fbpx
Wikipedia

Cryptography law

Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit the export of cryptography software and/or encryption algorithms or cryptoanalysis methods. Some countries require decryption keys to be recoverable in case of a police investigation.

Overview edit

Issues regarding cryptography law fall into four categories:[1]

  • Export control, is the restriction on the export of cryptography methods within a country to other countries or commercial entities. There are international export control agreements, the main one being the Wassenaar Arrangement. The Wassenaar Arrangement was created after the dissolution of COCOM (Coordinating Committee for Multilateral Export Controls), which in 1989 "decontrolled password and authentication-only cryptography."[2]
  • Import controls, which is the restriction on using certain types of cryptography within a country.
  • Patent issues, deal with the use of cryptography tools that are patented.
  • Search and seizure issues, on whether and under what circumstances, a person can be compelled to decrypt data files or reveal an encryption key.

Legal issues edit

Prohibitions edit

Cryptography has long been of interest to intelligence gathering and law enforcement agencies.[3] Secret communications may be criminal or even treasonous [citation needed]. Because of its facilitation of privacy, and the diminution of privacy attendant on its prohibition, cryptography is also of considerable interest to civil rights supporters. Accordingly, there has been a history of controversial legal issues surrounding cryptography, especially since the advent of inexpensive computers has made widespread access to high-quality cryptography possible.

In some countries, even the domestic use of cryptography is, or has been, restricted. Until 1999, France significantly restricted the use of cryptography domestically, though it has since relaxed many of these rules. In China and Iran, a license is still required to use cryptography.[4] Many countries have tight restrictions on the use of cryptography. Among the more restrictive are laws in Belarus, Kazakhstan, Mongolia, Pakistan, Singapore, Tunisia, and Vietnam.[5]

In the United States, cryptography is legal for domestic use, but there has been much conflict over legal issues related to cryptography.[3] One particularly important issue has been the export of cryptography and cryptographic software and hardware. Probably because of the importance of cryptanalysis in World War II and an expectation that cryptography would continue to be important for national security, many Western governments have, at some point, strictly regulated export of cryptography. After World War II, it was illegal in the US to sell or distribute encryption technology overseas; in fact, encryption was designated as auxiliary military equipment and put on the United States Munitions List.[6] Until the development of the personal computer, asymmetric key algorithms (i.e., public key techniques), and the Internet, this was not especially problematic. However, as the Internet grew and computers became more widely available, high-quality encryption techniques became well known around the globe.[citation needed]

Export controls edit

In the 1990s, there were several challenges to US export regulation of cryptography. After the source code for Philip Zimmermann's Pretty Good Privacy (PGP) encryption program found its way onto the Internet in June 1991, a complaint by RSA Security (then called RSA Data Security, Inc.) resulted in a lengthy criminal investigation of Zimmermann by the US Customs Service and the FBI, though no charges were ever filed.[7][8] Daniel J. Bernstein, then a graduate student at UC Berkeley, brought a lawsuit against the US government challenging some aspects of the restrictions based on free speech grounds. The 1995 case Bernstein v. United States ultimately resulted in a 1999 decision that printed source code for cryptographic algorithms and systems was protected as free speech by the United States Constitution.[9]

In 1996, thirty-nine countries signed the Wassenaar Arrangement, an arms control treaty that deals with the export of arms and "dual-use" technologies such as cryptography. The treaty stipulated that the use of cryptography with short key-lengths (56-bit for symmetric encryption, 512-bit for RSA) would no longer be export-controlled.[10] Cryptography exports from the US became less strictly regulated as a consequence of a major relaxation in 2000;[11] there are no longer very many restrictions on key sizes in US-exported mass-market software. Since this relaxation in US export restrictions, and because most personal computers connected to the Internet include US-sourced web browsers such as Firefox or Internet Explorer, almost every Internet user worldwide has potential access to quality cryptography via their browsers (e.g., via Transport Layer Security). The Mozilla Thunderbird and Microsoft Outlook E-mail client programs can similarly transmit and receive emails via TLS, and can send and receive emails encrypted with S/MIME. Many Internet users don't realize that their basic application software contains such extensive cryptosystems. These browsers and email programs are so ubiquitous that even governments whose intent is to regulate civilian use of cryptography generally don't find it practical to do much to control distribution or use of cryptography of this quality, so even when such laws are in force, actual enforcement is often effectively impossible.[citation needed]

