@article{AABBx15y,
  author =       { Harold ``Hal'' Abelson and Ross Anderson and Steven M. Bellovin and Josh Benaloh and
                   Matthew Blaze and Whitfield ``Whit'' Diffie and John Gilmore and Matthew Green and
                   Peter G. Neumann and Susan Landau and Ronald L. Rivest and Jeffrey I. Schiller and
                   Bruce Schneier and Michael Specter and Daniel J. Weitzner },
  title =        { Keys Under Doormats },
  journal =      { Comm. ACM },
  date =         { 2015-10 },                   
  volume =       { 58 },
  number =       { 10 },
  pages =        { 24--26 },
  url =          { http://cacm.acm.org/magazines/2015/10/192382-keys-under-doormats/fulltext },
  OPTyear =      { 2015 },
  OPTkey =       {},
  OPTtype =      {},
  OPTaddress =   {},
  OPTmonth =     { October, },
  OPTnote =      {},
  OPTannote =    {},
  doi =          { 10.1145/2814825 },                  
  htmlnote =     { For full report see <a href="#AABBx15">AABBx15</a>. },
  abstract =     { Twenty years ago, law enforcement organizations
                  lobbied to require data and communication services
                  to engineer their products to guarantee law
                  enforcement access to all data. After lengthy debate
                  and vigorous predictions of enforcement channels
                  going dark, these attempts to regulate the emerging
                  Internet were abandoned. In the intervening years,
                  innovation on the Internet flourished, and law
                  enforcement agencies found new and more effective
                  means of accessing vastly larger quantities of
                  data. Today, we are again hearing calls for
                  regulation to mandate the provision of exceptional
                  access mechanisms.
                  \par
                  In this column, a group of
                  computer scientists and security experts, many of
                  whom participated in a 1997 study of these same
                  topics, explore the likely effects of imposing
                  extraordinary access mandates. We have found the
                  damage that could be caused by law enforcement
                  exceptional access requirements would be even
                  greater today than it would have been 20 years
                  ago. In the wake of the growing economic and social
                  cost of the fundamental insecurity of today's
                  Internet environment, any proposals that alter the
                  security dynamics online should be approached with
                  caution. Exceptional access would force Internet
                  system developers to reverse forward-secrecy design
                  practices that seek to minimize the impact on user
                  privacy when systems are breached. The complexity of
                  today's Internet environment, with millions of apps
                  and globally connected services, means new law
                  enforcement requirements are likely to introduce
                  unanticipated, hard-to-detect security flaws. Beyond
                  these and other technical vulnerabilities, the
                  prospect of globally deployed exceptional access
                  systems raises difficult problems about how such an
                  environment would be governed and how to ensure such
                  systems would respect human rights and the rule of
                  law.  },
}