Professional Documents
Culture Documents
Abstract
Introduction
What is Cryptography
Historical examples
Modern examples
Hacking
Cryptographic Attacks
Criminal law
Terrorism n Steganography
Conclusion
References
CRIMINAL USES OF CRYPTOGRAPHY AND LAW
Abstract :
Introduction :
Almost since people began writing, they have found ways to hide what they
were writing. Cryptography, which is said to be the art of secret writing, has for a long
time been used mainly by governments, diplomats, armies, and intelligence agencies.
With the advent of modern (public-key) cryptography in the 1970s, cryptography is being
used by an ever wider range of users. In effect, in the present information society,
cryptography has become an essential tool for safeguarding information security.
What is Cryptography
Cryptographic goals
The following four form a framework upon which the other will be derived.
Privacy or Confidentiality.
Data Integrity.
Authentication.
Non-repudiation.
All modern histories of World War II credit various Allied victories to code
breaking : cracking enemy codes. The US Navy’s successful attack on the Japanese in the
Battle of Midway is credited largely to decrypted Japanese radio messages. The US Navy
also cracked the Japanese convoy code and waged a devastating submarine campaign
against their convoys. In the Atlantic, the Allies used knowledge of German codes to
track their submarines.
However, this was not a one-sided success. Thanks to what some have called
“sloppy” behavior by Allied coding clerks, the Germans were equally effective in reading
dispatches sent to Allied convoys. Thus, the German submarines played the same game
in the Atlantic that the US Navy played in the Pacific.
The Navy appreciated both the value of code breaking and their own
vulnerability to it. A classified dispatch was distributed in late 1943 to alert
communications personnel to the risk and to repeat various rules for correct operation.
While the rules of the 1940’s for secure radio communication are hardly relevant, the
rationale behind them still holds true.
In the United States, there are over 1,000 federal law-enforcement wiretaps a
year. In Germany and the Netherlands, the figure is much higher, well over 3,000
wiretaps a year. There are not many figures on the efficacy of wiretaps. A German
study of US wiretaps in the late 1980s found that in 95% of the cases, incriminating
conversations were recorded; in 47% of wiretap cases, there were arrests, and in
33%, there were convictions. A 1996 Dutch report by the WODC concluded that
wiretapping is an effective investigation measure.
How RSA works: One commonly used cipher of this form is called ``RSA Encryption'',
where ``RSA'' are the initials of the three creators: ``Rivest, Shamir, and Adleman''. It
is based on the following idea: It is simple to multiply numbers together, especially
with computers. But it can be difficult to factor numbers. For example, if we
multiply together 34537 and 99991, it is a simple matter to put those numbers into a
calculator and 3453389167. But the reverse problem is much harder.
Suppose if we take a number 1459160519. I'll even tell you that I got it by
multiplying together two integers. Can you tell me what they are? This is a very
difficult problem. A computer can factor that number fairly quickly, but it basically
does it by trying most of the possible combinations. For any size number, the
computer has to check something that is of the order of the size of the square-root of
the number to be factored. In this case, that square-root is roughly 38000.
Now it doesn't take a computer much time to try out 38000 possibilities, but
what if the number to be factored is not ten digits, but rather 400 digits? The square-
root of a number with 400 digits is a number with 200 digits. The lifetime of the
universe is approximately 10^{18}seconds - an 18 digit number. Assuming a
computer could test one million factorizations per second, in the lifetime of the
universe it could check 10^{24} possibilities. But for a 400 digit product, there are
10^{200} possibilities. This means the computer would have to run for
10^{176}times the life of the universe to factor the large number. It is, however, not
too hard to check to see if a number is prime--in other words to check to see that it
cannot be factored. If it is not prime, it is difficult to factor, but if it is prime, it is not
hard to show it is prime. So RSA encryption works like this. In a real RSA
encryption system, keep in mind that the prime numbers are huge. These are few
more topics in RSA to be known.
digital certification
digital signature
DES
The Data Encryption Standard (DES) was jointly developed in 1974 by IBM and the U.S.
government to set a standard that everyone could use to securely communicate with
each other. It operates on blocks of 64 bits using a secret key that is 56 bits long. The
original proposal used a secret key that was 64 bits long. It is widely believed that
the removal of these 8 bits from the key was done to make it possible for U.S.
government agencies to secretly crack messages.
