Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword
Like this
8Activity
×
0 of .
Results for:
No results containing your search query
P. 1
Cryptography Regulations

Cryptography Regulations

Ratings:

4.6

(5)
|Views: 8,595|Likes:
Published by Adam Smith

More info:

Published by: Adam Smith on Dec 15, 2006
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, DOC, TXT or read online from Scribd
See More
See less

12/21/2012

pdf

text

original

 
Smith, 1
Adam Smith17.31J, Professor Oye, Fall 2004October 14, 2004
Cryptography Regulations
Cryptography has been an important thread in the story of the rapid technologicaldevelopments over the past fifteen years. Since its popularization, markets have desiredto export the capabilities to foreign markets simply for the customer base. However, if foreign entities hostile to the United States used that cryptography, the US intelligenceapparatus’ ability to collect important information could be impaired. As a result of themarket’s failure to internalize this concern, the government has sought to use standardsand regulations to curb international use of unbreakable cryptography. In this paper wewill discuss this development, including many attempts to control encryption technologyand each attempt’s subsequent failure. We will then explore why government-imposedregulation of encryption is not effective, and thus should not be pursued. The discussion begins with a description of the status quo, followed by a treatment of historical attemptsto control encryption, and will conclude with an argument for why the market-drivensolution has won over regulatory control.
Cryptography and Its Use – The Status Quo
At the time of writing, the export of any open source cryptographic software islegal, except to a small set of nations.
1
Commercial software containing strongcryptography is subject to a review in some cases, however it is clear that restrictions arenot frequently exercised. Some products which use strong cryptography are restricted
1
 
Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria; US Department of Commerce, Bureau of Industryand Security, http://www.bxa.doc.gov/Encryption/Default.htm
 
Smith, 2
from export to government agents in most countries.
2
On the whole, however, currentexport restrictions are weak.
Attempts to Control the Export and Use of Cryptography
In 1991, about the time that military grade cryptography was becoming widelyavailable, Senate Bill 266 was introduced. If passed, all manufacturers “of electroniccommunications service equipment [would have had to] insure that communicationssystems permit the Government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law."
3
The bill did not provide anyreference to how such a back door system could be implemented, but the requirementswere clear – at least part of the Senate favored mandatory back doors for lawenforcement agencies. The bill failed after an outcry from many civil liberties groups, but began the debate about technology policy as it related to cryptographic controls.On April 16
th
, 1993, the National Security Agency (NSA) announced the Clipper chip. The Clipper chip was a hardware device which would perform importantcryptographic functions like encryption using an NSA algorithm named Skipjack. Thedetails surrounding the algorithm were not published at the time. The Clipper chip alsoimplemented a protocol named Law Enforcement Access Field (LEAF), which wouldallow governmental agencies to decrypt any ciphered message if some bureaucratic process was followed. The government manufactured many of these devices, publisheddocuments for how to develop software which uses them, and made partnerships withsoftware companies to use them. The multi-billion dollar project was cancelled in 1997,
2
All countries except the European Union, Australia, Czech Republic, Hungary, Japan, New Zealand, Norway, Poland, and Switzerland; see ibid
3
Senate Bill 266, 1991, see http://livinginternet.com/i/is_crypt_pgp.htm
 
Smith, 3
 primarily because the standard was not being adopted. Interestingly, we now know thatthe US Government considered sharing the secret LEAF keys with China, Syria, andPakistan.
4
The plan for the Clipper chip deployment was to offer it to industry as a standardto build off of. According to a presidential directive in April 1993, however, “Shouldindustry fail to fully assist the government in meeting its requirements within areasonable period of time, the Attorney General will recommend legislation which wouldcompel manufacturers to meet government requirements."
5
This was not a viable option; public opposition to mandated back doors was too large, as could have been seen fromthe S. 266 case.By this point, the US Administration was convinced that a mandatory back door  policy was not feasible. The US Department of Justice stated: “The Administration doesnot advocate a mandatory approach, and believes that a voluntary solution is preferable."
6
All future attempts at controlling cryptography aimed to establish an encryption standardwhich included a back door. This would not preclude the use of unbreakable encryption;it would just make it more difficult, since it would not be the standard.There were indications that industry might voluntarily include back doors in itscryptographic products. On October 2
nd
, 1996, a group of companies led by IBM formedthe Key Recovery Alliance (KRA).
7
The KRA was created to advocate internationalcryptographic standards suitable for electronic commerce which included back doors for 
4
“U.S. Considered Sharing Security Secrets With China, Syria, Pakistan;” Charles R. Smith; May 15,2001; http://www.newsmax.com/archives/articles/2001/5/14/203404.shtml
5
“Al Gore bugs America?” WorldNetDaily; August 2, 2000; http://www.beyond-the-illusion.com/files/New-Files/20000831/al_gore_presses_for_the_bugging_of_every_american.txt
6
Department of Justice, Cryptographic Export Policy FAQ, historically available at:http://www.cybercrime.gov/cryptfaq.htm
7
“High-tech leaders join forces to enable international strong encryption,” October 2, 1996; seehttp://www.interesting-people.org/archives/interesting-people/199610/msg00005.html

Activity (8)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Gurpreet Singh liked this
Glenn Drakeley liked this
skaruppaiya liked this
shreek06 liked this
mbasquare liked this
sobel liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->