You can’t ban encryption. It just won’t work.
That’s the conclusion of a Harvard study into the proliferation of encryption products around the world.
Noted cryptographer Bruce Schneier, along with Kathleen Seidel and Saranya Vijayakumar set out to perform a “worldwide sruvey of encryption products,” and software being developed in 36 different jurisdictions, including the US.
The implication: “Any mandatory backdoor will be ineffective simply because the marketplace is so international.”
The study is significant because it comes at a time of significant pressure from law enforcement in the US and elsewhere to force tech companies to introduce backdoors into encryption software to allow access when required. (We first read the study over on The Daily Dot.)
Technologists counter that there are numerous reasons why this is a bad idea, ranging from the fact that any backdoor would be at risk of being exploited by bad actors, to the fact that any attempted ban/mandated backdoors would set a dangerous international precedent for authoritarian regimes looking to crack down on dissidents.
But there’s also the pragmatic argument that any ban just won’t work. Schneier et al‘s study backs this up.
Even if the US, or Britain, banned encryption, the terrorists/paedophiles/criminals that law enforcement are after can simply switch to software made in any of the other three dozen countries around the world that have encryption product developers.
The US, though (fairly) regarded as the heart of the international tech community, does not have significantly more sophisticated products available, the study found. “There is no reason to believe that foreign-designed or foreign-developed encryption products are any worse (or better) than their US counterparts,” it says. “Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the US.”
34% of the products surveyed are open source — meaning that even if every single country in the world decided to band together to ban encryption, rogue developers could still use this code to continue to develop encryption products underground.
But that isn’t going to happen: Germany and the Netherlands have both “publicly disavowed backdoors in encryption products,” the study points out — and have more than 130 encryption products between them.
The study concludes: “It is easy to purchase products, especially software products, that are sold anywhere in the world from everywhere in the world. Encryption products come from all over the world. Any national law mandating encryption backdoors will overwhelmingly affect the innocent users of those products. Smart criminals and terrorists will easily be able to switch to more-secure alternatives.”
Here’s the complete study:
NOW WATCH: An Iranian actress posted Instagram photos of herself without a hijab and was forced to flee the country
Business Insider Emails & Alerts
Site highlights each day to your inbox.