Most encryption products far beyond reach of US law enforcement
If Washington forces American tech companies to give law enforcement access to encrypted communication, it might not provide the advantage investigators want when tracking terrorists or criminals.
Companies outside the US听are responsible for nearly two-thirds of tech products听that offer some form of encryption, according to a study released Thursday from renowned cryptographer Bruce Schneier. Because those firms are beyond the reach of US laws, he said, anyone who wants to avoid American intelligence agencies or police eavesdropping听could simply switch to another secure platform.
"There's this weird belief that if the US law makes a change, that it affects things," said Schneier, chief technology officer of the security firm Resilient Systems and a fellow at听Harvard University's Berkman Center for Internet and Society.听"This is a much more international market."
Schneier analyzed听865 hardware and software products in 54 countries (including the US) that offer some form of encryption. Some of the smaller firms, he found, capitalize on the protection the international market offers by storing source code in multiple countries, making it easier for them to relocate if the laws in one country become unfavorable to encryption.
The study comes as the American tech sector is听mired in a debate听with听senior law enforcement and intelligence officials听over access to communication that's encrypted on consumer devices. Some law enforcement officials, for instance,听want companies such as听Apple and Google to听ensure the government can access encrypted data听when agents have a warrant.
听this week, FBI director James Comey said encryption has prevented his bureau from getting into a phone belonging to one of the perpetrators of the听San Bernardino, Calif., terrorist attack.听
While some FBI听officials have acknowledged there could be security cost听associated with giving听agencies ways to access encrypted听communications, many in law enforcement say it's worth the risk if it means thwarting a terrorist attack.
But Schneier wants to debunk that reasoning.听
"The argument is that that vulnerability is worth it because police can catch criminals," said听Schneier. "Well, that鈥檚 not true because the criminals will switch [products]. So you鈥檙e left with the cost and not getting the benefit."
Privacy advocates and most tech companies agree that building a so-called "backdoor" into听encrypted communications puts consumers at a greater risk of being targeted by criminal hackers. What's more, privacy advocates argue, if tech companies give the US government access to encrypted data, other governments could seek similar avenues to surveil activists, journalists, and political dissidents.听
But even buying products from companies based outside the US doesn't necessarily guarantee data is immune from US snooping. Britain and the US to potentially allow the US to compel British tech companies to hand over American data, and give Britain the same power in the US.
Schneier鈥檚 survey听听that听looked at the availability of foreign encryption products after the US government placed export restrictions on encryption software. That ban gave rise to region-specific markets for those looking to evade government surveillance by using encryption. Geographic location matters much less in today's market, however, because the Internet allows consumers to buy encryption products from around the world. 听
Secure communications company Silent Circle, for instance, is based in Switzerland but has customers in many different countries. It moved its headquarters to听Le Grand-Saconnex outside Geneva in 2014 specifically because the Swiss enjoy听
"Having a pro-privacy stance from the government [of the country] that the company was based in was not only valuable to us as a statement to our customers, but also valuable to the mission itself where you at least have a backing for it,鈥 said Jon Callas, cofounder of Silent Circle.
Given the nature of the digital economy and the Internet, Mr. Callas said, the US simply can't听exercise its power when it comes to encryption.听"The idea that any one country can control what is essentially applied mathematics is just absurd."
听