DES started out as the "Lucifer" algorithm developed by IBM. The US National Security
Agency (NSA) made several modifications, after which it was adopted as Federal
Information Processing Standard (FIPS) standard 46-3 and ANSI standard X3.92.
How DES works: Encryption of a block of the message takes place in 16 rounds. From
the input key, sixteen 48 bit keys are generated, one for each round. In each round,
eight so-called S-boxes are used. These S-boxes are fixed in the specification of the
standard. Using the S-boxes, groups of six bits are mapped to groups of four bits.
The contents of these S-boxes has been determined by the U.S. National Security
Agency (NSA). The S-boxes appear to be randomly filled, but this is not the case.
Recently it has been discovered that these S-boxes, determined in the 1970s, are
resistant against an attack called differential cryptanalysis which was first known in
the 1990s.
The block of the message is divided into two halves. The right half is
expanded from 32 to 48 bits using another fixed table. The result is combined with
the sub key for that round using the XOR operation. Using the S-boxes the 48
resulting bits are then transformed again to 32 bits, which are subsequently
permutated again using yet another fixed table. This by now thoroughly shuffled
right half is now combined with the left half using the XOR operation. In the next
round, this combination is used as the new left half.
PGPfone is a software package that turns our desktop or notebook computer into a secure
telephone. It uses speech compression and strong cryptography protocols to give us
the ability to have a real time secure telephone conversation. Secure voice calls are
supported over the Internet, or through a direct modem-to-modem connection, or
even over AppleTalk networks.
Bulletin boards This is a forum for sharing investor information and often fraud is
perpetrated in this zone causing loss of millions who bank on them.
E-mail scams: Since junk mail is easy to create, fraudsters often find it easy to spread
bogus investment schemes or spread false information about a company.
Credit card fraud: With the electronic commerce rapidly becoming a major force in
national economies it offers rich pickings for criminals prepared to undertake
fraudulent activities. In U.S.A. the ten most frequent fraud reports involve
undelivered and online services; damaged, defective, misrepresented or undelivered
merchandise; auction sales; pyramid schemes and multilevel marketing and of the
most predominant among them is credit card fraud. Something like half a billion
dollars is lost to consumers in card fraud alone. Publishing of false digital
signature .According to section 73 of the I.T. Act 2000, if a person knows that a
digital signature certificate is erroneous in certain particulars and still goes ahead and
publishes it, is guilty of having contravened the Act. He is punishable with
imprisonment for a term that may extend to two years or with fine of a lakh rupees or
with both.
Virus just as a virus can infect the human immunity system there exist
programs, which, can destroy or slow down computer systems. A computer virus is
nothing but a program designed to replicate and spread, generally with the victim
being oblivious to its existence. Computer viruses spread by attaching themselves to
programs like word processor or spreadsheets or they attach themselves to the boot
sector of a disk. When an infected file is activated or when the computer is started
from an infected disk, the virus itself is also executed.
HACKING
It is the most common type of Cyber crime that is committed across the
world. Hacking has been defined in section 66 of The Information Technology Act,
2000 as follows "whoever with the intent to cause or knowing that he is likely to
cause wrongful loss or damage to the public or any person destroys or deletes or
alters any information residing in a computer resource or diminishes its value or
utility or affects it injuriously by any means commits hacking". Punishment for
hacking comes under the above mentioned section is imprisonment for three years or
fine which may be upto two lakh rupees or both. A Hacker is a person one who
breaks in or trespasses a computer system. Hackers are of different types ranging
from code hackers to crackers to cyber punks to freaks. Some hackers just enjoy
cracking systems and gaining access to them as an ordinary pastime; they do not
desire to commit any further crime. Whether this itself would constitute a crime is a
matter of fact. At most such a crime could be equated with criminal trespass.
