Encryption Export Controls in the US Preliminary Research.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

Licensing of Intangible Transfers of Technology

Confidentiality and Privacy Controls

“Encryption’s Vital Role in Safeguarding the Digital Economy” Professor Peter Swire Ohio State University ASSOCHAM International Conference Safeguarding.

Copyright © 2009 South-Western Legal Studies in Business, a part of South-Western Cengage Learning. CHAPTER 13 The Regulation of Exports.

Encryption and Globalization Professor Peter Swire IP Scholars Conference Chicago August 11, 2011.

The Cape Town Convention’s International Registry: Decoding the Secrets of Success in Global Electronic Commerce Roksana Moore Soton Oxford University.

A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Chapter 17 Controls and Security Measures

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

International Seminar on ICT Policy Reform and Rural Communication Infrastructure Keio University, Shonan Fujisawa, Japan, 24th August Paul Moffatt.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

A Gift of Fire, 2edChapter 3: Encryption and Interception of Communications1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical.

1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.

August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Cryptography and Public Policy Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Ethical Issues with Cryptography Regulation  Assistance to law enforcement AND  Threats to privacy  Unfair search of property  Obstruction of free.

Modernizing Export Controls ABA International Law Section Matthew S. Borman Acting Assistant Secretary for Export Administration Bureau of Industry and.

Encryption Presentation Jamie Roberts. Encryption Defined: n The process of converting messages, information, or data into a form unreadable by anyone.

CS 4001Mary Jean Harrold1 Class 9 Questions about term paper—list of possible topics available on line—proposal due 9/27 Communications assignment—discuss.

Export Controls: General Overview

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

1 TCP/IP Applications. 2 NNTP: Network News Transport Protocol NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over 7 bit ASCII.

Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.

ENCRYPTION Alex Piercey Erica Reid. What is Encryption?  Information secured to hide from the public  Used in many different ways but is mostly used.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Lecture 11: Law and Ethics

Encryption and the Law Jonathan Crowell. The US Constitution We the people of the United States, in order to form a more perfect union, establish justice,

``Chaffing and Winnowing’’ & Crypto Policy Comments Ronald L. Rivest Cryptography and Information Security Group MIT Lab for Computer Science April 1998.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

3.06 Data Encryption Unit 3 Internet Basics. Introduction In May of 2006, an analyst with the U.S. Department of Veterans Affairs was robbed of his notebook.

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

EXPORT CONTROLS License Exclusions Eileen Nielsen Director of Sponsored Projects Compliance Office of Financial Services Harvard School of Public Health.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

Protecting Privacy “Most people have figured out by now you can’t do anything on the Web without leaving a record” - Holman W. Jenkins, Jr

Encryption Policy & Market Trends By Dorothy E. Denning, professor of Computer Science at Georgetown University Presented by Yves Lepouchard.

WHAT ARE EXPORT CONTROLS? U.S. laws and their implementing regulations that govern the distribution to foreign nationals and foreign countries of strategically.

CS 4001Mary Jean Harrold1 Intercepting Communications Thanks to Sherry Clark for her notes.

Copyright Atomic Dog Publishing, 2002 International Expansion Trade Barriers Trade Facilitators.

Software Security Seminar - 1 Chapter 10. Using Algorithms 조미성 Applied Cryptography.

Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data.

DIGITAL SIGNATURE.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

4.6 International Contracting. International Contracting The policies and procedures that govern the acquisition and sale of goods and services with foreign.

Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.

CIS 325: Data Communications1 Chapter Seventeen Network Security.

CSCI-235 Micro-Computers in Science Privacy & Security.

Encryption Name : Maryam Mohammed Alshami ID:H

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Encryption u “Encryption basically involves running a readable message known as “plaintext” through a computer program that translates the message according.

