Cryptography - Encryption
  1. What is it?
    1. Cryptography - definition
    2. Encryption - definition
      1. Types of data involved
      2. How does it work?
        1. Two types of keys to decrypt
          1. Symmetric key systems
            1. Date Encryption Standard - DES
          2. Public-key encryption uses 2 keys (asymmetric)
            1. Pretty Good Privacy - PGP, available for free
            2. Rivest, Shamir, and Adelman - RSA
          3. Example:
            1. A sends a secure message to B by encrypting the message with B's public key.
            2. B uses their own private key to decrypt the message so that it can be read.
    3. Clipper Chip
      1. What is it?
      2. How was it supposed to work?
      3. Criticisms of Clipper chip
      4. Support for Clipper chip
      5. What happened to Clipper?
    4. Public Key Escrow Encryption
  2. The law today
    1. Stringent licensing of 56 bit or more
    2. Backdoor required for any exported so U.S. Gov can have access if needed
    3. Needs a court order based on probable cause to access using a key
    4. No restrictions on domestic use
  3. The players and their interests
    1. U.S. Federal government and the President
      1. Fear of terrorism and threats to the National Security
      2. The President views the encryption standard adequately secure. The algorithm will be classified to protect the security.
      3. Even some U.S. officials are not in support of key-escrow encryption because it is more costly and less efficient.
    2. Law Enforcement Agencies
      1. Law enforcement groups believe they need to have access to transmissions over the Internet to fight regular crime (criminal planning through the use of e-mail), to monitor fringe groups, and fight cybercrime itself (pedophiles, scams, etc.).
      2. In fact the FBI Director has testified before Congress asking for stricter encryption laws domestically, not just for exporting.
    3. Technology and Software Producing Companies
      1. The U.S. technology companies are now too restricted and cannot compete with international companies. It will impede the growth of a technology that is essential to promoting business over the Internet.
      2. The federal gov cannot keep up with the fast changing encryption science. It would have to change keys and increase the size of the keys often to keep ahead of the rest of the world.
        1. 56-bit encryption is relatively easy to crack. 2 contests have been sponsored to break the 56-bit code.
        2. The U.S. gov has already missed its own first deadline in upgrading the bit strength of its current encryption standard.
      3. Electronic commerce between our country and other countries is jeopardized by the U.S.'s restrictive policy. Other countries will not want to deal with the U.S.
    4. Individuals, Interest Groups, Internet users
      1. Wherever the keys are stored will be subject to intense hacker attacks.
      2. The government compromising trust by giving out the key or when the key gets into the wrong hands.
      3. Strong encryption actually prevents crime by protecting credit card transactions and confidential records.
      4. Individuals fear that the gov will pry into their private transmissions and conversations in violation to the First Amend.
      5. Cost to the U.S. Gov and ultimately to tax payers
    5. Judicial interpretation of the federal regulations
      1. Karn v. Dept. of State (920 F.Supp. 1) - 1996
      2. Bernstein v. Dept. of State (922 F.Supp. 1426, 974 F.Supp. 1288) - 1997
      3. Junger v. Daley, Dept. of Commerce (N.D. Ohio) - 1998
  4. Conclusion - some hope:
    1. White House lifting some of the export bans
Related Web Sites

Canadian FTP site for 168-bit DES encryption
FTP://ftp.psy.uq.oz.au/pub/ Crypto/DES

"Crypto Clash" - ZDNet
http://www.zdnet.com/zdnn/special/crypto.html

Crypto Law Survey - of international encryption laws
http://cwis.kub.nl/~frw/people/koops/lawsurvey.html

DES Challenge sponsored by RSA
http://www.rsa.com/pressbox/html/980226.html

EPIC Onling Guide to Practical Privacy Tools
http://www.epic.org/privacy/tools.html

MIT distribution site for PGP
http://web.mit.edu/network/pgp.html

Phil Zimmermann background page
http://www.nai.com/products/security/phil/phil.asp

Recent legislation - federal and state
http://www.mbc.com/legis/

RSA - FAQ on Cryptography
http://www.rsa.com/rsalabs/newfaq/

Worldwide Survey of Cryptographic Products - by TIS
http://www.tis.com/research/crypto/crypto_surv.html

ZDNN Special Report - Crypto Clash
http://www.zdnet.com/zdnn/special/crypto.html