Cryptographic Attacks:
After all the work cryptographers put into testing their algorithms for
holes, that modern crypto systems would be hard to break. Anyway in a sense it is hard to
break these well-developed systems if u go at it with a sledgehammer approach.
However, most of the modern attacks find ways to simply circumvent the security in an
algorithm or crypto system instead of finding ways to “break” them. Because we are
human, we sometimes make mistakes in hardware and software that makes it easier for
attackers to find the weaknesses in a security mechanism.
Sometimes crypto attacks are made easier because the vendor made a
simple mistake in creating the encryption program. This has happened more often than
you’d care to know. There are tons of people out there with time, energy, and spare
computers around who love to find holes in crypto programs, and when they do, they take
a fair amount of delight in publishing their results. If you do an Internet search on
“cracking crypto” or “attacking cryptography,” you’ll find hundreds of highly technical
papers and lots of freeware that will do the job for you.
That’s not to say that encrypting your data and messages is a bad thing. It’s
certainly more secure than not encrypting it. In fact, in one well-known case, an
e-commerce site went to all the trouble of setting up SSL to encrypt credit card numbers
for purchases, but they store those numbers unencrypted on the Web Server. The
attackers did not need to attack the SSL sessions, they just found a path into the Web
Server and stole the credit card numbers with no problem. Sometimes smart people do
dumb things. It’s up to you to try to play it smart.
Here are some of the common attacks you are likely to come across in your reading or
discussions about cryptography.
Known Plaintext Attack.
Chosen Ciphertext Attaks.
Chosen Plaintext Attacks.
The Birthday Attack.
Man-in-the-Middle Attack.
Timing Attaks.
Rubber Hose Attack.
Electrical Fluctuation Attaks.
With the growth of the internet, network security has become a major
concern. Private confidential information has become available to the public.
Confidential information can reside in two states on the network. It can reside on the
physical stored media, such as hard drive or memory or it can reside in the transit across
the physical network wire in the form of packets. These two information states provide
opportunities for attacks from users on the internal network, as well as users on the
Internet.
IP Spoofing :
An IP attack occurs when an attacker outside the network pretends to be a trusted
computer either by using an IP address that is within its range or by using an external IP
address that you trust and to which you wish to provide access to specified resources on
your network. Normally, an IP spoofing attack is limited to the injection of data or
commands into an existing stream of data passed between client and server application or
a peer to peer network connection.
Password attacks:
Password attacks can be implemented using several different methods like the brute force
attacks, Trojan horse programs. IP spoofing can yield user accounts and passwords.
Password attacks usually refer to repeated attempts to identify a user password or
account. These repeated attempts are called brute force attacks.
The Internet has provided its users with a new forum to express their
views and concerns on a world wide platform. As a essential corollary to the freedom to
communicate and speak is the fact that this must be allowed with as little State
interference as possible; in other words, in the absence of State intrusion. This
immediately raises the controversial issue of the right to privacy. It can be considered a
logical corollary to the freedom of speech and expression. The practice of encryption and
its study which is known as cryptography provides individuals with means of
communication that no third party can understand unless specifically permitted by the
communicators themselves. It would therefore seem that this practice is a legitimate
utilization of the right to freedom of speech and expression and the right to have a private
conversation without intrusion.
Breach Of Confidentiality And Privacy Under The Information And
Technology Act 2000. According to section 72 of the above mentioned Act, if a person
has secured access to any electronic record, book, register correspondence, information,
document or other material without the consent of the person concerned and discloses the
same to any other person then he shall be punishable with imprisonment upto two years,
or with fine which may extend to one lakh rupees, or with both. Encryption And
Cryptography. Encryption is like sending a postal mail to another party with a lock code
on the envelope which is known only to the sender and the recipient. This therefore has
the effect of ensuring total privacy even in open networks like the internet. Encryption
involves the use of secret codes and ciphers to communicate information electronically
from one person to another in such a way that the only person so communicating, would
know to use the codes and ciphers. The field of cryptography on the other hand deals
with the study of secret codes and ciphers and the innovations that occur in the field. It is
also defined as the art and the science of keeping messages secure. Thus while encryption
is the actual process, cryptography involves a study of the same and is of wider
connotation.
