What is encryption?What is encryption?
Encryption is the art or science of transforming a message to a hidden script using ciphers, so unwanted persons cannot read the message.
Encryption can vary in complexity from the easily-cracked to the practically impossible to crack.
Encryption methods can be traced back to ancient history, including some references in the Bible. For instance, Julius Caesar used encryption to hide his
military messages. Caesar’s Cipher: Go four letters ahead of the actual letter
you want to encrypt.For example, LAW becomes ODZ.
Public Key Encryption
This method of encryption is a critical technology
in electronic commerce - digital signature.
Purposes of Encryption
Ensures confidentiality/privacy of one’s message.
Ensures authenticity of a message.Ensures the integrity of the contents
of a message.Protects access and use of software
and networks.
Governmental Motivations
Collect evidence of crimes
Protect National Security
Monitor radical factions
Class DiscussionClass Discussion
Should government surveillance devices be so far advanced of commercial technologies?
To what extent should encryption technology be controlled by the government?
ITAR
International Traffic in Arms Regulations, 22 U.SC. 120 et. seq.
Section 124, U.S. Munitions List, prohibits the exporting of encryption technologies without State Dept. approval.
According to new rules, effective from 1997, the regulatory authority of non-military encryption technologies is now the Commerce Dept. - Bureau of Export Administration.
AECA
Arms Export Control Act, 22 U.S.C 2778.Also treats encryption technology in the
same way as physical weapons, i.e., export is prohibited without authorization.
New regulations released on January 2000 relaxed the licensing requirements for most encryption technologies.
However, the new regulations still restrict some types of encryption methods.
Encryption Export Control
All encryption products are presumed controlled for export.
Exporters may not "self-classify" encryption products.
Exporters must obtain a formal classification determination for encryption products from BXA.
Exporters should obtain a ruling that the encryption products are not controlled.
Encryption Export ControlNew US Policy, Jan 2000
Certain products with encryption features are released from control: Products in which the encryption features are limited to
authentication and digital signatures "Retail" encryption products are widely exportable to all
but certain "terrorist" nations
Encryption products with less than 64-bits are freely exportable.
Notice to the government and review by BXA are still valid in most cases.
New US Policy, Jan 2000
The new regulations do not de-control encryption or remove complex requirements.
Some types of encryption are still restricted.
Concerns: these requirements may prove daunting to many individuals and businesses.
Encryption Cases
Karn, 1996 – 1999 Programmer who wrote software based on a book
and requested to export it.
Bernstein, 1996 – 2000 Mathematician who wrote software as part of an
academic work and requested putting it on his website.
Junger, 1998 – 2000 Law teacher who requested inclusion of encryption
software on a website as part of a course.
Encryption Cases - Issues
Is the control of encryption by government an unconstitutional restraint on freedom of speech?
Different treatment of print and electronic forms: Is it justified?
Does putting materials on a website constitute an act of exportation?
Is it effective, in the current global exchange of information, to achieve control over encryption?
Phil Zimmerman Case
In 1976, a new kind of cryptography was invented – Public Key Encryption.
One can encode a message with the recipient's public key so that only they can decode it with their private key.
Zimmerman wrote a shareware program known as PGP (Pretty Good Privacy).
Zimmerman was prosecuted by the U.S. Customs Dept. for uploading his encryption program to the Internet without a license.
Bernstein Case - 1
In 1990, Daniel J. Bernstein, a graduate student in mathematics at the University of California at Berkeley, designed Snuffle, an encryption system.
Bernstein wanted to publish a paper regarding his inventions, together with software implementing his methods, but was told he needed State Dept. approval.
Brought his case against the State Dept. Court granted an injunction against prosecution of
Bernstein or any other person for discussing/exporting Snuffle source code, but denied the broader injunction requested.
Bernstein Case - 2
176 F.3d 1132 (9th Cir. 1999)Judge Fletcher affirmed the District
Court’s finding that the EAR regulations were facially invalid as a prior restraint on speech.
But note Judge Nelson’s strong dissent arguing that encryption source code is not expression but a functional tool.
Junger v. Daley
Opinion filed April 4, 2000, 6th Cir. Junger is a professor at Case Western School of Law. Junger maintains sites on the Web. He wants to
publish encryption source code on his site to demonstrate how computers work.
Such a posting is defined as an export under the regulations.
Junger claims encryption source code is protectable speech under the 1st Amendment.
Summary judgment for government reversed, remanded to District Court to determine constitutional challenge.
Class DiscussionClass Discussion
The EAR amendments make distinctions between printed source code and source code within electronic media – should the medium matter?
Should the government have all the keys to private encryption technologies?
Is encryption protectable free speech, or is it purely functional?
Can government control the flow of encryption worldwide?
International Encryption Policy
The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-use Goods and Technologies.
Established to promote transparency, exchange of views and information, and greater responsibility in transfers of sensitive technologies.
33 co-founding countries including: US, EU countries, Japan, Canada, Australia …
Began operations in September 1996.Agreed international policy on encryption.