NSA involvement edit

 
NSA headquarters in Fort Meade, Maryland

Another contentious issue connected to cryptography in the United States is the influence of the National Security Agency on cipher development and policy.[3] The NSA was involved with the design of DES during its development at IBM and its consideration by the National Bureau of Standards as a possible Federal Standard for cryptography.[12] DES was designed to be resistant to differential cryptanalysis,[13] a powerful and general cryptanalytic technique known to the NSA and IBM, that became publicly known only when it was rediscovered in the late 1980s.[14] According to Steven Levy, IBM discovered differential cryptanalysis,[8] but kept the technique secret at the NSA's request. The technique became publicly known only when Biham and Shamir re-discovered and announced it some years later. The entire affair illustrates the difficulty of determining what resources and knowledge an attacker might actually have.[citation needed]

Another instance of the NSA's involvement was the 1993 Clipper chip affair, an encryption microchip intended to be part of the Capstone cryptography-control initiative. Clipper was widely criticized by cryptographers for two reasons. The cipher algorithm (called Skipjack) was then classified (declassified in 1998, long after the Clipper initiative lapsed). The classified cipher caused concerns that the NSA had deliberately made the cipher weak in order to assist its intelligence efforts. The whole initiative was also criticized based on its violation of Kerckhoffs's Principle, as the scheme included a special escrow key held by the government for use by law enforcement (i.e. wiretapping).[8]

Digital rights management edit

Cryptography is central to digital rights management (DRM), a group of techniques for technologically controlling use of copyrighted material, being widely implemented and deployed at the behest of some copyright holders. In 1998, U.S. President Bill Clinton signed the Digital Millennium Copyright Act (DMCA), which criminalized all production, dissemination, and use of certain cryptanalytic techniques and technology (now known or later discovered); specifically, those that could be used to circumvent DRM technological schemes.[15] This had a noticeable impact on the cryptography research community since an argument can be made that any cryptanalytic research violated the DMCA. Similar statutes have since been enacted in several countries and regions, including the implementation in the EU Copyright Directive. Similar restrictions are called for by treaties signed by World Intellectual Property Organization member-states.[citation needed]

The United States Department of Justice and FBI have not enforced the DMCA as rigorously as had been feared by some, but the law, nonetheless, remains a controversial one. Niels Ferguson, a well-respected cryptography researcher, has publicly stated that he will not release some of his research into an Intel security design for fear of prosecution under the DMCA.[16] Cryptologist Bruce Schneier has argued that the DMCA encourages vendor lock-in, while inhibiting actual measures toward cyber-security.[17] Both Alan Cox (longtime Linux kernel developer) and Edward Felten (and some of his students at Princeton) have encountered problems related to the Act. Dmitry Sklyarov was arrested during a visit to the US from Russia, and jailed for five months pending trial for alleged violations of the DMCA arising from work he had done in Russia, where the work was legal. In 2007, the cryptographic keys responsible for Blu-ray and HD DVD content scrambling were discovered and released onto the Internet. In both cases, the Motion Picture Association of America sent out numerous DMCA takedown notices, and there was a massive Internet backlash triggered by the perceived impact of such notices on fair use and free speech.[18]

Forced disclosure of encryption keys edit

In the United Kingdom, the Regulation of Investigatory Powers Act gives UK police the powers to force suspects to decrypt files or hand over passwords that protect encryption keys. Failure to comply is an offense in its own right, punishable on conviction by a two-year jail sentence or up to five years in cases involving national security.[19] Successful prosecutions have occurred under the Act; the first, in 2009,[20] resulted in a term of 13 months' imprisonment.[21] Similar forced disclosure laws in Australia, Finland, France, and India compel individual suspects under investigation to hand over encryption keys or passwords during a criminal investigation.[citation needed]

In the United States, the federal criminal case of United States v. Fricosu addressed whether a search warrant can compel a person to reveal an encryption passphrase or password.[22] The Electronic Frontier Foundation (EFF) argued that this is a violation of the protection from self-incrimination given by the Fifth Amendment.[23] In 2012, the court ruled that under the All Writs Act, the defendant was required to produce an unencrypted hard drive for the court.[24]

In many jurisdictions, the legal status of forced disclosure remains unclear.[citation needed]

The 2016 FBI–Apple encryption dispute concerns the ability of courts in the United States to compel manufacturers' assistance in unlocking cell phones whose contents are cryptographically protected.[citation needed][further explanation needed]

As a potential counter-measure to forced disclosure some cryptographic software supports plausible deniability, where the encrypted data is indistinguishable from unused random data (for example such as that of a drive which has been securely wiped).[citation needed]

Cryptography law in different countries edit

China edit

In October 1999, the State Council promulgated the Regulations on the Administration of Commercial Cryptography. According to these regulations, commercial cryptography was treated as a state secret.[25]

On 26 October 2019, the Standing Committee of the National People's Congress promulgated the Cryptography Law of the People's Republic of China. This law went into effect at the start of 2020.[25][26] The law categorizes cryptography into three categories:[25][26]

  • Core cryptography, which is a state secret and suitable for information up to top secret;
  • Ordinary cryptography, which is also a state secret and suitable for information up to secret;
  • Commercial cryptography, which protects information that is not a state secret.

