Encryption u “Encryption basically involves running a readable message known as “plaintext” through a computer program that translates the message according to an equation or algorithm into unreadable “ciphertext”” u “Decryption is the translation back to plaintext when the message is received by someone with an appropriate ‘key’” u Four main uses: data integrity, authentication, nonrepudiation, confidentiality

Types of Encryption u Length of encryption indicates strength; but not all encryption is created equally u Public Key versus Private Key (symmetric versus asymmetric)

Comments of Janet Reno u “Encryption can frustrate completely our ability to lawfully search and seize evidence and to conduct electronic surveillance, two of the most effective tools that the law and the people of this country have given law enforcement to do its work.”

Present Regulation u Department of Commerce: not military 1. Mass Marketed needs one time review 2. Data recovery type may be elegible to nonembargoed countries 3. Up to 56 bit may receive 6 month export license if promise to develop key recovery 4. The rest is considered on a case by case basis

Bernstein v. US u Major case of encryption export u As far as publishing efforts are concerned, regulations are unconstitutional because they violate the First Amendment as a violation of prior restraint u Government has appealed, and stay granted of enforcement until that time u Karn case is opposite

Methods of controlling Encryption u Escrowed Encryption Standard (Clipper Chip) u Key Management u Licensing u Third Party Trusted Intermediaries u Certification Authorities

Zeran v. AOL u November, 1997; 4th Circuit u Numerous false postings to AOL resulted in death threats and constant calls to Zeran u AOL remove postings but would not issue retraction

Circuit Court Decision u CDA provision was written to protect speech, take hands off approach to regulation of the Internet and to promote self-regulation u Applied CDA retroactively u AOL not liable u Notice to AOL had no effect