All the major operational areas in banking represent a good opportunity for
fraudsters with growing incidence being reported under deposit, loan and inter-branch
accounting transactions, including remittances.
A broad analysis of various frauds that have taken place throw up the
following high-risk areas in committing frauds:
1. Misappropriation of cash by dodging accounts.
2. Unauthorized withdrawal or transfers of funds, mostly from long dormant accounts.
These kinds of frauds involve the forgery also.
3. Opening of fictitious accounts to misappropriate funds from illegal activities ie.
Laundering through the fictitious accounts.
4. Use of interbank clearing for accommodation, kite flying and misappropriation.
5. Cheating in foreign exchange transactions by flouting exchange control provisions.
6. Over valuations of the securities and tampering with the security documents, which has
lead to many of the co-operative bank failures in the recent past.
7. Fraud in collusion with bank staff in emerging areas and services under the
computerized environment.
Frauds take place in a financial system only when safeguards and procedural
checks are inadequate or when they are not scrupulously adhered to, leaving the system
vulnerable to the perpetrators. Anecdotal evidence shows that whether the agency or
individual committing the fraud works for the bank or deals with it, the culprit does
careful planning before he attacks the system at its most vulnerable point.
The most effective defense banks could have against fraud is to strengthen
their operational practices, procedures, controls and review systems so that all fraud-
prone areas are fully sanitized against internal or external breaches. Anyway, the huge
expansions in banking transactions consequent to the transition of banks to mass banking
and the large-scale computerization have played a major role in the commit of the frauds.
Hence mere reliance on the internal controls is of no use. Expect fraud, to expect the
fraud one needs formal education to think on the given guidelines. Nowhere in the world
the fraud can be avoided and the banks are no exceptions. It is a human trend of taking
the risk to commit the frauds if he finds suitable chances or ways. So it is wise to expect
the occurrence of the fraud. When different schemes of frauds are classified it gives a
broad idea of fraud schemes that are possible in the country. Unfortunately no Indian
body does this work. If the fraud is expected, efforts can be concentrated on the areas,
which are fraud prone. Fraud is the game of two. The rule makers and rule breakers.
Whoever is strong in the anticipation of the situations wins the game of frauds. Fraud is a
fact, which cannot be eliminated, but it needs to be managed.
Develop a fraud policy. The policy should be written and distributed to all
employees, Borrowers and depositors. This gives a moral tension to the potential
Fraudster. Maintain a zero tolerance for violations. The Indian bank needs to roar against
the action that is taken against the Fraudsters. The media publicity against the fraudsters
at all the levels is necessary. The announcement by US president George W. Bush that
the “Corporate crooks will not be spared” gave the deep impact to the Corporate
America. In India also we need to consider it as a sever problem and need to fight against
it.
Assess Risk. Look at the ways fraud can happen in the organization. It is
very important to study the trend and the style of frauds in the bank. The Basel-II accord
deals in the assessment of various kinds of risk. Some of the big nationalized banks in
India maintain the databases of the fraud cases reported in their banks. But the databases
are dumb. They yield nothing unless they are analyzed effectively. Establish regular
fraud-detection procedures. It could be in the form of Internal audit or it could also be in
the form of inspections. These procedures alone discourage employees from committing
fraud. In addition to this the Institute of Chartered Accountants of India has issued a
“Accounting and Assurance standard on internal controls which is a real guideline to test
internal controls. Controls break down because people affect them, and because
circumstances change.
Review and enforce password security. The incidences of hacking and the
Phishing have troubled the Indian Private sector banks to a great extent. In addition to
this most of the Indian banks are running behind the ATM and credit cards to compete
with each other but have conveniently forgone the fact that ATM cards and the credit
cards are the best tools available in the hands of the fraudsters. Inappropriate system
access makes it possible to steal large amounts of money very quickly and, in many
cases, without detection. Hence the review and the enforcement of the security policy is
going to be a crucial.
Promote the Whistle blowing Culture. Many of the surveys on Frauds have
shown that the frauds are unearthed by the “TIPS” from insider or may be from outsiders.
