Presentation is loading. Please wait.

Presentation is loading. Please wait.

Encryption Export Controls in the US Preliminary Research.

Published byMegan Ilene Bryant Modified over 8 years ago

Similar presentations

Presentation on theme: "Encryption Export Controls in the US Preliminary Research."— Presentation transcript:

1 Encryption Export Controls in the US Preliminary Research

2 Slide 2August 12, 2015Encryption Export Controls in the US Overview of Encryption Technology Use of mathematical algorithm (called ciphers) to scramble bits of data. Operation of the algorithm (encryption or decryption) requires the use of a key (string of characters). The length of the key, measured in bits (number of digits in the key), can be used as an approximation of the strength of an encryption program. Public Key Encryption (developed in 1974) uses 2 keys, which are mathematically related : –The public key is available to anyone and is used to encrypt a message to a particular user. –The private key is know only to the individual user and is the only one that can be used to decrypt the message. This system can be symmetrically used to authenticate the sender (digital signature).

3 Slide 3August 12, 2015Encryption Export Controls in the US History of Encryption Regulation Goal of encryption public policy : to create an infrastructure that guarantees the government’s ability to decode encrypted messages. Before 96, 40-Bit limit : –Regulation of encryption under Arms Export Control Act of 1976 (AECA). The International Traffic in Arms Regulation (State Department) used to class encryption as “munitions”. –Exportation of encryption software with key of more than 40- Bits and accessible to government is possible after approval of ITAR. Regulation by Commerce Department as a “dual-use” product. –Attempts to impose a standard (Clipper I, II and III, and Key Recovery Plan), with escrow of critical key information, failed. In 1996, regulation that allows exportation of products with up to 56-Bit keys if development of key recovery procedure. Restrictions on interoperability, source code, re-export of technology, assistance to foreign nationals.

4 Slide 4August 12, 2015Encryption Export Controls in the US History of Encryption Regulation In 1998, export control liberalization measure : –Allows export of up to 56-Bit encryption after one time review. –Allows export of products with unlimited bit-length to US subsidiaries worldwide (except some cases). to online merchants in 45 countries for client-server applications, banks, health and medical organizations, financial companies and insurance companies (with or without key recovery). –Allows export of products that support key recovery after one- time review to grant license. In beginning 2000, the Bureau of Export Administration publishes an interim rule that liberalizes the export controls. In 2001, although the Export Administration Act (EAA) was supposed to expire, President Bush decided to maintain the US system of export controls on advanced technology under International Emergency Economic Powers Act (IEEPA).

5 Slide 5August 12, 2015Encryption Export Controls in the US The Debate over Export Controls Government advocates a “balanced” approach : –Needs of individual privacy, business. –Needs of public safety, national security. But the regulator’s view does not maintain the constitutional balance : –First Amendment (free speech) –Fourth Amendment (gives right to search for incriminating message, with a warrant, not to forbid encryption) “Cost” of export controls ($60 billion per year, and 200.000 jobs) is not balanced by benefits to law enforcement : –Weaker domestic and international security due to low availability and cost of strong encryption. –Takeover of encryption innovation by foreign competitors. –Ease of evading export controls and key-recovery mechanisms.

6 Slide 6August 12, 2015Encryption Export Controls in the US The Key Recovery Scheme Is of little use to private sector as a “Key Management Infrastructure” : –Keys can be self-escrowed. –To store vast quantity of secret keys info is dangerous. Key Recovery Infrastructure is implausible : –High cost of development (estimates : $5-100 billion / year). –Amount of keys and communication would “overflow” system. –Delay factor in real-time communications. Dangers of government abuse –Normally action of US government is restricted by Fourth Amendment, but historically disregarded. –Espionage by foreign governments which participate in Key Recovery Infrastructure.

7 Slide 7August 12, 2015Encryption Export Controls in the US Conclusions With or without Key Recovery option, the Export Controls policy apparently has major flaws : –Networks are instantaneous and control can be evaded easily. –Markets demand simple, cheap, universal security solutions. –The policy drives encryption innovation overseas and underground, thus making law enforcement harder. The cost of pursuing such policy for US is hard to estimate, since there are a lot of “opportunity” costs. A comparative analysis with countries which have liberalized encryption export and where businesses develop and use encryption technologies could allow to make an estimate.

Download ppt "Encryption Export Controls in the US Preliminary Research."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Licensing of Intangible Transfers of Technology

Licensing of Intangible Transfers of Technology
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.

“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.
Copyright © 2009 South-Western Legal Studies in Business, a part of South-Western Cengage Learning. CHAPTER 13 The Regulation of Exports.

Copyright © 2009 South-Western Legal Studies in Business, a part of South-Western Cengage Learning. CHAPTER 13 The Regulation of Exports.
Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.
The Cape Town Convention’s International Registry: Decoding the Secrets of Success in Global Electronic Commerce Roksana Moore Soton Oxford University.

The Cape Town Convention’s International Registry: Decoding the Secrets of Success in Global Electronic Commerce Roksana Moore Soton Oxford University.
A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.

A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
International Seminar on ICT Policy Reform and Rural Communication Infrastructure Keio University, Shonan Fujisawa, Japan, 24th August 2004 - Paul Moffatt.

International Seminar on ICT Policy Reform and Rural Communication Infrastructure Keio University, Shonan Fujisawa, Japan, 24th August Paul Moffatt.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.

A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.
1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.

1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.
August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.

August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Cryptography and Public Policy Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Cryptography and Public Policy Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Similar presentations

Ads by Google