- Viral video shows an egg getting a hot makeover Tuesday 7:56 PM
- New Netflix feature broadcasts what you’re watching via Instagram Tuesday 6:11 PM
- Videos show alleged Covington teens harassing women, making rape jokes at march Tuesday 4:13 PM
- MAGA teen gets ‘Today Show’ interview—and people are pissed Tuesday 3:38 PM
- Family says hacker sent fake North Korean missile warning through Nest camera Tuesday 2:42 PM
- This Arizona bill would tax internet porn to fund a border wall Tuesday 2:41 PM
- This meme is asking people how they draw the letter X Tuesday 1:18 PM
- Charlie Kirk’s love of U.S. healthcare system put to the test after back problems Tuesday 1:12 PM
- Fyre Fest caterer who was left broke has received $160,000 in donations Tuesday 12:58 PM
- The YouTuber who taught a dog to give the Nazi salute on command can’t find a job Tuesday 12:24 PM
- The ‘oh yeah yeah’ meme is flooding YouTube—and KSI can’t deal Tuesday 12:20 PM
- Did this d*ck-drawing Instagram star steal her gag from a rival runner? Tuesday 12:00 PM
- Rep. Steve King, best known for his racism, tweets a fake MLK quote Tuesday 11:54 AM
- Facebook is helping husbands ‘brainwash’ their wives with targeted ads Tuesday 11:35 AM
- Twitch streamer Pink_Sparkles responds to gamers who don’t think she belongs Tuesday 11:29 AM
U.S. can’t ban encryption because it’s a global phenomenon, Harvard study finds
The U.S. isn’t the only country that makes crypto.
After a two-year campaign from the FBI, U.S. intelligence officials, and powerful politicians calling for backdoor access into Americans’ encrypted data, a new Harvard study argues that encryption is a worldwide technology that the United States cannot regulate and control on its own.
The study, titled “A Worldwide Survey of Encryption Products,” aimed to catalog all the encryption products available online today. Researchers identified 546 encryption products from developers outside the U.S., a number representing two-thirds of the 865 that are available worldwide.
The point of the research is clear: There’s a whole world of cryptography outside the United States. Any U.S. law that mandates so-called “backdoors” in encryption technology—Sen. Richard Burr (R-N.C.) is currently writing a bill that may do just that—will just push the business outside American borders.
“If U.S. products are all backdoored by law, I guarantee you stuff coming out of Finland is going to make a big deal of that.”
The migration has already begun. Silent Circle, an encrypted communications company started in America, made the move to Switzerland in 2014 to avoid American government attempts to access their data.
Open-source projects that have their code freely available online and whose developers and supports are spread out across the world may be more “jurisdictionally agile” and able to move toward countries, like the Netherlands, that disavow backdoors, the study found.
The new study is authored by independent and Harvard researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar.
The researchers expect non-U.S. tech companies to take advantage of any anti-encryption policy to come out of America.
“The potential of an NSA-installed backdoor in U.S. encryption products is rarely mentioned in the marketing material for the foreign-made encryption products,” the study explains. “This is, of course, likely to change if U.S. policy changes.”
“If U.S. products are all backdoored by law, I guarantee you stuff coming out of Finland is going to make a big deal of that,” Schneier told the Daily Dot.
Despite pretensions about the superiority of American-made technology, non-U.S. encryption products are just as good as American made software, the study concluded.
“Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S. Both recent [National Institute of Standards and Technology] encryption standards—AES and SHA-3—were designed outside of the US, and the 4 submissions for those standards were overwhelmingly non-US. Additionally, the seemingly endless stream of bugs and vulnerabilities in US encryption products demonstrates that American engineers are not better their foreign counterparts at writing secure encryption software. Finally, almost all major U.S. software developers have international teams of engineers, both working in the U.S. and working in non-U.S. offices.”
FBI Director James Comey, the leading voice in the campaign against strong encryption, agrees with some of what the study concludes. Last year, Comey said the solution to “going dark” was to construct a legal regime spanning North America, Europe, and China that requires tech companies to build backdoors for governments into their products, effectively acknowledging that changes to U.S. law are not enough to stymie increased use of encrypted technology.
Thanks to stalwart rhetoric from Comey and other state and federal authorities, the debate over encryption has reached a new intensity in the last year. Across the divide, a virtual consensus of technologists from academia, industry, and civil society argue that backdoors into encryption will harm both the cybersecurity and privacy rights of Americans.
“So let me be crystal clear: Weakening encryption or taking it away harms good people who are using it for the right reason,” Apple CEO Tim Cook, one of the most vocal and powerful defenders of encryption, said in 2015.
Even former NSA chief Michael Hayden stands firmly against government backdoors into encryption.
But powerful figures like Comey and Manhattan District Attorney Cyrus Vance, Jr. have been vocal opponents of the rising popularity of encryption.
Apple’s “unilateral decision” to encrypt iPhones will harm American national security by allowing “homegrown violent extremists and terrorists to communicate with each other, to send messages without law enforcement being able to identify what they’re saying,” Vance argued last year.
Because they encrypt data on the device, he added, iPhones are going to be “the terrorists community device of choice.”
Illustration via Max Fleishman
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.