Internal audits and internal controls come much later. The message about contacting the
vigilance officers is flashed in most of the branch premises. However the ethics lines are
very rarely seen. The ethics lines are the help lines to the employees or the well-wishers
of the bank, which tells them whether a particular activity constitutes a fraud, or not.
Screen and monitor Borrowers. Bad borrowers cause the biggest losses to
the banks. What are they? Who they represent themselves to be? Look at their ownership,
clients, references, and litigation history. In many cases the potential fraudsters have
history of defaulting in some other bank or Financial Institution. The more realistic
approach is to maintain the centralized databases of the defaulters and the properties
offered by them, which would give the banks very easy access to the list of defaulters,
which in turn could be used to take the decisions regarding the disbursements and all
other issues. This ten-fold approach to combat the frauds is an endeavor to reduce the
operational risks of the banks in the wake of the coming BASEL-II norms. These norms
have identified the operational risks to be one of the biggest threats to the progress of the
banking sector. Complying with these norms yields the definite results.
Criminal Law :
In these heady days of the Internet, other forms of global communication, and
multinational corporations, the need for privacy in electronic communications is greater
than ever. Without it, consumers will not make credit card purchases, and companies and
individuals will be extremely reluctant to disseminate confidential information to their
worldwide offices and to their clients, lest such information fall prey to hacking
competitors and criminals.
Encryption not only is valuable in terms of ensuring privacy, but also facilitates
"authentication" in that it creates non-forgeable "digital" signatures on electronic
documents and also provides a fool-proof way of detecting whether anybody has
attempted to alter a communication while in transition.
(1) Thus, in many ways, "paperless" electronic transactions are, at least potentially, both
more efficient and safer for the consumer and the seller of goods and services than more
standard transactions. The art and science of cryptography is old as civilization, during
the time of Julius Caesar, who sent encrypted messages, replacing each letter by the third
later letter in the Latin alphabet, to his field generals in battle.
(2) Cryptography has proven particularly valuable during times of war, enabling our
country, for example, to crack the German’s "Ultra" codes and the Japanese’s "Purple"
codes during World War II, thereby substantially shortening the war and saving
thousands of lives.
(3) In addition to military applications, cryptography plays a vital role within the
intelligence community, helping us stay one step ahead of international terrorists and the
like. While computers have played an important role in the area of code-breaking, they
have likewise played an important role in the area of code-making. Through the
encryption process, readable data (plaintext) is run through a computer program, which
uses algorithms, and is converted into unreadable format known as "ciphertext".
Decryption is the process whereby the ciphertext is translated back to plaintext by
someone possessing the appropriate code or "key."Generally speaking, the strength of a
particular cryptographic system is gauged by the length of its key and the complexity of
its algorithm.
(4) As this statement implies, there are encryption products already in existence that
contain codes that are so complex that they are virtually impossible to break without the
proper key, which are oftentimes in the sole possession of the recipient of the
information. As one might expect, the international market for encryption hardware and
software is huge, and getting bigger, its demand being limited only by the demand for
computers and cellular telephones. FBI Director Louis Freeh bluntly stated that, "law
enforcement remains in unanimous agreement that the widespread use of robust non-
recovery encryption will destroy our ability to fight crime and terrorism."
(5) One good example, encryption to prevent our intelligence community from collecting
data was detected in the Aldrich Ames spy case, and Ramzi Yousef, the convicted
mastermind of the World Trade Center bombing and other despicable acts, used
encryption products to protect his computer files that related to terrorist activities.
(6) Encryption has also been used by child pornographers to transmit obscene images
over the Internet, and by major drug traffickers, violent gangs, and domestic anti-
government groups seeking to stifle government investigators.
(7) For this reason, ever since its "Clipper Chip" initiative in 1993, the Clinton
Administration’s policy and proposals have all involved the concept of "escrowed"
encryption. An escrowed encryption system is one in which "key" to the system is kept
"in escrow" by a designated, government-approved agency or third party who can be
served with a request or court order .
