Difference between revisions of "Encryption Policy"
From CSEP590TU
John.naegle (talk | contribs) |
John.naegle (talk | contribs) (→Usage Restrictions) |
||
Line 12: | Line 12: | ||
= Import Control = | = Import Control = | ||
= Usage Restrictions = | = Usage Restrictions = | ||
+ | == Key Escrow == | ||
+ | * "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs." [http://www.cdt.org/crypto/risks98/] | ||
+ | * Governments desire the ability to monitor all internal and external communications. The reasons vary by country but can include monitoring: terrorists, journalists, civil dissidents, and criminals. | ||
+ | |||
= Research and Production = | = Research and Production = | ||
= References = | = References = |
Revision as of 23:22, 13 November 2004
Notes and references about encryption policy.
Contents
Overview
There seem to be three aspects to encryption policy: import/export control, usage restrictions, and production/research development.
Export Control
- New US encryption export regulations published Jan 14, 2000 which made it easier for companies and individuals in the US to export strong encryption in common products. [1]
- "Retail" encryption products are widely exportable to all but certain "terrorist" nations though still subject to a government review and reporting requirements. [2]
- Non-retail products are also exportable, subject to similar requirements, to most non-government users.
- Encryption products with less than 64-bits are freely exportable. [3]
- Some non-proprietary source code is exportable to most countries after notice to the government. [4]
Import Control
Usage Restrictions
Key Escrow
- "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs." [5]
- Governments desire the ability to monitor all internal and external communications. The reasons vary by country but can include monitoring: terrorists, journalists, civil dissidents, and criminals.