A new report shows that anti-crypto laws wouldn't change a thing, as criminals would simply look globally
In response to attempts to put restrictions on encryption technology, a new report surveys 546 encryption products in 54 countries outside the United States, out of 865 hardware and software products total.
The report demonstrates that encryption technology is very international in nature and that it is impossible for local regulations to have any effect on it, said Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard University,
"The cat is out of the bag," he said. "It is an international world. All the research is international and has been for decades.
Anyone seeking to keep their data hidden could use hundreds of encryption services offered by companies outside the US if Washington compels tech companies to decrypt communications.
If Washington forces American tech companies to give law enforcement access to encrypted communication, it might not provide the advantage investigators want when tracking terrorists or criminals.
Companies outside the US are responsible for nearly two-thirds of tech products that offer some form of encryption, according to a study released Thursday from renowned cryptographer Bruce Schneier. Because those firms are beyond the reach of US laws, he said, anyone who wants to avoid American intelligence agencies or police eavesdropping could simply switch to another secure platform.
"There's this weird belief that if the US law makes a change, that it affects things," said Schneier, chief technology officer of the security firm Resilient Systems and a fellow at Harvard University's Berkman Center for Internet and Society.
In recent months, the FBI has been pushing for stronger US restrictions on encryption — but a new report from Harvard's Berkman Center suggests such laws reach only a small portion of the relevant products. Taking a census of 865 different encryption products from around the world, the report finds that roughly two-thirds are produced and distributed overseas, outside the jurisdiction of US law. Germany was the biggest source of non-US crypto, with 112 separate products either for sale or available free. Just over a third of the foreign products make their code available as open source.
Just today, security technologist and author Bruce Schneier, along with Kathleen Seidel and Saranya Vijayakumar, unveiled a new international survey of encryption products compiled as part of his fellowship at the Berkman Center for Internet and Society at Harvard University. The survey found a total of 865 hardware or software products incorporating encryption from 55 different countries, 546 (around two-thirds) of which were from outside the US. The products included voice encryption, file encryption, email encryption, and text message encryption products, as well was 61 VPNs.
The worldwide survey shows that encryption products are widely available internationally, indicating that any US restrictions on unbreakable crypto are far less likely to thwart terrorists and criminals (who can switch to more secure foreign alternatives) as much as they will negatively impact US companies' bottom line and the safety and security of everyday internet users who typically don't spend a lot of time worrying about encryption.
Like playing a frustrating game of whack-a-mole
In 1999, when a fierce crypto war was raging between governments and developers, researchers undertook a global survey of available encryption products.
Now security guru Bruce Schneier and other experts have repeated the exercise, and it spells bad news for those demanding backdoors in today's cryptography.
The latest study analyzed 865 hardware and software products incorporating encryption from 55 countries, with a third of them coming from the US. That's up from 805 in 35 countries in 1999.
If the US government tries to strong-arm American companies into ending the sale of products or applications with unbreakable encryption, the technology won't disappear, a group of researchers conclude in a new report. It would still be widely available elsewhere.
Some US law enforcement officials argue that unbreakable encryption is interfering with legal surveillance of suspected criminals and terrorists. And some members of Congress are pushing for a nationwide requirement that encryption allow for law-enforcement access.
An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.
The report, prepared by researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors advocated by FBI Director James Comey and other US officials.
Findings point to negative impact on US Companies and Internet users
A newly completed international survey of encryption products found 546 different products from 54 different countries outside the US. This survey was headed by Bruce Schneier, as part of his Fellowship at the Berkman Center for Internet and Society at Harvard University.
The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access.
The Boston Global Forum held a 60-minute dialogue with Bruce Schneier on Sony and the future of cyber conflict.
Organizations are overwhelmed with security alerts—far more than they can reasonably manage. Incident response orchestration and automation can go a long way in helping teams resolve security events faster and more effectively.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.