Trending

U.S. Encryption Ban Would Force Companies To Migrate, Say Researchers

By

Harvard researchers Bruce Schneier and Saranya Vijayakumar teamed up with independent researcher Kathleen Seidel to survey encryption technologies from around the world to see whether an encryption ban in the U.S. would have any effect on other nations.

The researchers discovered that although the U.S. is the country with the most encryption products, two thirds of the encryption products (546 out of 865) are from other countries. Their conclusion was that even if the U.S. bans strong encryption, not only would users still find a way to use strong encryption, but many American companies would switch headquarters outside of the U.S., too.

This migration has in fact already started post-Snowden revelations, when some of the companies selling products or services with strong encryption thought they couldn’t trust the U.S. government to not interfere anymore. It also didn’t help that the founder of Lavabit came out saying the U.S. government forced him to shut down his encrypted email company before giving law enforcement access to all his customers’ emails.

Germany currently has the largest number of encryption products after the U.S. (112 products) and is followed by the UK, Canada, France and Sweden. Germany has one of the best privacy regulations in the world. It also exists within the European Union, which also has some strong privacy protections across the board, and Germany has to abide by those, as well.

Germany has a strong economy and is a major gateway to the rest of Europe. It’s likely that if encryption was banned in the U.S., many American companies would switch their headquarters there. Germany has a strong hacker culture (in the positive sense) considering that it hosts the largest hacker association in Europe, the Chaos Computer Club. Therefore it has a more than welcoming culture towards strong encryption and privacy.

The researchers argued in their paper that if the U.S. passes a backdoor law, it would give vendors from other countries an opportunity to include that in the sales pitch for their own products.

France recently rejected its own ban on strong hardware encryption, arguing that it could hurt the country economically. In the U.S., New York and California are trying to pass a similar law, but more recently, a bill appeared in Congress to ban state-level encryption backdoor laws at the federal level. This would at least ensure that one or two states can’t hold companies hostage by forcing them to sell a backdoored product to the whole country.

"It is completely technologically unworkable for individual states to mandate different encryption standards in consumer products," Lieu told Reuters in an interview. "Apple can't make a different smartphone for California and New York and the rest of the country."

Whether a federal backdoor law may still pass later on, it’s still up for discussion, as Senators John McCain, Dianne Feinstein, and Richard Burr are currently working on such a bill. The moods in Congress seem to be against backdoors right now, but the supporters of such a bill may still try to sneak it through into another budget bill, much like they did with CISA, the de facto cyber-Patriot Act.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

Topics
Security
17 Comments Comment from the forums
  • falchard 11 February 2016 20:18
    They will call it the Cyber security and privacy act.
    Reply
  • skit75 11 February 2016 20:43
    I can't believe encryption back-doors are even being proposed.
    Reply
  • RazberyBandit 11 February 2016 20:44
    They will call it the Cyber security and privacy act.
    And it will grant neither...
    Reply
  • canadianvice 11 February 2016 21:06
    While I hate to use the gun nut line.... if private citizens don't have crypto, (there's no way to prevent them acquiring it) because they abide by the law - their information won't be useful.

    The people who are criminals, however, by definition have no respect for law, and so they will use strong encryption and literally no positive purpose for law enforcement under liberty will be served.

    Of course, I think we're beyond pretense now that this is to enforce the law under the standards of liberty.
    Reply
  • alidan 12 February 2016 03:16
    While I hate to use the gun nut line.... if private citizens don't have crypto, (there's no way to prevent them acquiring it) because they abide by the law - their information won't be useful.

    The people who are criminals, however, by definition have no respect for law, and so they will use strong encryption and literally no positive purpose for law enforcement under liberty will be served.

    Of course, I think we're beyond pretense now that this is to enforce the law under the standards of liberty.

    yea, but by that logic, we have a net on the internet right now, you use encrypted anything, its likely to be known, cracked, probably not, but known where its coming from... so if only the criminals use encryption, then you know right where to go.

    that said, even if my argument holds water, i want everyone to have encryption that no current machine can crack bruteforce, i literally don't care if there is a 9/11 2 in the works, stop impeding on my rights and my security because you are 50+ years old and think the internet is magic.
    Reply
  • targetdrone 12 February 2016 04:00
    Hypothetically writing lets say The US and UK get the backdoor they so desire for all encryption(there was an article just a few days back the UK wanted all government encrypted communications to have a backdoor).

    Now fast forward a few years when Snowden 2.0 Service Pack 666 gives the world that unlock code. Oh the Chaos will be epic.
    Reply
  • targetdrone 12 February 2016 04:04
    I can't believe encryption back-doors are even being proposed.

    It's a lot easier to propose this dribble than hold Government employees responsible for failing to do their jobs. These recent encryption ban proposes came as a result of the Paris and California terrorist attacks yet those terrorist transmitted everything in the open.
    Reply
  • tamalero 12 February 2016 08:04
    Hypothetically writing lets say The US and UK get the backdoor they so desire for all encryption(there was an article just a few days back the UK wanted all government encrypted communications to have a backdoor).

    Now fast forward a few years when Snowden 2.0 Service Pack 666 gives the world that unlock code. Oh the Chaos will be epic.

    There are backdoors already in effect and some of them already backfired on the NSA/CIA.

    Noone remembers the Juniper Firewall hacking?
    They were supposedly hacked using their own supposed backdoor techniques.

    Then later I remember another company that used a backdoor NSA approved security system, was also breached.

    Reply
  • Astone3145 12 February 2016 16:16
    "It is completely technologically unworkable for individual states to mandate different encryption standards in consumer products," Lieu told Reuters in an interview. "Apple can't make a different smartphone for California and New York and the rest of the country."

    Try telling that to the companies that make lawnmowers and trimmers with CA specific emissions. Next time you go to home depot or lowes notice the stickers on all the lawn equipment that says not for sale or use in CA.
    Reply
  • Solandri 12 February 2016 17:29
    17490096 said:
    "It is completely technologically unworkable for individual states to mandate different encryption standards in consumer products," Lieu told Reuters in an interview. "Apple can't make a different smartphone for California and New York and the rest of the country."

    Try telling that to the companies that make lawnmowers and trimmers with CA specific emissions. Next time you go to home depot or lowes notice the stickers on all the lawn equipment that says not for sale or use in CA.
    California is a big enough market that it's cost-effective to create a special design just for sale in California. If every state tried to mandate its own (different) emissions standards though, a lot of automakers would just give up and stop selling cars in the smaller states. At some point, the total cost to design and test the vehicles to pass a state's standards exceeds the expected profit of all your vehicle sales in that state.

    That said, it's a lot easier to special case software than it is physical hardware. Heck, the Win 7 install DVDs were all identical, it was just your serial code which determined if the product activated as Home Premium or Professional or Ultimate.
    Reply