海角大神

If Washington forces American tech companies to give law enforcement access to encrypted communication, it might not provide the advantage investigators want when tracking terrorists or criminals.

Companies outside the US聽are responsible for nearly two-thirds of tech products聽that offer some form of encryption, according to a study released Thursday from renowned cryptographer Bruce Schneier. Because those firms are beyond the reach of US laws, he said, anyone who wants to avoid American intelligence agencies or police eavesdropping聽could simply switch to another secure platform.

"There's this weird belief that if the US law makes a change, that it affects things," said Schneier, chief technology officer of the security firm Resilient Systems and a fellow at聽Harvard University's Berkman Center for Internet and Society.聽"This is a much more international market."

Schneier analyzed聽865 hardware and software products in 54 countries (including the US) that offer some form of encryption. Some of the smaller firms, he found, capitalize on the protection the international market offers by storing source code in multiple countries, making it easier for them to relocate if the laws in one country become unfavorable to encryption.

The study comes as the American tech sector is聽mired in a debate聽with聽senior law enforcement and intelligence officials聽over access to communication that's encrypted on consumer devices. Some law enforcement officials, for instance,聽want companies such as聽Apple and Google to聽ensure the government can access encrypted data聽when agents have a warrant.

At a Senate hearing聽this week, FBI director James Comey said encryption has prevented his bureau from getting into a phone belonging to one of the perpetrators of the聽San Bernardino, Calif., terrorist attack.聽

While some FBI聽officials have acknowledged there could be security cost聽associated with giving聽agencies ways to access encrypted聽communications, many in law enforcement say it's worth the risk if it means thwarting a terrorist attack.

But Schneier wants to debunk that reasoning.聽

"The argument is that that vulnerability is worth it because police can catch criminals," said聽Schneier. "Well, that鈥檚 not true because the criminals will switch [products]. So you鈥檙e left with the cost and not getting the benefit."

Privacy advocates and most tech companies agree that building a so-called "backdoor" into聽encrypted communications puts consumers at a greater risk of being targeted by criminal hackers. What's more, privacy advocates argue, if tech companies give the US government access to encrypted data, other governments could seek similar avenues to surveil activists, journalists, and political dissidents.聽

But even buying products from companies based outside the US doesn't necessarily guarantee data is immune from US snooping. Britain and the US are currently in talks to potentially allow the US to compel British tech companies to hand over American data, and give Britain the same power in the US.

Schneier鈥檚 survey聽replicated a 1999 study聽that聽looked at the availability of foreign encryption products after the US government placed export restrictions on encryption software. That ban gave rise to region-specific markets for those looking to evade government surveillance by using encryption. Geographic location matters much less in today's market, however, because the Internet allows consumers to buy encryption products from around the world. 聽

Secure communications company Silent Circle, for instance, is based in Switzerland but has customers in many different countries. It moved its headquarters to聽Le Grand-Saconnex outside Geneva in 2014 specifically because the Swiss enjoy聽constitutional data protections.

"Having a pro-privacy stance from the government [of the country] that the company was based in was not only valuable to us as a statement to our customers, but also valuable to the mission itself where you at least have a backing for it,鈥� said Jon Callas, cofounder of Silent Circle.

Given the nature of the digital economy and the Internet, Mr. Callas said, the US simply can't聽exercise its power when it comes to encryption.聽"The idea that any one country can control what is essentially applied mathematics is just absurd."