This post is also available in: עברית (Hebrew)
US can’t be successful in banning encryption as it is a global phenomenon, according to Harvard study.
Despite over two years’ efforts by the CIA and FBI to introduce government backdoors into commercial products that employ encryption, with far-flung support from across the political spectrum, a new study from Harvard should dampen the mood a bit. The study argues that encryption is a global technological phenomenon that the US cannot regulate on its own.
“A Worldwide Survey of Encryption Products” aims to examine and catalogue all currently available encryption products. Nearly 550 products were identified from developers outside of the United States, some two thirds of the 865 products available.
The inescapable conclusion is that the majority of cryptography is done outside the US. Any law that would mandate breaking cryptography in the US would just make the developers migrate to a friendlier country.
This conclusion is not merely a dire warning, it’s already happening: the migration has begun. Silent Circle, an encrypted communications provider, moved to Switzerland in 2014 to avoid US government attempts at gaining access to data.
The study suggests that open-source projects, with a diverse global developer base, and whose code is freely available online, can be even more “jurisdictionally agile.”
The team behind the study – independent and Harvard’s security researchers Bruce Schneier, Saranya Vijayakumar, and Kathleen Seidel – expect non-US companies to exploit the growing tension of the American anti-encryption atmosphere to grow their business.
“The potential of an NSA-installed backdoor in U.S. encryption products is rarely mentioned in the marketing material for the foreign-made encryption products,” the study reads. “This is, of course, likely to change if U.S. policy changes.”
“If U.S. products are all backdoored by law, I guarantee you stuff coming out of Finland is going to make a big deal of that,” Schneier told the Daily Dot.