Encryption Export Controls in the US - PowerPoint PPT Presentation

About This Presentation
Title:

Encryption Export Controls in the US

Description:

Use of mathematical algorithm (called ciphers) to scramble bits of data. ... Espionage by foreign governments which participate in Key Recovery Infrastructure. ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 8
Provided by: vincentc9
Category:

less

Transcript and Presenter's Notes

Title: Encryption Export Controls in the US


1
Encryption Export Controlsin the US
  • Preliminary Research

2
Overview of Encryption Technology
  • Use of mathematical algorithm (called ciphers) to
    scramble bits of data.
  • Operation of the algorithm (encryption or
    decryption) requires the use of a key (string of
    characters).
  • The length of the key, measured in bits (number
    of digits in the key), can be used as an
    approximation of the strength of an encryption
    program.
  • Public Key Encryption (developed in 1974) uses 2
    keys, which are mathematically related
  • The public key is available to anyone and is used
    to encrypt a message to a particular user.
  • The private key is know only to the individual
    user and is the only one that can be used to
    decrypt the message.
  • This system can be symmetrically used to
    authenticate the sender (digital signature).

3
History of Encryption Regulation
  • Goal of encryption public policy to create an
    infrastructure that guarantees the governments
    ability to decode encrypted messages.
  • Before 96, 40-Bit limit
  • Regulation of encryption under Arms Export
    Control Act of 1976 (AECA). The International
    Traffic in Arms Regulation (State Department)
    used to class encryption as munitions.
  • Exportation of encryption software with key of
    more than 40-Bits and accessible to government is
    possible after approval of ITAR. Regulation by
    Commerce Department as a dual-use product.
  • Attempts to impose a standard (Clipper I, II and
    III, and Key Recovery Plan), with escrow of
    critical key information, failed.
  • In 1996, regulation that allows exportation of
    products with up to 56-Bit keys if development of
    key recovery procedure. Restrictions on
    interoperability, source code, re-export of
    technology, assistance to foreign nationals.

4
History of Encryption Regulation
  • In 1998, export control liberalization measure
  • Allows export of up to 56-Bit encryption after
    one time review.
  • Allows export of products with unlimited
    bit-length
  • to US subsidiaries worldwide (except some cases).
  • to online merchants in 45 countries for
    client-server applications, banks, health and
    medical organizations, financial companies and
    insurance companies (with or without key
    recovery).
  • Allows export of products that support key
    recovery after one-time review to grant license.
  • In beginning 2000, the Bureau of Export
    Administration publishes an interim rule that
    liberalizes the export controls.
  • In 2001, although the Export Administration Act
    (EAA) was supposed to expire, President Bush
    decided to maintain the US system of export
    controls on advanced technology under
    International Emergency Economic Powers Act
    (IEEPA).

5
The Debate over Export Controls
  • Government advocates a balanced approach
  • Needs of individual privacy, business.
  • Needs of public safety, national security.
  • But the regulators view does not maintain the
    constitutional balance
  • First Amendment (free speech)
  • Fourth Amendment (gives right to search for
    incriminating message, with a warrant, not to
    forbid encryption)
  • Cost of export controls (60 billion per year,
    and 200.000 jobs) is not balanced by benefits to
    law enforcement
  • Weaker domestic and international security due to
    low availability and cost of strong encryption.
  • Takeover of encryption innovation by foreign
    competitors.
  • Ease of evading export controls and key-recovery
    mechanisms.

6
The Key Recovery Scheme
  • Is of little use to private sector as a Key
    Management Infrastructure
  • Keys can be self-escrowed.
  • To store vast quantity of secret keys info is
    dangerous.
  • Key Recovery Infrastructure is implausible
  • High cost of development (estimates 5-100
    billion / year).
  • Amount of keys and communication would overflow
    system.
  • Delay factor in real-time communications.
  • Dangers of government abuse
  • Normally action of US government is restricted by
    Fourth Amendment, but historically disregarded.
  • Espionage by foreign governments which
    participate in Key Recovery Infrastructure.

7
Conclusions
  • With or without Key Recovery option, the Export
    Controls policy apparently has major flaws
  • Networks are instantaneous and control can be
    evaded easily.
  • Markets demand simple, cheap, universal security
    solutions.
  • The policy drives encryption innovation overseas
    and underground, thus making law enforcement
    harder.
  • The cost of pursuing such policy for US is hard
    to estimate, since there are a lot of
    opportunity costs.
  • A comparative analysis with countries which have
    liberalized encryption export and where
    businesses develop and use encryption
    technologies could allow to make an estimate.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Encryption Export Controls in the US" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!