(8) to turn the key over to law enforcement officials without notifying the user. As one
might expect, each of these proposals has met with a negative reaction from the computer
industry and from civil libertarians. In addition to escrowed encryption proposals, the
other response by the Clinton Administration has been an attempt to forge a compromise
by permitting unregulated and unlimited domestic use and distribution of encryption
technology, despite objections from the FBI, but severely regulating and limiting the
exportation of encryption products. Prior to 1996, the exportation of encryption products
was governed by the Arms Export Control Act (AECA) and the International Traffic in
Arms Regulations (ITAR).
(9) In late 1996, the Clinton Administration transferred authority over the export of non-
military encryption to the Commerce Department, which issued its own set of
regulations. These regulations provided for exceptions to export restrictions for certain
encryption products, including non-recovery encryption software up to a 56-bit key
length.
(10) The Clinton Administration and the law enforcement community face a wide array
of formidable opponents. In addition to groups such as the American Civil Liberties
Union, the Electronic Frontier Foundation, the Center for Democracy and Technology,
and the Electronic Privacy Information Center, a coalition of over 100 business and
associations, including Intel, Microsoft, Sun Microsystems, and the Business Software
Alliance, recently formed Americans for Computer Privacy (ACP), whose sole goal is to
promote pro-encryption legislation.
(11) These groups generally fear the possibility of "Orwellian snooping" by the
government, and fervently believe that encryption restrictions violate fundamental rights
to privacy, as well as the First, Fourth, and Fifth Amendments. Suffice it to say that many
of these groups are well-financed and highly motivated. Some of the systems, designed to
prevent crime, would, paradoxically, leave law abiding citizens and companies more
susceptible to computer-savvy criminals who desire to steal and misuse sensitive
information. If, as has been acknowledged by the Department of Defense, two 17-year-
old hackers can penetrate the Pentagon’s computer system,
(12) Last December, Cylink Corp. was granted a license to export strong encryption
without a key recovery to members of the European central bank network, and in
February, the Commerce Department expanded its definition of "financial institutions"
permitted to export strong encryption hardware to include credit card companies and
securities firms.
(13) Despite the recent easing of export restrictions, the debate about encryption shows
no signs of abating. There are currently pending before Congress no fewer than five bills
dealing with encryption technology, some of which impose additional restrictions and
some of which eliminate those restrictions that currently exist. In the House,some
members have proposed the Security and Freedom through Encryption (SAFE) Act.
(14) As originally proposed, SAFE would prohibit mandatory key escrow and ease export
controls. However, SAFE has been subjected to numerous revisions that offend civil
libertarians, such as the addition of key-recovery provisions and a provision making it a
crime to use encrypted communications. In the Senate, John McCain and Bob Kerrey
have introduced the Secure Public Networks Act of 1996 which authorizes the export of
encryption products without key recovery of up to 56-bit strength to certain buyers. The
bill would allow the president to increase the encryption strength of exportable products
and further provides that the president "shall take such action as necessary to increase the
encryption strength for encryption products for export if similar products are marked by
the President to be widely available for export from other Nations."
(15) In the absence of an executive order, the bill prohibits the exportation of encryption
products with more than 56 bits unless they are "based on a qualified system of key
recovery."
(17) which, like Senator Burns’s bill, would eliminate export controls on encryption
devices and technology. However, it also offers protection to any United States citizen or
entity who uses encryption of any strength in any state or foreign country, and
criminalizes the use of encryption when used in furtherance of a crime. Most recently,
John Ashcroft and Senator Leahy introduced the Encryption Protects the Rights of
Individuals from Violation and Abuse in Cyberspace Act,
(18) which would allow companies to export advanced encryption products, after a one-
time review of mass-market encryption products and after it is verified that comparable
technology is already available in foreign markets; however, exports to certain countries,
such as Iraq, Iran, and Libya, would still be banned.
Introduction to Code Signing : The software industry must provide users with the means
to trust code including code published on Internet. Many of the Web pages contain
only static information that can be downloaded with risk. Some pages, contain
controls and applications to be downloaded and run on a user's computer. These
executable files can be risky to download and run.
