What would happen if the United States government passed a bill mandating the inclusion of backdoors in cryptographic algorithms? Not much. The politicians in Washington DC, like many denizens of this nation, forget that there is an entire world outside of this nation’s borders. A recent report put together by actual security experts shows that any domestic laws hindering encryption will be futile because a lot of cryptography software comes from abroad:
An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.
The report, prepared by security researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors advocated by FBI Director James Comey and other US officials. Although the Obama administration is no longer asking Congress for legislation requiring them, it continues to lobby private industry to include ways law enforcement agencies can decrypt encrypted data sent or stored by criminal or terrorism suspects.
We’re told that mandatory backdoors are necessary to make the lives of law enforcers easier. But passing a law mandating backdoors in systems that utilize cryptography would only effect domestic companies. Most devices are manufactured outside of the United States. Any law mandating ineffective cryptography would only applies to domestic devices, which means the mandated backdoors would likely only be included in devices meant for sale in the United States. That means avoiding a purposely weakened device would be as simple as ordering it from a foreign reseller.
Most of the boogeymen the politicians point to to justify mandating backdoors are primarily based in foreign countries. The terrorist and sex trafficking organizations are already buying their communication equipment outside of the United States so they will be entirely unaffected by any new domestic laws. Furthermore, being criminal organizations, nothing will change for them since they’re already breaking numerous laws.
At most a mandatory backdoor law will put the denizens here, at least those dumb enough to continue buying domestic devices, at risk of being exploited by domestic and foreign governments as well as malware producers.