The law also states that there should be a "mechanism of both in-process and ex-post supervision on commercial cryptography, which combines routine supervision with random inspection" (implying that the Chinese government should get access to encrypted servers).[26] It also states that foreign providers of commercial encryption need some sort of state approval.[26]

Cryptosystems authorized for use in China include SM2, SM3, and SM4.[27]

France edit

As of 2011 and since 2004, the law for trust in the digital economy [fr] (French: Loi pour la confiance dans l'économie numérique; abbreviated LCEN) mostly liberalized the use of cryptography.[28]

  • As long as cryptography is only used for authentication and integrity purposes, it can be freely used. The cryptographic key or the nationality of the entities involved in the transaction do not matter. Typical e-business websites fall under this liberalized regime.
  • Exportation and importation of cryptographic tools to or from foreign countries must be either declared (when the other country is a member of the European Union) or requires an explicit authorization (for countries outside the EU).

India edit

Section 69 of the Information Technology Act, 2000 (as amended in 2008) authorizes Indian government officials or policemen to listen in on any phone calls, read any SMS messages or emails, or monitor the websites that anyone visits, without requiring a warrant.[29]: 2 [30] (However, this is a violation of article 21 of the Constitution of India.[29]: 2 ) This section also enables the central government of India or a state government of India to compel any agency to decrypt information.[29]: 4 

According to the Information Technology (Intermediaries Guidelines) Rules, 2011, intermediaries are required to provide information to Indian government agencies for investigative or other purposes.[29]: 2 [clarification needed]

ISP license holders are freely allowed to use encryption keys up to 40 bits. Beyond that, they are required to obtain written permission and to deposit the decryption key with the Department of Telecommunications.[29]: 2–3 

Per the 2012 SEBI Master Circular for Stock Exchange or Cash Market (issued by the Securities and Exchange Board of India), it is the responsibility of stock exchanges to maintain data reliability and confidentiality through the use of encryption.[29]: 3  Per Reserve Bank of India guidance issued in 2001, banks must use at least 128-bit SSL to protect browser-to-bank communication; they must also encrypt sensitive data internally.[29]: 3 

Electronics, including cryptographic products, is one of the categories of dual-use items in the Special Chemicals, Organisms, Materials, Equipment and Technologies (SCOMET; part of the Foreign Trade (Development & Regulation Act), 1992). However, this regulation does not specify which cryptographic products are subject to export controls.[29]: 3 

United States edit

In the United States, the International Traffic in Arms Regulation restricts the export of cryptography.[citation needed][further explanation needed]

