money is also compelling. Especially when you've got a country sized bank account. Ask the staff over at the Hacking Team.
Also on the list of compelling things: blackmail, drugs, a gun to your significant other(s) (and/or children(s) ) heads, etc. In fact, most people would find any of these more compelling on a personal, visceral basis than a little piece of paper with "warrant" printed on it.
And if you're going to build in a master key that unlocks pretty much all of the interesting crypto in the country, none of the above items are melodramatic scenarios.
"There's some truth to this theory. Tech companies are particularly wary of appearing to be complicit in government surveillance programs as a couple of years of leaks have done considerable damage to their prospects in foreign markets.
It's not just the perception of being complicit that's a problem for companies - the odds of being able to stay secretly complicit are decreasing by the week:
Hacking Team’s Remote Control System software — which can infect a target’s computer or phone from afar and steal files, read emails, take photos and record conversations — has been sold to government agencies in Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, Sudan, Azerbaijan and Turkey.
Oh, and apparently to a variety of US Government agencies (state and federal levels).
It warms my heart to to see that the good, well-meaning folks at Hacking Team were only selling their law-enforcement friendly spyware to US Designated "good guys", and weren't in any way influenced by the potential for financial gain by any countries listed by the US as repressive regimes. Oh. Wait...
"Your statement implies that surveillance is currently useful, when pretty much all evidence currently shows that its already pretty useless."
words like "useless" and "failed" are entirely dependent on a projects success criteria. And a project can have multiple success criteria.
Granted, the "obvious" success criteria is "find terrorists". But there are other, not quite so obvious potential success criteria here. Examples include, but aren't limited to:
distraction ("hey everyone, look over here at this useless program")
indoctrination - "in 5 years, people will be used to X, then we can implement Y"
funding support - "X isn't useful today, but will be given another $Y"
misdirection - "we've told the terrorists we found the location to their secret base via correlation of landmarks with satellite footage. Lets hope they don't figure out to turn off the location function on their smartphone camera and/or figure out how to strip exif data out of images."
"I wonder if he knew about the operational insecurity of the OPM? "
Maybe. Doesn't really matter.
"You have to admit that it would have saved an awful lot of hot mess if he had warned the government about it before it happened."
Unlikely. History shows - repeatedly - that such warnings - at best - would have been ignored and at worst would have been received with great hostility.
"In that case, he would have been awarded a medal for it and given a better job."
No. Having embarrassed the Authorizing Official (required under FISMA, look it up) for whichever system it was, he'd have been lucky to have gotten the equivalent of an "atta boy, good job, go back to work" and subsequently having the report shelved, not be be looked at again until some reporter filed a FOIA request for it.
I mean, don't get me wrong - there's no question that this is really bad. But if we, as a country, continue to centralize information on everybody in the name of security, then before too many years have elapsed, we're going look back on this particular breach as being small scale and, dare I say it, quaint.
The US Government is big, and if they're going to successfully implement this mandate, they're going to need their own public root certificate authority to cost effectively sign all those new SSL Keys, and for the sake of simplicity, that root CA cert will need to be installed everywhere by default. Otherwise Grandpa is going to get a browser cert error when he goes to www.irs.gov, and we can't have that.
Of course, once a root is installed, it can be used to sign certs for any web site.