Study finds that anti-crypto laws won't work on an international stage

A new report shows that anti-crypto laws wouldn't change a thing, as criminals would simply look globally

In response to attempts to put restrictions on encryption technology, a new report surveys 546 encryption products in 54 countries outside the United States, out of 865 hardware and software products total.

The report demonstrates that encryption technology is very international in nature and that it is impossible for local regulations to have any effect on it, said Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard University,

"The cat is out of the bag," he said. "It is an international world. All the research is international and has been for decades. All the conferences are international and have been for decades."

Schneier is also the CTO of security vendor Resilient Systems.

U.S.-based encryption vendors might have more market share, he said, pointing to Apple, but there is nothing to indicate that American encryption is superior to that found elsewhere.

"The standard encryption algorithm, AES, was developed by a team from Belgium," he said. "Another standard, a hash function standard, was developed by an international team as well. It's not that Americans are worse -- it's just a big world."

In addition, technology companies typically have international teams of employees.

If the U.S. government restricts the export of encryption technology, or mandates back doors in U.S.-made encryption products, then both legitimate customers as well as criminals and terrorists can easily switch to encryption products from other vendors.

Back doors don't just make private communications accessible to government agencies, but can also weaken the security of the encryption tools for everyone.

It is possible that other countries have installed backdoors in some of their products, Schneier admitted, and that the U.S. government may try to avoid some of the adverse public relations consequences of back doors by installing its own backdoors secretly.

"Let's say the government has a camera in your bedroom and doesn't tell you about it -- are you OK with it if you don't know about it?" he said. "It makes it worse. And when the stuff gets out -- like the Snowden documents did -- then you look really bad."

According to the report, 44 percent of the foreign encryption products were free and 56 percent were sold commercially. In addition, 34 percent were open source.

Among the 546 foreign encryption products, there were 47 file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and 61 virtual private networking products.

There was no difference in advertised strength of encryption products produced in or outside the US, the report said. Both domestic and foreign encryption products regularly use strong published encryption algorithms such as AES.

The US had more encryption products than any other country, with a total of 304.

Germany was in second place with 112, followed by United Kingdom with 54, Canada with 47, France with 41, and Sweden with 33.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber security

More about AppleCSOHarvard University

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place