US can't ban encryption because most of it comes from overseas

A US ban or backdoor mandate would adversely affect US companies, said Harvard report.
Written by Zack Whittaker, Contributor
(Image: file photo via CBSNews.com)

If the US government tried to ban or outlaw unbreakable encryption, it could harm American businesses, whose customers would simply look for secure products abroad, a group of researchers have said.

Because the majority of encrypted products today are developed abroad, any effort by the US government to strong-arm companies away from providing secure products would put them "at a competitive disadvantage in the information security market," concluded the Harvard report, written by security researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar.

The report's stark conclusion is that any law "regulating product features are national, and only affect people living in the countries in which they're enacted."

In other words, any such law

US law enforcement have in recent years argued that the rise in encryption and secure messaging, partly in response to the uncovering of mass surveillance in documents leaked by whistleblower Edward Snowden, is helping criminals and terrorist go "dark," a metaphor the FBI has repeatedly used to describe its inability to read messages and tap communications.

Lawmakers in California and New York state have introduced legislation to ban the sale of smartphones and devices that provide encryption, like most iPhones, and newer Android phones.

But the researchers concluded that any law mandating encryption backdoors who would "easily be able to switch to more-secure alternatives."

The methodology was simple: the research was a rerun of a report done in 1999 to see which products and services come from which country. Out of the 865 products incorporating encryption across 55 countries, 546 products were from outside the US, representing two-thirds of the total.

In other words, as Schneier pointed out in a press release: "Anyone who wants to avoid US surveillance will have 546 competing products to choose from."

"Any mandatory backdoor will be ineffective simply because the marketplace is so international," said the report. "Yes, it will catch criminals who are too stupid to realize that their security products have been backdoored or too lazy to switch to an alternative, but those criminals are likely to make all sorts of other mistakes in their security and be catchable anyway."

Editorial standards