See also edit

References edit

  1. ^ Kumar, Pankaj (28 May 2004). "Cryptography with Java". Pearson. Retrieved 12 February 2013.
  2. ^ Koops, Bert-Jaap (November 1996). "A survey of cryptography laws and regulations". Computer Law & Security Report. 6. 12 (6): 349–355. doi:10.1016/0267-3649(96)84928-4. (access restricted to current University of Toronto)
  3. ^ a b c Ranger, Steve (24 March 2015). . TechRepublic. Archived from the original on 2016-06-12. Retrieved 2016-06-12.
  4. ^ "Overview per country". Crypto Law Survey. February 2013. Retrieved 26 March 2015.
  5. ^ "6.5.1 What Are the Cryptographic Policies of Some Countries?". RSA Laboratories. Retrieved 26 March 2015.
  6. ^ Rosenoer, Jonathan (1995). "Cryptography & Speech". CyberLaw.. Archived from the original on 1 December 2005. Retrieved 23 June 2006.{{cite web}}: CS1 maint: archived copy as title (link)
  7. ^ "Case Closed on Zimmermann PGP Investigation". IEEE Computer Society's Technical Committee on Security and Privacy. 14 February 1996. Retrieved 26 March 2015.
  8. ^ a b c Levy, Steven (2001). Crypto: How the Code Rebels Beat the Government—Saving Privacy in the Digital Age. Penguin Books. p. 56. ISBN 978-0-14-024432-8. OCLC 244148644.
  9. ^ "Bernstein v USDOJ". Electronic Privacy Information Center. United States Court of Appeals for the Ninth Circuit. 6 May 1999. Retrieved 26 March 2015.
  10. ^ "Dual-use List – Category 5 – Part 2 – "Information Security"" (PDF). Wassenaar Arrangement. Retrieved 26 March 2015.
  11. ^ ".4 United States Cryptography Export/Import Laws". RSA Laboratories. Retrieved 26 March 2015.
  12. ^ Schneier, Bruce (15 June 2000). "The Data Encryption Standard (DES)". Crypto-Gram. Retrieved 26 March 2015.
  13. ^ Coppersmith, D. (May 1994). "The Data Encryption Standard (DES) and its strength against attacks" (PDF). IBM Journal of Research and Development. 38 (3): 243–250. doi:10.1147/rd.383.0243. Retrieved 26 March 2015.
  14. ^ Biham, E.; Shamir, A. (1991). "Differential cryptanalysis of DES-like cryptosystems". Journal of Cryptology. 4 (1): 3–72. doi:10.1007/bf00630563. S2CID 206783462.
  15. ^ "The Digital Millennium Copyright Act of 1998" (PDF). United States Copyright Office. Retrieved 26 March 2015.
  16. ^ Ferguson, Niels (15 August 2001). . Archived from the original on 1 December 2001. Retrieved 16 February 2009.
  17. ^ Schneier, Bruce (2001-08-06). "Arrest of Computer Researcher Is Arrest of First Amendment Rights". InternetWeek. Retrieved 2017-03-07.
  18. ^ Doctorow, Cory (2 May 2007). "Digg users revolt over AACS key". Boing Boing. Retrieved 26 March 2015.
  19. ^ . PC World. 1 October 2007. Archived from the original on 20 January 2012. Retrieved 26 March 2015.
  20. ^ Williams, Christopher (11 August 2009). "Two convicted for refusal to decrypt data". The Register. Retrieved 26 March 2015.
  21. ^ Williams, Christopher (24 November 2009). "UK jails schizophrenic for refusal to decrypt files". The Register. Retrieved 26 March 2015.
  22. ^ Ingold, John (January 4, 2012). "Password case reframes Fifth Amendment rights in context of digital world". The Denver Post. Retrieved 26 March 2015.
  23. ^ Leyden, John (13 July 2011). "US court test for rights not to hand over crypto keys". The Register. Retrieved 26 March 2015.
  24. ^ "Order Granting Application under the All Writs Act Requiring Defendant Fricosu to Assist in the Execution of Previously Issued Search Warrants" (PDF). United States District Court for the District of Colorado. Retrieved 26 March 2015.
  25. ^ a b c Chen, Jihong (2020-10-01). "Regulation and deregulation: understanding the evolution of the Chinese cryptography legal regime from the newly released Cryptography Law of China". International Cybersecurity Law Review. 1 (1–2): 73–86. doi:10.1365/s43439-020-00003-6. ISSN 2662-9739. S2CID 224858334.
  26. ^ a b c d Taylor, Monique (2022). "Digital Authoritarianism in the Xi Jinping Era". China's Digital Authoritarianism: A Governance Perspective. Cham: Springer International Publishing. pp. 63–85. doi:10.1007/978-3-031-11252-2_4. ISBN 978-3-031-11252-2. Retrieved 2022-12-23.
  27. ^ Martinkauppi, Louise Bergman; He, Qiuping; Ilie, Dragos (June 2020). "On the Design and Performance of Chinese OSCCA-approved Cryptographic Algorithms". 2020 13th International Conference on Communications (COMM). pp. 119–124. doi:10.1109/COMM48946.2020.9142035. ISBN 978-1-7281-5611-8. S2CID 220668639.
  28. ^ "Legifrance.gouv.fr - Loi pour la confiance dans l'économie numérique (LCEN)". www.legifrance.gouv.fr (in French). Retrieved June 14, 2011.
  29. ^ a b c d e f g h Parvathy, A.; Singh, Vrijendra; Choudhary, Ravi Shankar (2013). "Legal Issues Involving Cryptography in India". VIDHIGYA: The Journal of Legal Awareness. 8 (1): 1–11.
  30. ^ "Yes, snooping's allowed". Indian Express. 6 February 2009. Archived from the original on 23 December 2022. Retrieved 23 December 2022.

