The export of cryptography refers to the transfer from one country to another of devices and technology related to cryptography. Cryptography (or cryptology; from Greek grc κρυπτός kryptos, "hidden secret" and grc γράφω gráphō, "I write" Since World War II, Western governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, for a time, defined cryptography to be a munition. World War II, or the Second World War, (often abbreviated WWII) was a global military conflict which involved a majority of the world's nations, including The United States of America —commonly referred to as the The North Atlantic Treaty Ammunition, often referred to as ammo, is a generic term derived from the French language la munition which
In light of the enormous impact of cryptanalysis in WWII, it was abundantly clear to these governments that denying current and potential enemies access to cryptographic systems looked to be militarily valuable. The history of Cryptography begins thousands of years ago Until recent decades it has been the story of what might be called classic cryptography — that is of They also wished to monitor the diplomatic communications of other nations, including the many new nations that were emerging in the post-colonial period and whose position on Cold War issues was regarded as vital[1]. See Colony and Colonization for examples of colonialism which do not refer to Western colonialism Cold War is the state of conflict tension and competition that existed between the United States and the Soviet Union (USSR and their respective allies from the Since the U. S. and U.K. had, they believed, developed more advanced cryptographic capabilities than others, there arose a notion that controlling all dissemination of the more effective crypto techniques might be beneficial. The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom, the UK or Britain,is a Sovereign state located The First Amendment made controlling all use of cryptography inside the U. The First Amendment to the United States Constitution is part of the United States Bill of Rights that expressly prohibits the United States Congress S. difficult, but controlling access to U. S. developments by others was thought to be more practical — there were at least no constitutional impediments. Accordingly, regulations were introduced as part of munitions controls which required licenses to export cryptographic methods (and even their description); the regulations established that cryptography beyond a certain strength (defined by algorithm and length of key) would not be licensed for export except on a case-by-case basis. Ammunition, often referred to as ammo, is a generic term derived from the French language la munition which In Cryptography, a key is a piece of information (a Parameter) that determines the functional output of a cryptographic algorithm The expectation seems to have been that this would further national interests in reading 'their' communications and prevent others from reading 'ours'. This policy was also adopted elsewhere for various reasons.
The development, and public release, of DES and asymmetric key techniques in the 1970s, the rise of the Internet, and the willingness of some to risk and resist prosecution, eventually made this policy impossible to enforce, and by the late 1990s it was being relaxed in the US, and to some extent (e. The Data Encryption Standard ( DES) is a Cipher (a method for Encrypting information selected by NBS as an official Federal Information Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key This article is about the Decade 1970-1979 For the Year 1970 see 1970. The Internet is a global system of interconnected Computer networks g. France) elsewhere. Nevertheless, some officials in the U.S. believe that widespread availability of strong cryptography world-wide has hampered the ability of the NSA to read intercepted communications that might reveal important information about intentions hostile to the United States. The United States of America —commonly referred to as the Cryptography (or cryptology; from Greek grc κρυπτός kryptos, "hidden secret" and grc γράφω gráphō, "I write" The National Security Agency/ Central Security Service ( NSA/CSS) is a cryptologic intelligence agency of the United States government [1] Others feel that the export controls in place in the last half of the 20th century discouraged incorporation of widely known cryptographic tools into commercial products, particularly personal computer operating systems, and are a root cause of the present crisis in information security, aside from interfering with U. A personal computer ( PC) is any Computer whose original sales price size and capabilities make it useful for individuals and which is intended to be operated An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination Information security means protecting information and information systems from unauthorized access use disclosure disruption modification or destruction S. trade in such products. They observe that many of the advances, including asymmetric key cryptography and many of its algorithms, were already public in any case.
Contents |
Cold War era
In the early days of the cold war, the U.S. and its allies developed an elaborate series of export control regulations designed to prevent a wide range of Western technology from falling into the hands of others, particularly the Eastern bloc. Cold War is the state of conflict tension and competition that existed between the United States and the Soviet Union (USSR and their respective allies from the The United States of America —commonly referred to as the During the Cold War, the term Communist Bloc (or Soviet Bloc) was used to refer to the Soviet Union and countries it either controlled or that were All export of technology classed as 'critical' required a license. CoCom was organized to coordinate Western export controls. Cocom is a Cable modems company based in the United States. It was acquired by Cisco Systems on September 15 1999
Two types of technology were protected: technology associated only with weapons of war and dual use technology, which also had commercial applications. In the U. S. , dual use technology export was controlled by the Department of Commerce, while munitions were controlled by the State Department. The United States Department of Commerce is the Cabinet department of the United States government concerned with promoting Economic growth Encryption technology (techniques as well as equipment and, after computers became important, crypto software) was classified as a munition. However, this hardly mattered in practice since secure encryption was not, certainly in the immediate post War period, available to the general public. By the 1960s, however, financial organisations were beginning to require strong commercial encryption on the rapidly growing field of wired money transfer.
