New Survey Suggests US Encryption Ban Would Just Send Market Overseas

If the US government tries to strong-arm American companies into ending the sale of products or applications with unbreakable encryption, the technology won't disappear, a group of researchers conclude in a new report. It would still be widely available elsewhere.

Some US law enforcement officials argue that unbreakable encryption is interfering with legal surveillance of suspected criminals and terrorists. And some members of Congress are pushing for a nationwide requirement that encryption allow for law-enforcement access.

But the three researchers—Bruce Schneier, a cryptologist and fellow at the Berkman Center for Internet & Society, Kathleen Seidel, an independent researcher, and Saranya Vijayakumar of Harvard—compiled a list of at least 865 hardware and software encryption products available in 55 different countries. More than 500 of them come from outside of the United States.

"The report calls into question the efficacy of any US mandates forcing backdoors for law-enforcement access. Anyone who wants to avoid US surveillance will have 546 competing products to choose from," Schneier wrote in a press release.

"Any US-only restrictions will adversely affect US companies in this worldwide market," he continued.

"Criminals and terrorists will switch to more secure foreign alternatives, and the people who will be most affected are the innocent Internet users who don't know enough to use non-backdoored alternatives," he wrote.

It's not entirely clear which overseas encryption products are truly unbreakable, and which have been compromised by government surveillance backdoors. Even so, Schneier and his co-authors insist that "cryptography is very much a worldwide academic discipline" and "there is no reason to believe that foreign-designed or foreign-developed encryption products are any worse (or better) than their US counterparts."

Categories: Articles, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.