External links edit

  • Bert-Jaap Koops' Crypto Law Survey - existing and proposed laws and regulations on cryptography

cryptography, confused, with, regulation, cryptocurrencies, this, article, needs, additional, citations, verification, please, help, improve, this, article, adding, citations, reliable, sources, unsourced, material, challenged, removed, find, sources, news, ne. Not to be confused with Regulation of cryptocurrencies This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Cryptography law news newspapers books scholar JSTOR December 2009 Learn how and when to remove this message Cryptography is the practice and study of encrypting information or in other words securing information from unauthorized access There are many different cryptography laws in different nations Some countries prohibit the export of cryptography software and or encryption algorithms or cryptoanalysis methods Some countries require decryption keys to be recoverable in case of a police investigation Contents 1 Overview 2 Legal issues 2 1 Prohibitions 2 2 Export controls 2 3 NSA involvement 2 4 Digital rights management 2 5 Forced disclosure of encryption keys 3 Cryptography law in different countries 3 1 China 3 2 France 3 3 India 3 4 United States 4 See also 5 References 6 External linksOverview editIssues regarding cryptography law fall into four categories 1 Export control is the restriction on the export of cryptography methods within a country to other countries or commercial entities There are international export control agreements the main one being the Wassenaar Arrangement The Wassenaar Arrangement was created after the dissolution of COCOM Coordinating Committee for Multilateral Export Controls which in 1989 decontrolled password and authentication only cryptography 2 Import controls which is the restriction on using certain types of cryptography within a country Patent issues deal with the use of cryptography tools that are patented Search and seizure issues on whether and under what circumstances a person can be compelled to decrypt data files or reveal an encryption key Legal issues editProhibitions edit Cryptography has long been of interest to intelligence gathering and law enforcement agencies 3 Secret communications may be criminal or even treasonous citation needed Because of its facilitation of privacy and the diminution of privacy attendant on its prohibition cryptography is also of considerable interest to civil rights supporters Accordingly there has been a history of controversial legal issues surrounding cryptography especially since the advent of inexpensive computers has made widespread access to high quality cryptography possible In some countries even the domestic use of cryptography is or has been restricted Until 1999 France significantly restricted the use of cryptography domestically though it has since relaxed many of these rules In China and Iran a license is still required to use cryptography 4 Many countries have tight restrictions on the use of cryptography Among the more restrictive are laws in Belarus Kazakhstan Mongolia Pakistan Singapore Tunisia and Vietnam 5 In the United States cryptography is legal for domestic use but there has been much conflict over legal issues related to cryptography 3 One particularly important issue has been the export of cryptography and cryptographic software and hardware Probably because of the importance of cryptanalysis in World War II and an expectation that cryptography would continue to be important for national security many Western governments have at some point strictly regulated export of cryptography After World War II it was illegal in the US to sell or distribute encryption technology overseas in fact encryption was designated as auxiliary military equipment and put on the United States Munitions List 6 Until the development of the personal computer asymmetric key algorithms i e public key techniques and the Internet this was not especially problematic However as the Internet grew and computers became more widely available high quality encryption techniques became well known around the globe citation needed Export controls edit Main article Export of cryptography In the 1990s there were several challenges to US export regulation of cryptography After the source code for Philip Zimmermann s Pretty Good Privacy PGP encryption program found its way onto the Internet in June 1991 a complaint by RSA Security then called RSA Data Security Inc resulted in a lengthy criminal investigation of Zimmermann by the US Customs Service and the FBI though no charges were ever filed 7 8 Daniel J Bernstein then a graduate student at UC Berkeley brought a lawsuit against the US government challenging some aspects of the restrictions based on free speech grounds The 1995 case Bernstein v United States ultimately resulted in a 1999 decision that printed source code for cryptographic algorithms and systems was protected as free speech by the United States Constitution 9 In 1996 thirty nine countries signed the Wassenaar Arrangement an arms control treaty that deals with the export of arms and dual use technologies such as cryptography The treaty stipulated that the use of cryptography with short key lengths 56 bit for symmetric encryption 512 bit for RSA would no longer be export controlled 10 