Encryption Policy
From CSEP590TU
Notes and references about encryption policy.
Contents
Overview
There seem to be three aspects to encryption policy: import/export control, usage restrictions, and production/research development.
Export Control
- New US encryption export regulations published Jan 14, 2000 which made it easier for companies and individuals in the US to export strong encryption in common products. [1]
- "Retail" encryption products are widely exportable to all but certain "terrorist" nations though still subject to a government review and reporting requirements. [2]
- Non-retail products are also exportable, subject to similar requirements, to most non-government users.
- Encryption products with less than 64-bits are freely exportable. [3]
- Some non-proprietary source code is exportable to most countries after notice to the government. [4]
Import Control
Usage Restrictions
Key Escrow
Encryption systems designed to facilitate surreptitious government access to encrypted data and communications [5].
- covert access
- ubiquitous adtopion
- rapid access to plaintext
- "The deployment of key recovery systems designed to facilitate surreptitious government access to encrypted data and communications introduces substantial risks and costs." [6]
- Governments desire the ability to monitor all internal and external communications. The reasons vary by country but can include monitoring: terrorists, journalists, civil dissidents, and criminals.