encryption
DESCRIPTION
Encryption. “Encryption basically involves running a readable message known as “plaintext” through a computer program that translates the message according to an equation or algorithm into unreadable “ciphertext”” - PowerPoint PPT PresentationTRANSCRIPT
EncryptionEncryption “Encryption basically involves running a
readable message known as “plaintext” through a computer program that translates the message according to an equation or algorithm into unreadable “ciphertext””
“Decryption is the translation back to plaintext when the message is received by someone with an appropriate ‘key’”
Four main uses: data integrity, authentication, nonrepudiation, confidentiality
Types of EncryptionTypes of Encryption
Length of encryption indicates strength; but not all encryption is created equally
Public Key versus Private Key (symmetric versus asymmetric)
Comments of Janet RenoComments of Janet Reno
“Encryption can frustrate completely our ability to lawfully search and seize evidence and to conduct electronic surveillance, two of the most effective tools that the law and the people of this country have given law enforcement to do its work.”
Present RegulationPresent Regulation
Department of Commerce: not military
1. Mass Marketed needs one time review
2. Data recovery type may be elegible to nonembargoed countries
3. Up to 56 bit may receive 6 month export license if promise to develop key recovery
4. The rest is considered on a case by case basis
Bernstein v. USBernstein v. US
Major case of encryption export As far as publishing efforts are concerned,
regulations are unconstitutional because they violate the First Amendment as a violation of prior restraint
Government has appealed, and stay granted of enforcement until that time
Karn case is opposite
Methods of controlling Methods of controlling EncryptionEncryption
Escrowed Encryption Standard (Clipper Chip)
Key Management Licensing Third Party Trusted Intermediaries Certification Authorities
Zeran v. AOLZeran v. AOL
November, 1997; 4th Circuit Numerous false postings to AOL resulted in
death threats and constant calls to Zeran AOL remove postings but would not issue
retraction
Circuit Court DecisionCircuit Court Decision
CDA provision was written to protect speech, take hands off approach to regulation of the Internet and to promote self-regulation
Applied CDA retroactively AOL not liable Notice to AOL had no effect