Cryptography exports from the US became less strictly regulated as a consequence of a major relaxation in 2000 11 there are no longer very many restrictions on key sizes in US exported mass market software Since this relaxation in US export restrictions and because most personal computers connected to the Internet include US sourced web browsers such as Firefox or Internet Explorer almost every Internet user worldwide has potential access to quality cryptography via their browsers e g via Transport Layer Security The Mozilla Thunderbird and Microsoft Outlook E mail client programs can similarly transmit and receive emails via TLS and can send and receive emails encrypted with S MIME Many Internet users don t realize that their basic application software contains such extensive cryptosystems These browsers and email programs are so ubiquitous that even governments whose intent is to regulate civilian use of cryptography generally don t find it practical to do much to control distribution or use of cryptography of this quality so even when such laws are in force actual enforcement is often effectively impossible citation needed NSA involvement edit nbsp NSA headquarters in Fort Meade Maryland See also Clipper chip Another contentious issue connected to cryptography in the United States is the influence of the National Security Agency on cipher development and policy 3 The NSA was involved with the design of DES during its development at IBM and its consideration by the National Bureau of Standards as a possible Federal Standard for cryptography 12 DES was designed to be resistant to differential cryptanalysis 13 a powerful and general cryptanalytic technique known to the NSA and IBM that became publicly known only when it was rediscovered in the late 1980s 14 According to Steven Levy IBM discovered differential cryptanalysis 8 but kept the technique secret at the NSA s request The technique became publicly known only when Biham and Shamir re discovered and announced it some years later The entire affair illustrates the difficulty of determining what resources and knowledge an attacker might actually have citation needed Another instance of the NSA s involvement was the 1993 Clipper chip affair an encryption microchip intended to be part of the Capstone cryptography control initiative Clipper was widely criticized by cryptographers for two reasons The cipher algorithm called Skipjack was then classified declassified in 1998 long after the Clipper initiative lapsed The classified cipher caused concerns that the NSA had deliberately made the cipher weak in order to assist its intelligence efforts The whole initiative was also criticized based on its violation of Kerckhoffs s Principle as the scheme included a special escrow key held by the government for use by law enforcement i e wiretapping 8 Digital rights management edit Main article Digital rights management Cryptography is central to digital rights management DRM a group of techniques for technologically controlling use of copyrighted material being widely implemented and deployed at the behest of some copyright holders In 1998 U S President Bill Clinton signed the Digital Millennium Copyright Act DMCA which criminalized all production dissemination and use of certain cryptanalytic techniques and technology now known or later discovered specifically those that could be used to circumvent DRM technological schemes 15 This had a noticeable impact on the cryptography research community since an argument can be made that any cryptanalytic research violated the DMCA Similar statutes have since been enacted in several countries and regions including the implementation in the EU Copyright Directive Similar restrictions are called for by treaties signed by World Intellectual Property Organization member states citation needed The United States Department of Justice and FBI have not enforced the DMCA as rigorously as had been feared by some but the law nonetheless remains a controversial one Niels Ferguson a well respected cryptography researcher has publicly stated that he will not release some of his research into an Intel security design for fear of prosecution under the DMCA 16 Cryptologist Bruce Schneier has argued that the DMCA encourages vendor lock in while inhibiting actual measures toward cyber security 17 Both Alan Cox longtime Linux kernel developer and Edward Felten and some of his students at Princeton have encountered problems related to the Act Dmitry Sklyarov was arrested during a visit to the US from Russia and jailed for five months pending trial for alleged violations of the DMCA arising from work he had done in Russia where the work was legal In 2007 the cryptographic keys responsible for Blu ray and HD DVD content scrambling were discovered and released onto the Internet In both cases the Motion Picture Association of America sent out numerous DMCA takedown notices and there was a massive Internet backlash triggered by the perceived impact of such notices on fair use and free speech 18 Forced disclosure of encryption keys edit Main article Key disclosure law In the United Kingdom the Regulation of Investigatory Powers Act gives UK police the powers to force suspects to decrypt files or hand over passwords that protect encryption keys Failure to comply is an offense in its own right