| The cost-benefit analysis is interesting: > If one already has an effective level of security — say, by way of illustration, one that protects against 99 percent of foreseeable threats — is it reasonable to incur massive further costs to move slightly closer to optimality and attain a 99.5 percent level of protection even where the risk addressed is extremely remote? > if the choice is between a world where we can achieve a 99 percent assurance against cyber threats to consumers, while still providing law enforcement 80 percent of the access it might seek; or a world, where we have boosted our cybersecurity to 99.5 percent but at a cost reducing law enforcements access to zero percent — the choice for society is clear. One issue with all proposals around this, is risk = probability X impact. While the above speaks to the risk, the impact of malicious actors having their hands on masterkeys would be insta-access to any & all gov-mandated communication channels, to the exact same access level as warrants would afford. While the attorney is right, that so far most corp master certificates have not been compromised, none of those had this pricetag attached to it. And the impact of this would be retroactively applicable -ie for any present-day communication, we'll be taking on faith that no future masterkeys will be leaked, ever. I would not take that bet; and so far, neither did insurance companies. |