I'm not blaming anyone about it, what the hell do I know?
I do know I blame the need for security on people who decide to be crooks.
Strong encryption is pretty much a requirement these days because catching the crooks with the way the internet works is nearly impossible.
The problem is that the government does not like the strong encryption because they don't have a good way to decrypt the strong encryption.
The other problem is that writing strong encryption software is really really really really ****ing hard and you need to be incredibly smart. Smarter than most any developer is. So we all utilize common libraries, like OpenSSL to do it with. It's best that way because if everyone tried to write it themselves there would be nothing strong about it.
The problem arises when a problem in something like OpenSSL is found, because, then pretty much all software is vulnerable to the problem since that's what everyone uses.
Many of these attacks though in the real world just aren't very practical at all and very hard for an attacker to actually pull off. The guys that find these issues have really big heads and like to make them sound a lot more serious than they actually are...
Anyways, anything important will be patched, the world will keep turning, and we'll all keep using encryption that is incredibly difficult for the government to decrypt.
If every single piece of data flying around the internet is strongly encrypted (that is the direction things are going) it's pretty much impossible for the government to make sense of that data. Maybe they could attack one small piece and eventually after burning lots of energy decrypt it..but that'd be one small piece.
Really the internet is the best thing that has EVER happened to freedom. You can't regulate it. You can try..but good luck.
The crappiest weakest forms of encryption we use these days make Enigma look like a total joke. The stronger stuff, which is basically what is used for everything, is basically impossible to decrypt (properly implemented).
Computers are so damn fast these days that the penalties of using incredibly strong encryption is nil. That really rubs the Feds the wrong way.
There is strong evidence that the government intentionally created issues in encryption products years ago so that only they would know about the bugs and they could use them to decrypt. Of course, now that stuff is being found, and rapidly removed. It's a never ending battle for them to attempt to leak attacks into this stuff in advance...
Awareness is incredibly high these days that the government is doing this (thanks to guys like Snowden). That increased awareness is causing LOTS of people to audit all the encryption software that is used looking for bugs. That will mean lots of vulnerabilities are discovered for awhile and fixed.
People finding these vulnerabilities is a VERY GOOD THING. Because there is a strong chance the Feds already knew about them and were utilizing them.
Now you might ask...why care if the Feds can decrypt your data?
You should care because if they know of a way, that very likely means that people wanting to steal your data also know of that way, and will utilize that method to steal such data. For someone like me -- who is responsible for software that protects lots of credit card numbers -- it's the sort of thing that keeps me up at night.