Packaged software uses branding and trusted sales outlets to assure users of its
integrity, but these guarantees are not available when code is transmitted on the
Internet. Additionally, the Internet itself cannot provide any guarantee about the
identity of the software creator. Nor can it guarantee that any software downloaded
was not altered after its creation. Browsers can exhibit a warning message that
explains the possible dangers of downloading data of any kind, but browsers cannot
verify that code is what it claims to be. A more active approach must be taken to
make the Internet a reliable medium for distributing software.
crypt-xor_2.1-1_i386.deb
crypt-xor_2.1-1.tar.gz
Terrorism n Steganography
Steganography is the art and science of writing hidden messages in such a way that no
one apart from the intended recipient knows of the existence of the message, this is
in contrast to cryptography, where the existence of the message itself is not
disguised, but the content is obscured. Quite often, steganography is hidden in
pictures.
2. Invisible Ink
3. Null Ciphers
Bin Laden: Steganography Master? - WIRED News article discusing USA TODAY
report that bin Laden and others are using steganography to communicate.
Conclusion
It is clear from the above report and all the available that the availability of
strong cryptography is a very mixed one, on one side it can be used in the
development of electronic commerce and the maintenance of personal privacy, on the
other it does provide a useful tool for the criminally minded. However as to whether
the arguments for criminals using cryptography is a reasonable justification for the
introduction of heavy handed regulation which would attempt to limit the availability
and use of such products, hence the conclusion is clear. While the law enforcement
communities case does hold unobtainable, it would in some cases make the
conviction of the criminal somewhat easier, it might even mean that a few more were
caught, but the price is simply too high. The infrastructure for strong encryption for
the individual already exists on a transnational basis. If regulations are promulgated
which require the use of Trusted Third Parties, lower strength encryption or even
merely a heavy paperwork burden which increases costs what must happen is that
those citizens who are law abiding in the first place will follow the new regulations,
whereas those who are not will simply ignore then and continue to use the system
which is currently in place anyway, of strong, virtually unbreakable encryption,
unencumbered by any legal framework. The only way in which this could be made
effective is to outlaw all non-regulated products and then trace any traffic which uses
them. This is simply not technically feasible, and is also a great deal of effort when
“the number of cases which actually involve cryptography is still very small” and
“the files which are eventually decrypted often have little or no bearing on the
outcome of the case.”
The reality if UK proposals as they stand is that they may provide a placebo
for non technical business and private users but will create a cumbersome system
with very flaws which flies in the spirit, if not the letter of the directives which it
seeks to implement, to say nothing of the desire of the majority of informed users.
The reality is that strong encryption is available to the ordinary user, and any
government attempt to successfully control it will place on business, and the possible
competitive disadvantage at which it will put them.
References
Web References :
http://www.journals.cambridge.org/action/displayAbstract?
fromPage=online&aid=152046
http://www.privacy.org/pi/activities/tapping/
http://rechten.uvt.nl/koops/crypcrim.htm#General
http://www.fed-soc.org/Publications/practicegroupnewsletters/criminallaw/
encryption-crimv2i3.htm
http://www.usdoj.gov/criminal/cybercrime/intl.html
http://www.usdoj.gov/criminal/cybercrime/oeback.htm
http://rechten.uvt.nl/koops/CLSR-CLS.HTM
http://www2.epic.org/reports/crypto2000/overview.html
http://www.legalserviceindia.com/articles/article+2302682a.htm
http://www.asianlaws.org/report0102.pdf
jjtc.com/stegdoc
www.theregister.co.uk
http://www.cellular.co.za/accessories/encryption/cryptophone_gsm_phone_encryption.ht
m
rechten.uvt.nl/koops
www.crystalinks.com
http://www.activemind.com
http://cs.georgetown.edu
http://wikipedia.org
http://mobileshop.org/howitworks
http://www.pgpi.org
http://cryptovirology.com
http://www.iusmentis.com/technology/encryption/des
http://webopedia.com
http://simonsingh.net
Book References :
WESLEY
Publishing Inc.
The Computer Law & Security Report, November-December 1996, pp. 349-355
Bert- Jaap Koops, 1996