Worldwide Encryption Products Survey
Today I released my worldwide survey of encryption products.
The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to choose from. These foreign products offer a wide variety of secure applications—voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency—providing the same levels of security as US products do today.
Details:
- There are at least 865 hardware or software products incorporating encryption from 55 different countries. This includes 546 encryption products from outside the US, representing two-thirds of the total.
- The most common non-US country for encryption products is Germany, with 112 products. This is followed by the United Kingdom, Canada, France, and Sweden, in that order.
- The five most common countries for encryption products—including the US—account for two-thirds of the total. But smaller countries like Algeria, Argentina, Belize, the British Virgin Islands, Chile, Cyprus, Estonia, Iraq, Malaysia, St. Kitts and Nevis, Tanzania, and Thailand each produce at least one encryption product.
- Of the 546 foreign encryption products we found, 56% are available for sale and 44% are free. 66% are proprietary, and 34% are open source. Some for-sale products also have a free version.
- At least 587 entities—primarily companies—either sell or give away encryption products. Of those, 374, or about two-thirds, are outside the US.
- Of the 546 foreign encryption products, 47 are file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and 61 virtual private networking products.
The report is here, here, and here. The data, in Excel form, is here.
Press articles are starting to come in. (Here are the previous blog posts on the effort.)
I know the database is incomplete, and I know there are errors. I welcome both additions and corrections, and will be releasing a 1.1 version of this survey in a few weeks.
EDITED TO ADD (2/13): More news.
Daniel • February 11, 2016 11:22 AM
Good work. I doubt that this will change minds because in my view the stance of the FBI has been primarily rhetorical to begin with, a red herring for other things that they want. (Ok, so we don’t get encryption, now we need HUGE budgets for targeted attacks).
One thing to keep in mind is that using foreign-based encryption is itself metadata and might cause one to be targeted on that basis alone for further investigation.