The U. S. Government's introduction of the Data Encryption Standard in 1975 meant that commercial uses of high quality encryption would become common, and serious problems of export control began to arise. The Data Encryption Standard ( DES) is a Cipher (a method for Encrypting information selected by NBS as an official Federal Information Year 1975 ( MCMLXXV) was a Common year starting on Wednesday (link will display full calendar of the Gregorian calendar. Generally these were dealt with through case-by-case export license request proceedings brought by computer manufacturers, such as IBM, and by their large corporate customers. International Business Machines Corporation abbreviated IBM and nicknamed "Big Blue", is a multinational Computer Technology
PC era
Encryption export controls became a matter of public concern with the introduction of the personal computer. A personal computer ( PC) is any Computer whose original sales price size and capabilities make it useful for individuals and which is intended to be operated Phil Zimmermann's PGP cryptosystem and its distribution on the Internet in 1991 was the first major 'individual level' challenge to controls on export of cryptography. Philip R "Phil" Zimmermann Jr (born February 12, 1954) is the creator of Pretty Good Privacy (PGP the most widely used Email Pretty Good Privacy (PGP is a Computer program that provides Cryptographic Privacy and Authentication. There are two different meanings of the word cryptosystem. One is used by the cryptographic community while the other is the meaning understood by the public The Internet is a global system of interconnected Computer networks Year 1991 ( MCMXCI) was a Common year starting on Tuesday (link will display full calendar of the Gregorian Calendar. The growth of electronic commerce in the 1990s created additional pressure for reduced restrictions. Electronic commerce, commonly known as e-commerce' or eCommerce, consists of the buying and selling of products or services over electronic The 1990s collectively refers to the years between and including 1990 and 1999 Shortly afterward, Netscape's SSL technology was widely adopted as a method for protecting credit card transactions using public key cryptography. Netscape Communications (formerly known as Netscape Communications Corporation and commonly known as Netscape) is an American computer services company Transport Layer Security ( TLS) and its predecessor Secure Sockets Layer ( SSL) are Cryptographic protocols that provide secure Public-key cryptography, also known as asymmetric cryptography, is a form of Cryptography in which the key used to encrypt a message differs from the key
SSL-encrypted messages used the RC4 cipher, and used 128-bit keys. In Cryptography, RC4 (also known as ARC4 or ARCFOUR meaning Alleged RC4 see below is the most widely-used software In Cryptography, a key is a piece of information (a Parameter) that determines the functional output of a cryptographic algorithm U. S. government export regulations would not permit crypto systems using 128-bit keys to be exported. At this stage Western governments had, in practice, a split personality when it came to encryption; policy was made by the military cryptanalysts, who were solely concerned with preventing their 'enemies' acquiring secrets, but that policy was then communicated to commerce by officials whose job was to support industry.
The longest key size allowed for export without individual license proceedings was 40 bits, so Netscape developed two versions of its web browser. In Cryptography, key size or key length is the size (usually measured in bits or bytes of the key used in a cryptographic algorithm (such as a Cipher 40-bit encryption refers to a Key size of forty bits or five Bytes for Symmetric encryption; this represents a relatively low level of security A web browser is a software application which enables a user to display and interact with text images videos music games and other information typically located on a The "U. S. edition" had the full 128-bit strength. The "International Edition" had its effective key length reduced to 40 bits by revealing 88 bits of the key in the SSL protocol. A security protocol ( cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security -related function Acquiring the 'U. S. domestic' version turned out to be sufficient hassle that most computer users, even in the U. S. , ended up with the 'International' version, whose weak 40-bit encryption could be broken in a matter of days using a single personal computer. 40-bit encryption refers to a Key size of forty bits or five Bytes for Symmetric encryption; this represents a relatively low level of security Much the same thing happened with Lotus Notes and for the same reasons.
Legal challenges by Peter Junger and other civil libertarians and privacy advocates, the widespread availability of encryption software outside the U. Bernstein v United States is a set of court cases brought by Daniel J Peter D Junger (b 1923 - d November 2006 was a computer law professor and Internet activist, most famous for having fought against the U S. , and the perception by many companies that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls, culminating in 1996 in the effective elimination of export controls on mass-market "shrinkwrap" and open source software containing cryptography (which, in any case, a "rogue state" could have downloaded, and subsequently verified, from file sharing networks or servers outside the US). Year 1996 ( MCMXCVI) was a Leap year starting on Monday (link will display full 1996 Gregorian calendar) Open source is a development methodology which offers practical accessibility to a product's source (goods and knowledge
Current status
Cryptography exports from the U. S. are now (as of 2006) controlled by the Department of Commerce's Bureau of Industry and Security. Year 2006 ( MMVI) was a Common year starting on Sunday of the Gregorian calendar. Some restrictions still exist, even for mass market products, particularly with regard to export to "rogue states" and terrorist organizations. Terrorism is the systematic use of terror especially as a means of coercion Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license. TEMPEST is a Codename referring to investigations and studies of compromising emanations (CE Many items must still undergo a one-time review by or notification to BIS prior to export to most countries. The regulations, though relaxed from pre-1996 standards, are still complex, and often require expert legal and cryptographic consultation. Other countries, notably those participating in the Wassenaar Arrangement, have similar restrictions. The Wassenaar Arrangement (full name "The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies" is a Multilateral export control
See also
References
- ^ Kahn, The Codebreakers, Ch. Bernstein v United States is a set of court cases brought by Daniel J Junger v Daley is a court case brought by Peter Junger challenging restrictions on the Export of Encryption Software outside of the Historically a number of countries have attempted to restrict the import of Cryptography tools David Kahn (b February 7, 1930) is a US Historian, Journalist and Writer. 19
External links
- Crypto law survey
- Bureau of Industry and Security — An overview of the US export regulations can be found in the licensing basics page, and a more specific page is dedicated to the export of cryptography.
- My life as a Kiwi arms courier — Peter Gutmann's farcical account of his experiences exporting cryptographic software from New Zealand. Peter Gutmann is a computer scientist in the Department of Computer Science at the University of Auckland, Auckland, New Zealand. New Zealand is an Island country in the south-western Pacific Ocean comprising two main landmasses (the North Island and the South Island
- Export Control Blog
Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic