Press Release: International Encryption Product Survey Finds 546 Non-US Products from 54 Countries
Findings point to negative impact on US Companies and Internet users
A newly completed international survey of encryption products found 546 different products from 54 different countries outside the US. This survey was headed by Bruce Schneier, as part of his Fellowship at the Berkman Center for Internet and Society at Harvard University.
The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to choose from. These foreign products offer a wide variety of secure applications—voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency—providing the same levels of security as US products do today.
Bruce Schneier said, “This is an important survey showing US-only restrictions will adversely affect US companies in this worldwide market. Criminals and terrorists will switch to more secure foreign alternatives, and the people who will be most affected are the innocent Internet users who don't know enough to use non-backdoored alternatives.”
Key findings of the report include:
- There are at least 865 hardware or software products incorporating encryption from 55 different countries. This includes 546 encryption products from outside the US, representing two-thirds of the total.
- The most common non-US country for encryption products is Germany, with 112 products. This is followed by the United Kingdom, Canada, France, and Sweden, in that order.
- The five most common countries for encryption products—including the US—account for two-thirds of the total. But smaller countries like Algeria, Argentina, Belize, the British Virgin Islands, Chile, Cyprus, Estonia, Iraq, Malaysia, St. Kitts and Nevis, Tanzania, and Thailand each produce at least one encryption product.
- Of the 546 foreign encryption products we found, 56% are available for sale and 44% are free. 66% are proprietary, and 34% are open source. Some for-sale products also have a free version.
- At least 587 entities—primarily companies—either sell or give away encryption products. Of those, 374, or about two-thirds, are outside the US.
- Of the 546 foreign encryption products, 47 are file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and 61 virtual private networking products.
The full paper is available for download: https://www.schneier.com/paper-worldwide.html.
About the Berkman Center for Internet & Society
Founded in 1997, the Berkman Center for Internet & Society at Harvard University is dedicated to exploring, understanding, and shaping the development of the digitally-networked environment. A diverse, interdisciplinary community of scholars, practitioners, technologists, policy experts, and advocates, we seek to tackle the most important challenges of the digital age while keeping a focus on tangible real-world impact in the public interest. Our faculty, fellows, staff and affiliates conduct research, build tools and platforms, educate others, form bridges and facilitate dialogue across and among diverse communities. More information at http://www.cyber.law.harvard.edu/.
About Bruce Schneier
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 12 books -- including the New York Times best-seller "Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World" -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard University, a board member of the Electronic Frontier Foundation, and an Advisory Board member of the Electronic Privacy Information Center. He is also the Chief Technology Officer of Resilient Systems, Inc.