Difference between revisions of "Encryption Policy"
From CSEP590TU
John.naegle (talk | contribs) (→Key Escrow) |
John.naegle (talk | contribs) (→Key Escrow) |
||
| Line 13: | Line 13: | ||
= Usage Restrictions = | = Usage Restrictions = | ||
== Key Escrow == | == Key Escrow == | ||
| − | Encryption systems designed to facilitate surreptitious government access to encrypted data and communications [http://www.cdt.org/crypto/risks98/]. | + | Encryption systems designed to facilitate surreptitious government access to encrypted data and communications [http://www.cdt.org/crypto/risks98/ risks98]. |
** covert access | ** covert access | ||
** ubiquitous adtopion | ** ubiquitous adtopion | ||
** rapid access to plaintext | ** rapid access to plaintext | ||
| − | * "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs." [http://www.cdt.org/crypto/risks98/] | + | * "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs." [http://www.cdt.org/crypto/risks98/ risks98] |
* Governments desire the ability to monitor all internal and external communications. The reasons vary by country but can include monitoring: terrorists, journalists, civil dissidents, and criminals. | * Governments desire the ability to monitor all internal and external communications. The reasons vary by country but can include monitoring: terrorists, journalists, civil dissidents, and criminals. | ||
| + | * "there is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will exacerbate, not alleviate, the potential for crime and information terrorism. Increasing the number of people with authorized access to the critical infrastructure and to business data will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption." [http://www.cdt.org/crypto/risks98/ risks98] | ||
= Research and Production = | = Research and Production = | ||
Revision as of 23:28, 13 November 2004
Notes and references about encryption policy.
Contents
Overview
There seem to be three aspects to encryption policy: import/export control, usage restrictions, and production/research development.
Export Control
- New US encryption export regulations published Jan 14, 2000 which made it easier for companies and individuals in the US to export strong encryption in common products. [1]
- "Retail" encryption products are widely exportable to all but certain "terrorist" nations though still subject to a government review and reporting requirements. [2]
- Non-retail products are also exportable, subject to similar requirements, to most non-government users.
- Encryption products with less than 64-bits are freely exportable. [3]
- Some non-proprietary source code is exportable to most countries after notice to the government. [4]
Import Control
Usage Restrictions
Key Escrow
Encryption systems designed to facilitate surreptitious government access to encrypted data and communications risks98.
- covert access
- ubiquitous adtopion
- rapid access to plaintext
- "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs." risks98
- Governments desire the ability to monitor all internal and external communications. The reasons vary by country but can include monitoring: terrorists, journalists, civil dissidents, and criminals.
- "there is a significant risk that widespread insertion of government-access key recovery systems into the information infrastructure will exacerbate, not alleviate, the potential for crime and information terrorism. Increasing the number of people with authorized access to the critical infrastructure and to business data will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption." risks98
