Many politicians around the world, especially among the Five Eyes nations, are under the impression that mandating backdoors or weakening encryption would make it possible to read all communications with little effort. Not so though, as it turns out that worldwide, there are more than 850 hardware and software encryption options for nefarious actors to use.
Discovered as part of a study by cryptographers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar (via Wired), this list paints an expansive landscape of the state of encryption around the world. It truly is global too, with more than two-thirds of the discovered encryption products and services existing outside the U.S., where jurisdiction to force backdoors would be weak at best.
Not all options for encryption and obfuscation on that list are military grade of course, with the available offerings ranging from simple VPN services to encrypted applications on smartphones and password managers. But they are produced by a variety of organizations, from commercial enterprises to open-source communities, which also complicates the idea of government-mandated backdoors.
While the researchers in this instance didn’t test the usefulness of such tools, they did highlight how easy it would be for anyone who believed their encrypted service to be compromised to simply move on to something else.
“Our survey demonstrates that … [a]nyone who wants to evade an encryption backdoor in U.S. or U.K. encryption products has a wide variety of foreign products they can use instead: to encrypt their hard drives, voice conversations, chat sessions, VPN links, and everything else,” the research paper reads.
Perhaps even more impressive is the fact that a survey much like this one was conducted in the late ’90s, and found similar numbers of encryption-based products as now, though very few showed up on both lists. This suggests that the environment for encryption is constantly shifting and evolving, which makes having special roots through current offerings even more redundant.
This latest report goes on to suggest that the only people affected by backdoors to encryption would be criminals who were so ineffective that they would likely have been caught in some other way, and legitimate end users who are acting entirely innocently.
Ministers and politicians believe weakening encryption will help target the most nefarious, and yet this research suggests that they are precisely the ones who will easily evade such traps.