After a two-year campaign from the FBI, U.S. intelligence officials, and powerful politicians calling for backdoor access into Americans’ encrypted data, a new Harvard study argues that encryption is a worldwide technology that the United States cannot regulate and control on its own.
The study, titled “A Worldwide Survey of Encryption Products,” aimed to catalog all the encryption products available online today. Researchers identified 546 encryption products from developers outside the U.S., a number representing two-thirds of the 865 that are available worldwide.
The point of the research is clear: There’s a whole world of cryptography outside the United States. Any U.S. law that mandates so-called “backdoors” in encryption technology—Sen. Richard Burr (R-N.C.) is currently writing a bill that may do just that—will just push the business outside American borders.
“If U.S. products are all backdoored by law, I guarantee you stuff coming out of Finland is going to make a big deal of that.”
The migration has already begun. Silent Circle, an encrypted communications company started in America, made the move to Switzerland in 2014 to avoid American government attempts to access their data.
Open-source projects that have their code freely available online and whose developers and supports are spread out across the world may be more “jurisdictionally agile” and able to move toward countries, like the Netherlands, that disavow backdoors, the study found.
The new study is authored by independent and Harvard researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar.
The researchers expect non-U.S. tech companies to take advantage of any anti-encryption policy to come out of America.
“The potential of an NSA-installed backdoor in U.S. encryption products is rarely mentioned in the marketing material for the foreign-made encryption products,” the study explains. “This is, of course, likely to change if U.S. policy changes.”
“If U.S. products are all backdoored by law, I guarantee you stuff coming out of Finland is going to make a big deal of that,” Schneier told the Daily Dot.
Despite pretensions about the superiority of American-made technology, non-U.S. encryption products are just as good as American made software, the study concluded.
“Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S. Both recent [National Institute of Standards and Technology] encryption standards—AES and SHA-3—were designed outside of the US, and the 4 submissions for those standards were overwhelmingly non-US. Additionally, the seemingly endless stream of bugs and vulnerabilities in US encryption products demonstrates that American engineers are not better their foreign counterparts at writing secure encryption software. Finally, almost all major U.S. software developers have international teams of engineers, both working in the U.S. and working in non-U.S. offices.”
FBI Director James Comey, the leading voice in the campaign against strong encryption, agrees with some of what the study concludes. Last year, Comey said the solution to “going dark” was to construct a legal regime spanning North America, Europe, and China that requires tech companies to build backdoors for governments into their products, effectively acknowledging that changes to U.S. law are not enough to stymie increased use of encrypted technology.
Thanks to stalwart rhetoric from Comey and other state and federal authorities, the debate over encryption has reached a new intensity in the last year. Across the divide, a virtual consensus of technologists from academia, industry, and civil society argue that backdoors into encryption will harm both the cybersecurity and privacy rights of Americans.
"So let me be crystal clear: Weakening encryption or taking it away harms good people who are using it for the right reason," Apple CEO Tim Cook, one of the most vocal and powerful defenders of encryption, said in 2015.
Even former NSA chief Michael Hayden stands firmly against government backdoors into encryption.
But powerful figures like Comey and Manhattan District Attorney Cyrus Vance, Jr. have been vocal opponents of the rising popularity of encryption.
Apple's “unilateral decision” to encrypt iPhones will harm American national security by allowing “homegrown violent extremists and terrorists to communicate with each other, to send messages without law enforcement being able to identify what they’re saying,” Vance argued last year.
Because they encrypt data on the device, he added, iPhones are going to be "the terrorists community device of choice."
Illustration via Max Fleishman