Any move by government, police or intelligence agency to ban or weaken encryption is likely to be futile, a fresh Harvard report has warned. The study, conducted by renowned cryptographer Bruce Schneier and academics Kathleen Seidel and Saranya Vijayakumar, instead argues the sheer scope of the global technology industry – and its open-source nature – means that trying to stop the spread of stealthy communications is a worthless endeavour.
In their analysis, titled A Worldwide Survey Of Encryption Products, the researchers uncovered nearly 900 different hardware or software products that incorporate encryption from 55 different countries.
The most prolific producer outside the US is Germany, with 112 encryption products. This is followed by the UK, Canada, France and Sweden. On the non-US encryption products, the study found that nearly half were offered free of charge.
"Any mandatory backdoor will be ineffective simply because the marketplace is so international," the report asserts. "Anyone who wants to evade an encryption backdoor in US or UK encryption products has a wide variety of foreign products they can use instead: to encrypt their hard drives, voice conversations, chat sessions, VPN links and everything else."
The findings come amid an attempted clampdown on encryption tools by authorities struggling to combat terrorism or intercept suspect communications. FBI director James Comey, for example, has long warned that strong encryption is hampering the agency's ability to fight crime, coining the term "going dark". In the UK, GCHQ boss Robert Hannigan has publicly echoed this view.
The switching problem
Unfortunately for these agencies, however, the report claims the technology is so common, found in popular services from Apple's iMessage to WhatsApp, that it would be practically impossible to curb. In fact, any cutback would have severe consequences. "Any national law mandating encryption backdoors will overwhelmingly affect the innocent users of those products. Smart criminals and terrorists will easily be able to switch to more secure alternatives," it notes.
In light of this, if one major product is discovered to have been compromised then criminals will simply move on. "Yes, it will catch criminals who are too stupid to realise that their security products have been backdoored or too lazy to switch to an alternative, but those criminals are likely to make all sorts of other mistakes in their security and be catchable anyway," the researchers state.
"The smart criminals that any mandatory backdoors are supposed to catch – terrorists, organised crime and so on – will easily be able to evade those backdoors."
Meanwhile, a separate research study unveiled by Harvard academics effectively debunked the notion that terrorists and criminals are going dark, adding that emerging technology such as smart devices have actually created more surveillance opportunities for law enforcement than ever before.