> Going after systems that have over a million users would leave a pretty big loophole for niche vendors and open source. But with such a big precedent, those could easily be targeted later.
Smaller just don't have to do it proactive, but can be required to do it later.
> the Attorney General can simply command it to build one, using what’s called an “assistance capability directive.” (If it does already have that capability, the AG can use the directive to command it to maintain it.) That isn’t limited to the million-plus club; any provider can be served with such a directive. That is, the “big” providers have to proactively design for decryptability, and the “little guys” with less than a million U.S. users better gird their loins
Smaller just don't have to do it proactive, but can be required to do it later.
> the Attorney General can simply command it to build one, using what’s called an “assistance capability directive.” (If it does already have that capability, the AG can use the directive to command it to maintain it.) That isn’t limited to the million-plus club; any provider can be served with such a directive. That is, the “big” providers have to proactively design for decryptability, and the “little guys” with less than a million U.S. users better gird their loins