Study finds that anti-crypto laws won't work on an international stage

A new report shows that anti-crypto laws wouldn't change a thing, as criminals would simply look globally

rubiks globe
Credit: Alan Kotok

In response to attempts to put restrictions on encryption technology, a new report surveys 546 encryption products in 54 countries outside the United States, out of 865 hardware and software products total.

The report demonstrates that encryption technology is very international in nature and that it is impossible for local regulations to have any effect on it, said Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard University,

"The cat is out of the bag," he said. "It is an international world. All the research is international and has been for decades. All the conferences are international and have been for decades."

Schneier is also the CTO of security vendor Resilient Systems.

U.S.-based encryption vendors might have more market share, he said, pointing to Apple, but there is nothing to indicate that American encryption is superior to that found elsewhere.

"The standard encryption algorithm, AES, was developed by a team from Belgium," he said. "Another standard, a hash function standard, was developed by an international team as well. It's not that Americans are worse -- it's just a big world."

In addition, technology companies typically have international teams of employees.

If the U.S. government restricts the export of encryption technology, or mandates back doors in U.S.-made encryption products, then both legitimate customers as well as criminals and terrorists can easily switch to encryption products from other vendors.

Back doors don't just make private communications accessible to government agencies, but can also weaken the security of the encryption tools for everyone.

It is possible that other countries have installed backdoors in some of their products, Schneier admitted, and that the U.S. government may try to avoid some of the adverse public relations consequences of back doors by installing its own backdoors secretly.

"Let's say the government has a camera in your bedroom and doesn't tell you about it -- are you OK with it if you don't know about it?" he said. "It makes it worse. And when the stuff gets out -- like the Snowden documents did -- then you look really bad."

According to the report, 44 percent of the foreign encryption products were free and 56 percent were sold commercially. In addition, 34 percent were open source.

Among the 546 foreign encryption products, there were 47 file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and 61 virtual private networking products.

There was no difference in advertised strength of encryption products produced in or outside the US, the report said. Both domestic and foreign encryption products regularly use strong published encryption algorithms such as AES.

The US had more encryption products than any other country, with a total of 304.

Germany was in second place with 112, followed by United Kingdom with 54, Canada with 47, France with 41, and Sweden with 33.

This story, "Study finds that anti-crypto laws won't work on an international stage" was originally published by CSO.