[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[fwd] Growing Development of Foreign Encryption Products in the Face of U.S. Export Regulations (from: cpi@SEAS.GWU.EDU)

----- Forwarded message from Cyberspace Policy Institute <cpi@SEAS.GWU.EDU> -----

Date: Thu, 10 Jun 1999 16:18:11 -0400
From: Cyberspace Policy Institute <cpi@SEAS.GWU.EDU>
To: firewalls@lists.gnac.net, risks@csl.sri.com, cryptography@c2.net
Subject: Growing Development of Foreign Encryption Products in the Face of U.S. Export Regulations

You may be interested in a report  released June 10, 1999, entitled
"Growing Development of Foreign Encryption Products in the Face of U. S.
Export Regulations"  by the Cyberspace Policy Institute of The George
Washington University.   The full report is at

The executive summary follows:

                    GROWING DEVELOPMENT OF 

                     Lance J. Hoffman*
                    David M. Balenson**
                Karen A. Metivier-Carreiro*
                        Anya Kim*
                     Matthew G. Mundy**

                      June 10, 1999
               Report No. GWU-CPI-1999-02

*Cyberspace Policy Institute, School of Engineering and Applied Science,
The George Washington University, Washington, DC

**NAI Labs, The Security Research Division of Network Associates, Inc.,
Glenwood, MD


Development of cryptographic products outside the United States is not
only continuing but is expanding to additional countries; with rapid
growth of the Internet, communications-related cryptography especially
is experiencing high growth, especially in electronic mail, virtual
private network, and IPsec products.  This report surveys encryption
products developed outside the United States and provides some
information on the effect of the United States export control regime on
American and foreign manufacturers.

We have identified 805 hardware and/or software products incorporating
cryptography manufactured in 35 countries outside the United States. 
The most foreign cryptographic products are manufactured in the United
Kingdom, followed by Germany, Canada, Australia, Switzerland, Sweden,
the Netherlands, and Israel in that order.  Other countries accounted
for slightly more than a quarter of the world's total of encryption
products. A full summary listing of the foreign cryptographic products
can be found in an appendix to the report.

The 805 foreign cryptographic products represent a 149-product increase
(22%) over the most recent previous survey in December 1997.  A majority
of the new foreign cryptographic products are software rather than
hardware.  Also, a majority of these new products are
communications-oriented rather than data storage oriented; they heavily
tend towards secure electronic mail, IP security (IPsec), and Virtual
Private Network applications. 

We identified at least 167 foreign cryptographic products that use
strong encryption in the form of these algorithms: Triple DES, IDEA,
BLOWFISH, RC5, or CAST-128.  Despite the increasing use of these
stronger alternatives to DES, there also continues to be a large number
of foreign products offering the use of DES, though we expect to see a
decrease in coming years.

New cryptography product manufacturers have appeared in six new
countries since December 1997, and there has been a large increase in
the number of products produced by certain countries.   The new
countries are Estonia, Iceland, Isle of Man, Romania, South Korea, and
Turkey.  The United Kingdom jumped by 20 products from 119 to 139, and
Germany jumped from 76 products to 104.  Also notable was Japan's
increase, from six products to 18, and Mexico's, from a single product
to six at the present time.  

We identified a total of 512 foreign companies that either manufacture
or distribute foreign cryptographic products in at least 67 countries
outside the United States. A full summary listing of these is given in
an appendix to the report.

On average, the quality of foreign and U. S. products is comparable. 
There are a number of very good foreign encryption products that are
quite competitive in strength, standards compliance, and functionality.

We present sketches of some representative competitors to U.S.
manufacturers of software and hardware with encryption capabilities; all
are developing products with strong encryption and have as customers a
number of large foreign or multinational corporations.  The specific
companies highlighted are Baltimore Technologies, Brokat, Check Point,
Data Fellows, Entrust, Radguard, Seguridata Privada, Sophos, and

We found some examples of advertising used by non-U. S. companies that
generally attempted to create a perception that purchasing American
products may involve significant red tape and the encryption may not be
strong due to export controls. This almost always appeared on Web sites.

We observed that companies vie to have encryption products that meet
certain accepted worldwide standards.  Encryption experts from all over
the world have contributed to two important international standards
efforts, IPsec and the Advanced Encryption Standard..

Finally, we suggested that our empirical product data could be combined
with economic measures and economic theories to better explain why we
are seeing the observed growth and to examine the effects of Internet
growth, e-commerce development, and regulatory actions on the
international cryptographic market over time, thus getting better
insights into the implications of various policy options.

----- End forwarded message -----