A survey published in February blasts attempts by the US and other governments to weaken encryption products, demonstrating that such moves are utterly pointless given the global nature of encryption technology,
“Based on the marketing materials we read, there is no reason to believe that foreign-designed or foreign-developed encryption products are any worse (or better) than their US counterparts. Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the US.”
Government mandated backdoors are therefore utterly pointless, as there is no reason why people should not just switch to using products created in countries which do not require companies to deliberately weaken their security products,
“Anyone who wants to evade an encryption backdoor in US or UK encryption products has a wide variety of foreign products they can use instead: to encrypt their hard drives, voice conversations, chat sessions, VPN links, and everything else. Any mandatory backdoor will be ineffective simply because the marketplace is so international.”
This situation is further complicated by the fact that many (34 percent) security products are open source, and have what the report’s authors term “jurisdictional agility”. Such products defy regional laws as they are often developed by international teams and hosted on multiple servers across the world,
“Some products are developed and maintained by an international team without any clear leader. Some product developers go out of their way to hide their national origins. Belize, the British Virgin Islands, and St. Kitts and Nevis are tax and anonymity havens; the fact that a domain or corporation is hosted or incorporated there doesn’t guarantee that that’s where the developer is actually from. Finally, our survey includes. 16 products where we could not identify the country of origin.”
The report argues that backdoors will overwhelming affect innocent users of products, and “criminals who are too stupid to realize that their security products have been backdoored or too lazy to switch to an alternative,” but that they would be ineffective against their real targets,
“The smart criminals that any mandatory backdoors are supposed to catch—terrorists, organized crime, and so on—will easily be able to evade those backdoors.”
A Worldwide Survey of Encryption Products was published by independent Harvard researchers Bruce Schneider, world-renowned cryptologist and fellow at the Berkman Center for Internet & Society, Kathleen Seidel, and Saranya Vijayakumar. It surveyed 855 hardware and software encryption products available in 55 different countries, of which over 500 originate outside the US.
A point not made in the report itself, but mentioned by Schneier in his introduction to the report, is that backdooring encryption products is bad for business, as the international nature of the market will ensure that customers simply buy and use products from countries where backdoors are not mandated.