Harvard researchers Bruce Schneier and Saranya Vijayakumar teamed up with independent researcher Kathleen Seidel to survey encryption technologies from around the world to see whether an encryption ban in the U.S. would have any effect on other nations.
The researchers discovered that although the U.S. is the country with the most encryption products, two thirds of the encryption products (546 out of 865) are from other countries. Their conclusion was that even if the U.S. bans strong encryption, not only would users still find a way to use strong encryption, but many American companies would switch headquarters outside of the U.S., too.
This migration has in fact already started post-Snowden revelations, when some of the companies selling products or services with strong encryption thought they couldn’t trust the U.S. government to not interfere anymore. It also didn’t help that the founder of Lavabit came out saying the U.S. government forced him to shut down his encrypted email company before giving law enforcement access to all his customers’ emails.
Germany currently has the largest number of encryption products after the U.S. (112 products) and is followed by the UK, Canada, France and Sweden. Germany has one of the best privacy regulations in the world. It also exists within the European Union, which also has some strong privacy protections across the board, and Germany has to abide by those, as well.
Germany has a strong economy and is a major gateway to the rest of Europe. It’s likely that if encryption was banned in the U.S., many American companies would switch their headquarters there. Germany has a strong hacker culture (in the positive sense) considering that it hosts the largest hacker association in Europe, the Chaos Computer Club. Therefore it has a more than welcoming culture towards strong encryption and privacy.
The researchers argued in their paper that if the U.S. passes a backdoor law, it would give vendors from other countries an opportunity to include that in the sales pitch for their own products.
France recently rejected its own ban on strong hardware encryption, arguing that it could hurt the country economically. In the U.S., New York and California are trying to pass a similar law, but more recently, a bill appeared in Congress to ban state-level encryption backdoor laws at the federal level. This would at least ensure that one or two states can’t hold companies hostage by forcing them to sell a backdoored product to the whole country.
"It is completely technologically unworkable for individual states to mandate different encryption standards in consumer products," Lieu told Reuters in an interview. "Apple can't make a different smartphone for California and New York and the rest of the country."
Whether a federal backdoor law may still pass later on, it’s still up for discussion, as Senators John McCain, Dianne Feinstein, and Richard Burr are currently working on such a bill. The moods in Congress seem to be against backdoors right now, but the supporters of such a bill may still try to sneak it through into another budget bill, much like they did with CISA, the de facto cyber-Patriot Act.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.