punishable on conviction by a two year jail sentence or up to five years in cases involving national security 19 Successful prosecutions have occurred under the Act the first in 2009 20 resulted in a term of 13 months imprisonment 21 Similar forced disclosure laws in Australia Finland France and India compel individual suspects under investigation to hand over encryption keys or passwords during a criminal investigation citation needed In the United States the federal criminal case of United States v Fricosu addressed whether a search warrant can compel a person to reveal an encryption passphrase or password 22 The Electronic Frontier Foundation EFF argued that this is a violation of the protection from self incrimination given by the Fifth Amendment 23 In 2012 the court ruled that under the All Writs Act the defendant was required to produce an unencrypted hard drive for the court 24 In many jurisdictions the legal status of forced disclosure remains unclear citation needed The 2016 FBI Apple encryption dispute concerns the ability of courts in the United States to compel manufacturers assistance in unlocking cell phones whose contents are cryptographically protected citation needed further explanation needed As a potential counter measure to forced disclosure some cryptographic software supports plausible deniability where the encrypted data is indistinguishable from unused random data for example such as that of a drive which has been securely wiped citation needed Cryptography law in different countries editChina edit In October 1999 the State Council promulgated the Regulations on the Administration of Commercial Cryptography According to these regulations commercial cryptography was treated as a state secret 25 On 26 October 2019 the Standing Committee of the National People s Congress promulgated the Cryptography Law of the People s Republic of China This law went into effect at the start of 2020 25 26 The law categorizes cryptography into three categories 25 26 Core cryptography which is a state secret and suitable for information up to top secret Ordinary cryptography which is also a state secret and suitable for information up to secret Commercial cryptography which protects information that is not a state secret The law also states that there should be a mechanism of both in process and ex post supervision on commercial cryptography which combines routine supervision with random inspection implying that the Chinese government should get access to encrypted servers 26 It also states that foreign providers of commercial encryption need some sort of state approval 26 Cryptosystems authorized for use in China include SM2 SM3 and SM4 27 France edit As of 2011 and since 2004 the law for trust in the digital economy fr French Loi pour la confiance dans l economie numerique abbreviated LCEN mostly liberalized the use of cryptography 28 As long as cryptography is only used for authentication and integrity purposes it can be freely used The cryptographic key or the nationality of the entities involved in the transaction do not matter Typical e business websites fall under this liberalized regime Exportation and importation of cryptographic tools to or from foreign countries must be either declared when the other country is a member of the European Union or requires an explicit authorization for countries outside the EU India edit Section 69 of the Information Technology Act 2000 as amended in 2008 authorizes Indian government officials or policemen to listen in on any phone calls read any SMS messages or emails or monitor the websites that anyone visits without requiring a warrant 29 2 30 However this is a violation of article 21 of the Constitution of India 29 2 This section also enables the central government of India or a state government of India to compel any agency to decrypt information 29 4 According to the Information Technology Intermediaries Guidelines Rules 2011 intermediaries are required to provide information to Indian government agencies for investigative or other purposes 29 2 clarification needed ISP license holders are freely allowed to use encryption keys up to 40 bits Beyond that they are required to obtain written permission and to deposit the decryption key with the Department of Telecommunications 29 2 3 Per the 2012 SEBI Master Circular for Stock Exchange or Cash Market issued by the Securities and Exchange Board of India it is the responsibility of stock exchanges to maintain data reliability and confidentiality through the use of encryption 29 3 Per Reserve Bank of India guidance issued in 2001 banks must use at least 128 bit SSL to protect browser to bank communication they must also encrypt sensitive data internally 29 3 Electronics including cryptographic products is one of the categories of dual use items in the Special Chemicals Organisms Materials Equipment and Technologies SCOMET part of the Foreign Trade Development amp Regulation Act 1992 However this regulation does not specify which cryptographic products are subject to export controls 29 3 United States edit See also Export of cryptography from the United StatesThis section needs expansion You can help by adding to it December 2022 In the United States the International Traffic in Arms Regulation restricts the export of cryptography citation needed further