Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Global Crypto Survey Argues Mandatory Backdoors Are Pointless

Accepted submission by rigrig mailto:soylentnews@tubul.net at 2016-02-11 20:15:27
Digital Liberty

As reported here [arstechnica.com], here [theintercept.com], here [theregister.co.uk], here [forbes.com], here [theverge.com], here [cso.com.au], and here [csmonitor.com], Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar today released their worldwide survey of encryption products [schneier.com]. They identified 865 hardware or software products from 55 countries that incorporate encryption, 546 of which originated from outside the United States. Their goal was to repeat a similar survey from 1999, when the debate about restricting the export of cryptographic technology was going on.

They didn't perform an in-depth review on the products, but state

To be sure, we do not believe that either US or non-US encryption products are free of vulnerabilities. We also believe that both US and non-US encryption products can be compromised by user error. What we do believe is that there is no difference in quality between the two. Both use the same cryptographic algorithms, and their secure development and coding practices are a function of the quality of their programmers, not the country they happen to be living in.

The report [schneier.com] concludes:

Laws regulating product features are national, and only affect people living in the countries in which they’re enacted. It is easy to purchase products, especially software products, that are sold anywhere in the world from everywhere in the world. Encryption products come from all over the world. Any national law mandating encryption backdoors will overwhelmingly affect the innocent users of those products. Smart criminals and terrorists will easily be able to switch to more-secure alternatives.

The 1999 report which inspired this survey [cryptome.org] (original pdf is gone), came to pretty much the same conclusion about the futility of export regulations on encryption products.


Original Submission