Förderverein Informationstechnik und Gesellschaft

Growing Development of Foreign Encryption Products i

------- Forwarded Message Follows -------
Date:          Thu, 10 Jun 1999 16:18:11 -0400
From:          Cyberspace Policy Institute <cpi@SEAS.GWU.EDU>
To:  ,,
Subject:       Growing Development of Foreign Encryption Products in the Face of U.S. Export Regulations

You may be interested in a report  released June 10, 1999, entitled
"Growing Development of Foreign Encryption Products in the Face of U.
S. Export Regulations"  by the Cyberspace Policy Institute of The
George Washington University.   The full report is at

The executive summary follows:

                    GROWING DEVELOPMENT OF 

                     Lance J. Hoffman*
                    David M. Balenson**
                Karen A. Metivier-Carreiro*
                        Anya Kim*
                     Matthew G. Mundy**

                      June 10, 1999
               Report No. GWU-CPI-1999-02

*Cyberspace Policy Institute, School of Engineering and Applied Science,
The George Washington University, Washington, DC

**NAI Labs, The Security Research Division of Network Associates, Inc.,
Glenwood, MD


Development of cryptographic products outside the United States is not
only continuing but is expanding to additional countries; with rapid
growth of the Internet, communications-related cryptography especially
is experiencing high growth, especially in electronic mail, virtual
private network, and IPsec products.  This report surveys encryption
products developed outside the United States and provides some
information on the effect of the United States export control regime
on American and foreign manufacturers.

We have identified 805 hardware and/or software products incorporating
cryptography manufactured in 35 countries outside the United States.
The most foreign cryptographic products are manufactured in the United
Kingdom, followed by Germany, Canada, Australia, Switzerland, Sweden,
the Netherlands, and Israel in that order.  Other countries accounted
for slightly more than a quarter of the world's total of encryption
products. A full summary listing of the foreign cryptographic products
can be found in an appendix to the report.

The 805 foreign cryptographic products represent a 149-product
increase (22%) over the most recent previous survey in December 1997. 
A majority of the new foreign cryptographic products are software
rather than hardware.  Also, a majority of these new products are
communications-oriented rather than data storage oriented; they
heavily tend towards secure electronic mail, IP security (IPsec), and
Virtual Private Network applications. 

We identified at least 167 foreign cryptographic products that use
strong encryption in the form of these algorithms: Triple DES, IDEA,
BLOWFISH, RC5, or CAST-128.  Despite the increasing use of these
stronger alternatives to DES, there also continues to be a large
number of foreign products offering the use of DES, though we expect
to see a decrease in coming years.

New cryptography product manufacturers have appeared in six new
countries since December 1997, and there has been a large increase in
the number of products produced by certain countries.   The new
countries are Estonia, Iceland, Isle of Man, Romania, South Korea, and
Turkey.  The United Kingdom jumped by 20 products from 119 to 139, and
Germany jumped from 76 products to 104.  Also notable was Japan's
increase, from six products to 18, and Mexico's, from a single product
to six at the present time.  

We identified a total of 512 foreign companies that either manufacture
or distribute foreign cryptographic products in at least 67 countries
outside the United States. A full summary listing of these is given in
an appendix to the report.

On average, the quality of foreign and U. S. products is comparable.
There are a number of very good foreign encryption products that are
quite competitive in strength, standards compliance, and

We present sketches of some representative competitors to U.S.
manufacturers of software and hardware with encryption capabilities;
all are developing products with strong encryption and have as
customers a number of large foreign or multinational corporations. 
The specific companies highlighted are Baltimore Technologies, Brokat,
Check Point, Data Fellows, Entrust, Radguard, Seguridata Privada,
Sophos, and Utimaco.  

We found some examples of advertising used by non-U. S. companies that
generally attempted to create a perception that purchasing American
products may involve significant red tape and the encryption may not
be strong due to export controls. This almost always appeared on Web

We observed that companies vie to have encryption products that meet
certain accepted worldwide standards.  Encryption experts from all
over the world have contributed to two important international
standards efforts, IPsec and the Advanced Encryption Standard..

Finally, we suggested that our empirical product data could be
combined with economic measures and economic theories to better
explain why we are seeing the observed growth and to examine the
effects of Internet growth, e-commerce development, and regulatory
actions on the international cryptographic market over time, thus
getting better insights into the implications of various policy