I've often heard not that "insecure endpoints represent a good compromise" but instead that since:
1. endpoints are vulnerable because they are exceptionally hard to secure,
2. and attacking endpoints can be targeted and specific,
the governments case that weakening encryption is necessary for warranted search is weak. Even with strong encryption the government can exploit the targeted communicant's endpoint to learn either the plaintext or the encryption keys. This isn't a compromise so much as a statement of reality and what is likely to remain reality for some time to come. Weakening encryption, for the most part, provides benefits to the government in the form of mass surveillance, but for a variety of reasons doesn't offer much benefit in the form of limited, specific searches.
>making truly secure computing a reality for computer users,
We can make endpoints more secure, but I see no path to endpoint security that will keep out a determined well resourced adversary.
You get what you pay for. Right now, endpoint systems are undefended, even intentionally compromised. The design of endpoint systems assumes all components can be trusted. But those components don't usually undergo testing for vulnerabilities and hidden capabilities.
1. endpoints are vulnerable because they are exceptionally hard to secure,
2. and attacking endpoints can be targeted and specific,
the governments case that weakening encryption is necessary for warranted search is weak. Even with strong encryption the government can exploit the targeted communicant's endpoint to learn either the plaintext or the encryption keys. This isn't a compromise so much as a statement of reality and what is likely to remain reality for some time to come. Weakening encryption, for the most part, provides benefits to the government in the form of mass surveillance, but for a variety of reasons doesn't offer much benefit in the form of limited, specific searches.
>making truly secure computing a reality for computer users,
We can make endpoints more secure, but I see no path to endpoint security that will keep out a determined well resourced adversary.