explanation needed See also editOfficial Secrets Act United Kingdom India Ireland Malaysia and formerly New Zealand Regulation of Investigatory Powers Act 2000 United Kingdom Restrictions on the import of cryptography United States v Boucher 2009 on the right of a criminal defendant not to reveal a passphrase FBI Apple encryption dispute on whether cellphone manufacturers can be compelled to assist in their unlockingReferences edit Kumar Pankaj 28 May 2004 Cryptography with Java Pearson Retrieved 12 February 2013 Koops Bert Jaap November 1996 A survey of cryptography laws and regulations Computer Law amp Security Report 6 12 6 349 355 doi 10 1016 0267 3649 96 84928 4 access restricted to current University of Toronto a b c Ranger Steve 24 March 2015 The undercover war on your internet secrets How online surveillance cracked our trust in the web TechRepublic Archived from the original on 2016 06 12 Retrieved 2016 06 12 Overview per country Crypto Law Survey February 2013 Retrieved 26 March 2015 6 5 1 What Are the Cryptographic Policies of Some Countries RSA Laboratories Retrieved 26 March 2015 Rosenoer Jonathan 1995 Cryptography amp Speech CyberLaw Archived copy Archived from the original on 1 December 2005 Retrieved 23 June 2006 a href Template Cite web html title Template Cite web cite web a CS1 maint archived copy as title link Case Closed on Zimmermann PGP Investigation IEEE Computer Society s Technical Committee on Security and Privacy 14 February 1996 Retrieved 26 March 2015 a b c Levy Steven 2001 Crypto How the Code Rebels Beat the Government Saving Privacy in the Digital Age Penguin Books p 56 ISBN 978 0 14 024432 8 OCLC 244148644 Bernstein v USDOJ Electronic Privacy Information Center United States Court of Appeals for the Ninth Circuit 6 May 1999 Retrieved 26 March 2015 Dual use List Category 5 Part 2 Information Security PDF Wassenaar Arrangement Retrieved 26 March 2015 4 United States Cryptography Export Import Laws RSA Laboratories Retrieved 26 March 2015 Schneier Bruce 15 June 2000 The Data Encryption Standard DES Crypto Gram Retrieved 26 March 2015 Coppersmith D May 1994 The Data Encryption Standard DES and its strength against attacks PDF IBM Journal of Research and Development 38 3 243 250 doi 10 1147 rd 383 0243 Retrieved 26 March 2015 Biham E Shamir A 1991 Differential cryptanalysis of DES like cryptosystems Journal of Cryptology 4 1 3 72 doi 10 1007 bf00630563 S2CID 206783462 The Digital Millennium Copyright Act of 1998 PDF United States Copyright Office Retrieved 26 March 2015 Ferguson Niels 15 August 2001 Censorship in action why I don t publish my HDCP results Archived from the original on 1 December 2001 Retrieved 16 February 2009 Schneier Bruce 2001 08 06 Arrest of Computer Researcher Is Arrest of First Amendment Rights InternetWeek Retrieved 2017 03 07 Doctorow Cory 2 May 2007 Digg users revolt over AACS key Boing Boing Retrieved 26 March 2015 UK Data Encryption Disclosure Law Takes Effect PC World 1 October 2007 Archived from the original on 20 January 2012 Retrieved 26 March 2015 Williams Christopher 11 August 2009 Two convicted for refusal to decrypt data The Register Retrieved 26 March 2015 Williams Christopher 24 November 2009 UK jails schizophrenic for refusal to decrypt files The Register Retrieved 26 March 2015 Ingold John January 4 2012 Password case reframes Fifth Amendment rights in context of digital world The Denver Post Retrieved 26 March 2015 Leyden John 13 July 2011 US court test for rights not to hand over crypto keys The Register Retrieved 26 March 2015 Order Granting Application under the All Writs Act Requiring Defendant Fricosu to Assist in the Execution of Previously Issued Search Warrants PDF United States District Court for the District of Colorado Retrieved 26 March 2015 a b c Chen Jihong 2020 10 01 Regulation and deregulation understanding the evolution of the Chinese cryptography legal regime from the newly released Cryptography Law of China International Cybersecurity Law Review 1 1 2 73 86 doi 10 1365 s43439 020 00003 6 ISSN 2662 9739 S2CID 224858334 a b c d Taylor Monique 2022 Digital Authoritarianism in the Xi Jinping Era China s Digital Authoritarianism A Governance Perspective Cham Springer International Publishing pp 63 85 doi 10 1007 978 3 031 11252 2 4 ISBN 978 3 031 11252 2 Retrieved 2022 12 23 Martinkauppi Louise Bergman He Qiuping Ilie Dragos June 2020 On the Design and Performance of Chinese OSCCA approved Cryptographic Algorithms 2020 13th International Conference on Communications COMM pp 119 124 doi 10 1109 COMM48946 2020 9142035 ISBN 978 1 7281 5611 8 S2CID 220668639 Legifrance gouv fr Loi pour la confiance dans l economie numerique LCEN www legifrance gouv fr in French Retrieved June 14 2011 a b c d e f g h Parvathy A Singh Vrijendra Choudhary Ravi Shankar 2013 Legal Issues Involving Cryptography in India VIDHIGYA The Journal of Legal Awareness 8 1 1 11 Yes snooping s allowed Indian Express 6 February 2009 Archived from the original on 23 December 2022 Retrieved 23 December 2022 External links editBert Jaap Koops Crypto Law Survey existing and proposed laws and regulations on cryptography Retrieved from https en wikipedia org w index php title Cryptography law amp oldid 1215626763 Cryptography law in different countries, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.