Kerchoff’s Principle has long been a keystone of cryptographic security. That a crypto system should be secure, even if everything about the system is known, except for the key. This has resulted in robust cryptographic protocols, specifically because the protocols could be open and well researched. This same principle shows up in other areas of security under the axiom, “security through obscurity is not security”. If the security of a system fundamentally relies on the details of the system remaining a secret, then that system is inherently not secure. Having security systems based on open source protocols and software is this working in practice. By having everything open and available for a wide range of researches to test and validate, we can be more assured of the security of a system. Closed, proprietary protocols and software are a risk to organizations. They have no way of knowing if those closed systems are really well designed or a house of cards hiding behind a curtain.
The uproar is the same uproar that has always existed when government overreach threatens privacy. The question should never be, “why are you fighting this?” the question is, “why is this needed?” And the answer is that it is not. It’s yet another mnaufactured moral panic which is being pushed by the folks who want to destroy privacy. Some want that destruction for the privacy so that they can spy on and control others, the rest are dimwitted fools who believe that they can give up privacy to obtain some small measure of security. They are wrong and in the end will have neither privacy nor security.