Despite the risks to online commerce, international high-tech sales, security of trade secrets and the fact that it won\u2019t actually make encryption useless to criminals, decryption backdoors to let law enforcement access encrypted communications could become U.S. law in 2016 \u2013 and a nightmare to enterprises \u2013 especially if terrorists succeed in carrying out major acts of violence.So far the arguments against such a law have prevailed, but that could change if public opinion turns strongly in favor of it, which is more likely in the wake of events that generate fear.\u00a0Read all the stories that predict what is to come in 2016 +Following the killings in Paris and San Bernardino, Calif., this year, legislators in Congress renewed a push to require businesses that sell encrypted hardware, software and services to create a way to unlock the encryption when ordered to do so by a judge.If backdoors become law, complying could mean overhauling or recalling vast amounts of backdoor-free encryption gear already deployed by businesses, a potential financial and logistical nightmare for enterprises and the vendors who make the gear. It could affect commonly used VPN and remote access platforms as well as device encryption used to secure corporate mobile devices containing sensitive information.It\u2019s impossible to know the scope of such a law since there is no draft, just broad talk from lawmakers interested in giving law enforcement a new investigatory tool.Two top lawmen \u2013 FBI Director James Comey and New York\u2019s Manhattan District Attorney Cyrus Vance, Jr. \u2013 strongly advocate for such a law to help stop terrorists, kidnappers, child pornographers and other criminals. Neither cites a case in which a criminal act could have been prevented with such backdoors, but they paint compelling pictures of the possibilities.A report by Vance\u2019s office cites cases in which evidence gleaned from smartphones that did have backdoors contributed to convictions for murder, rape and sex trafficking. That access to phones was undermined when Apple and Google made it so they cannot unlock their phones, only users can, the report says. \u201c[A]llowing a phone to be locked such that it would be beyond the reach of lawful searches and seizures was unprecedented, and posed a threat to law enforcement efforts,\u201d Vance\u2019s office writes.+More on Network World: US Homeland Security wants heavy-duty IoT protection+Comey testified to the Senate Judiciary committee last week that terrorists know about hardware and software that can\u2019t be decrypted and they use it routinely. \u201cThere\u2019s no doubt that use of encryption is part of terrorist tradecraft now because they understand the problems we have getting court orders to be effective when they\u2019re using these mobile messaging apps especially that are end-to-end encrypted,\u201d he says. \u201cWe see them talking about that all over the world it is a feature especially of ISIL\u2019s tradecraft.\u201dVance seeks federal legislation that would require that any smartphone sold in the U.S. must be able to have the data on it accessed by the operating system designer. \u201cIt would require, simply, that designers and makers of operating systems not design or build them to be impregnable to lawful governmental searches,\u201d he writes.Senators are also talking about making it possible to decrypt communications not just data stored on devices.President Obama in a televised speech after the San Bernardino shootings called loosely for unspecified technology \u2013 possibly backdoors \u2013 to help fight terrorism. \u201cAnd that is why I will urge high tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice,\u201d he said.He\u2019s not necessarily referring to ways that secret messages could be decrypted - he avoided calling for legislation to bring that about earlier this year - but the political environment could push things in that direction.There is precedent for it, says Phil Zimmermann, who successfully fought encryption backdoors two decades ago during the so-called Crypto Wars of the 1990s when the government pushed to limit access to uncrackable cryptography. It included mandated use of the Clipper Chip \u2013 with a built-in crypto backdoor \u2013 in mobile phones.He points to the passage of the U.S. Patriot Act in 2001 just six weeks after the 9\/11 attacks, a sweeping law that has been used for purposes beyond fighting terrorism for which it was written. \u201cWhen you put a law in place at times of emergency, it can be used for a lot of things,\u201d he says. \u201cIf you press for backdoors it would create effects that would be with us for many years.\u201dAmit Yoran, president of RSA, makes a similar observation. \u201cThere\u2019s certainly a Patriot Act opportunity at the ready,\u201d he says, in which an emotional response to specific acts could prevail, despite widespread lack of support for it. \u201cExcept for the FBI there\u2019s a uniform dislike of this policy at senior levels in the intelligence community.\u201dThe National Security Council drafted a report for Obama this fall that concluded, \u201c[T]his approach would reduce cybersecurity.\u201dIf enacted, such a law would create big problems for enterprises, says John Pironti, president of\u00a0 IP Architects, who consults with businesses on how to secure their networks and data. Complying would be beyond the resources of small and midsize businesses, which would have to rely on service providers and encryption vendors to overhaul or replace existing encryption infrastructure.From the vendor side, it would mean establishing and maintaining secure infrastructure to house the keys they would need to break encryption on their products. \u201cThe cost of maintaining something like that is enormous,\u201d Pironti says. \u201cIt\u2019s less expensive not to have the ability.\u201dYoran says RSA \u201cwouldn\u2019t do it\u201d if laws required backdoors. RSA is getting out of the encryption business, because \u201cit\u2019s not part of our vision for the future,\u201d he says. It\u2019s an open question whether the company would make modifications to its encryption products already sold.Pironti says he wouldn\u2019t do it either. \u201cI\u2019m not going to work with a client to degrade technology to decrypt,\u201d he says. \u201cThey would rely on the vendors.\u201dDesigning in a way to decrypt encrypted messages creates guaranteed weak points in the security of the encryption, says Zimmermann, leaving the system more open to cracking by unauthorized parties.Pironti says setting up a way to protect encryption keys would be hard. \u201cHow do I protect this in a way it can\u2019t be used for malicious purposes by a malicious party or an insider?\u201d he says.A prime reason not to create backdoors is that malicious actors - who are already criminals - will use technology created outside the jurisdiction of U.S. laws or build their own, Pironti says; the law wouldn\u2019t be effective.Peter Swire, a professor at the Scheller College of Business at the Georgia Institute of Technology, testified to the Senate Judiciary Committee this year that the downside of such a law would be widespread.\u201c[G]overnment-mandated vulnerabilities would threaten severe harm to cybersecurity, privacy, human rights, and U.S. technological leadership, while not preventing effective encryption by adversaries,\u201d Swire says.