PowerPoint® Slides to Accompany

PowerPoint® Slides to Accompany

Wiretapping and Encryption

Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure

PowerPoint® Slides to Accompany

Security through Encryption

Public-Key, Digital Signatures, Management, Security

Electronic Payment Security Technologies

Presentation transcript:

Encryption Export Controls in the US Preliminary Research

Slide 2August 12, 2015Encryption Export Controls in the US Overview of Encryption Technology Use of mathematical algorithm (called ciphers) to scramble bits of data. Operation of the algorithm (encryption or decryption) requires the use of a key (string of characters). The length of the key, measured in bits (number of digits in the key), can be used as an approximation of the strength of an encryption program. Public Key Encryption (developed in 1974) uses 2 keys, which are mathematically related : –The public key is available to anyone and is used to encrypt a message to a particular user. –The private key is know only to the individual user and is the only one that can be used to decrypt the message. This system can be symmetrically used to authenticate the sender (digital signature).

Slide 3August 12, 2015Encryption Export Controls in the US History of Encryption Regulation Goal of encryption public policy : to create an infrastructure that guarantees the government’s ability to decode encrypted messages. Before 96, 40-Bit limit : –Regulation of encryption under Arms Export Control Act of 1976 (AECA). The International Traffic in Arms Regulation (State Department) used to class encryption as “munitions”. –Exportation of encryption software with key of more than 40- Bits and accessible to government is possible after approval of ITAR. Regulation by Commerce Department as a “dual-use” product. –Attempts to impose a standard (Clipper I, II and III, and Key Recovery Plan), with escrow of critical key information, failed. In 1996, regulation that allows exportation of products with up to 56-Bit keys if development of key recovery procedure. Restrictions on interoperability, source code, re-export of technology, assistance to foreign nationals.

Slide 4August 12, 2015Encryption Export Controls in the US History of Encryption Regulation In 1998, export control liberalization measure : –Allows export of up to 56-Bit encryption after one time review. –Allows export of products with unlimited bit-length to US subsidiaries worldwide (except some cases). to online merchants in 45 countries for client-server applications, banks, health and medical organizations, financial companies and insurance companies (with or without key recovery). –Allows export of products that support key recovery after one- time review to grant license. In beginning 2000, the Bureau of Export Administration publishes an interim rule that liberalizes the export controls. In 2001, although the Export Administration Act (EAA) was supposed to expire, President Bush decided to maintain the US system of export controls on advanced technology under International Emergency Economic Powers Act (IEEPA).

Slide 5August 12, 2015Encryption Export Controls in the US The Debate over Export Controls Government advocates a “balanced” approach : –Needs of individual privacy, business. –Needs of public safety, national security. But the regulator’s view does not maintain the constitutional balance : –First Amendment (free speech) –Fourth Amendment (gives right to search for incriminating message, with a warrant, not to forbid encryption) “Cost” of export controls ($60 billion per year, and jobs) is not balanced by benefits to law enforcement : –Weaker domestic and international security due to low availability and cost of strong encryption. –Takeover of encryption innovation by foreign competitors. –Ease of evading export controls and key-recovery mechanisms.

Slide 6August 12, 2015Encryption Export Controls in the US The Key Recovery Scheme Is of little use to private sector as a “Key Management Infrastructure” : –Keys can be self-escrowed. –To store vast quantity of secret keys info is dangerous. Key Recovery Infrastructure is implausible : –High cost of development (estimates : $5-100 billion / year). –Amount of keys and communication would “overflow” system. –Delay factor in real-time communications. Dangers of government abuse –Normally action of US government is restricted by Fourth Amendment, but historically disregarded. –Espionage by foreign governments which participate in Key Recovery Infrastructure.

Slide 7August 12, 2015Encryption Export Controls in the US Conclusions With or without Key Recovery option, the Export Controls policy apparently has major flaws : –Networks are instantaneous and control can be evaded easily. –Markets demand simple, cheap, universal security solutions. –The policy drives encryption innovation overseas and underground, thus making law enforcement harder. The cost of pursuing such policy for US is hard to estimate, since there are a lot of “opportunity” costs. A comparative analysis with countries which have liberalized encryption export and where businesses develop and use encryption technologies could allow to make an estimate.