Cryptography's Role in Securing the Information Society (1996) / Chapter Skim
Currently Skimming:
G - The International Scope of Cryptography Policy
G - The International Scope of Cryptography Policy
Pages 430-449
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 430... ...
vendors, and vice versa, in a way that respects different monetary systems; thus, financial transactions occur increasingly over international boundaries, resulting in a truly global banking and financial system. To the extent that these various types of communications must be secure, cryptography provides a very important tool for 430
|
From page 431... ...
G.2 SIMILARITIES IN AND DIFFERENCES BETWEEN THE UNITED STATES AND OTHER NATIONS WITH RESPECT TO CRYPTOGRAPHY Despite the international scope of cryptography policy, the international scene is dominated by national governments. All national governments have certain basic goals in common: • To maintain national sovereignty, • To protect public safety and domestic order, • To look after their nation's economic interests, and • To advance their national interests internationally.
|
From page 432... ...
Specifically, it announced that "foreign economic information providers will be punished in accordance with the law if their released information to Chinese users contains anything forbidden by Chinese laws and regulations, or slanders or jeopardizes the national interests of China." See Seth Faison, "Citing Security, China Will Curb Foreign Financial News Agencies," New York Times, January 17, 1996, p.
|
From page 433... ...
Moreover, the United States has a rich tradition of public debate and argument, and dissenting discourse is far more the rule than the exception compared to most foreign nations, whose publics tend to exhibit a greater willingness to grant certain powers to the state, a less adversarial relationship toward the government, and more trust in the ability of government to do what is in the national interest. (Indeed, at a public meeting a representative of the National Security Agency noted complaints from foreign intelligence services that the U.S.
|
From page 434... ...
G.3 FOREIGN EXPORT CONTROL REGIMES The United States is not the only nation that imposes export control restrictions on cryptography. Many other nations, especially former members of the Coordinating Committee (CoCom -- see below)
|
From page 435... ...
from falling into the hands of the Eastern bloc, rather than to inhibit mutually advantageous sharing of military technology among the member states. History demonstrates that the United States has always applied tighter export controls for security and foreign policy reasons than any agreement with other nations might otherwise mandate.11 For example, 9For detailed discussion of the CoCom regime, see NRC, Finding Common Ground, 1991, and NRC, Balancing the National Interest, National Academy Press, Washington, D.C., 1987.
|
From page 436... ...
Thus, there are in general more restrictions on the export of products with encryption capability from the United States than from these other nations, even though all of the nations in question maintain export controls on encryption.12 G.4 FOREIGN IMPORT AND USE CONTROL REGIMES A number of nations discourage cryptography within their jurisdictions through a combination of import controls and use controls. Import controls refer to restrictions on products with encryption capability that may be taken into a given nation; use controls refer to restriction on the use of such products within their jurisdictions.
|
From page 437... ...
, by devising incentives for domestic production (e.g., tax policies and legal regimes for intellectual property that favor domestic industries) , and by aiding in market development (e.g., guaranteeing a certain minimum level of sales through government purchase, providing foreign aid to buy domestic goods, applying political pressure to potential customers)
|
From page 438... ...
export controls to keep strong encryption products out of the market in their countries. G.5 THE STATE OF INTERNATIONAL AFFAIRS TODAY Today, international communications are conducted with no universally adopted information or communications privacy and security standards or policies.
|
From page 439... ...
G.6 OBTAINING INTERNATIONAL COOPERATION ON POLICY REGARDING SECURE COMMUNICATIONS If the use of the global information infrastructure (GII) is to grow with the blessings of governments, common arrangements among governments are needed.
|
From page 440... ...
Rather, the committee proceeds from the belief that the United States will be an important but not the controlling international player with respect to international communications and information transfer. Thus, the United States cannot operate unilaterally and will have to reach accommodation with other national governments.
|
From page 441... ...
By definition, individual policies of nations may conflict at national borders.20 For nations whose policies on cryptography do not agree, international interconnection will be possible only through national gateways and interfaces that handle all international traffic.21 For example, Nations A and B might require users to deposit all cryptographic keys with the national government but otherwise leave the choice of cryptographic equipment up to the relevant users. An A national communicating with a B national might see his or her traffic routed to a switch that would decrypt A's transmission into plaintext and re-encrypt it with the B national's key for ultimate transmission to the B national.22 20Although the notion of a global information infrastructure is based to a large degree on the idea that national boundaries are porous to information, nations can and do exert some influence over what information may cross their borders.
|
From page 442... ...
Thus, the problem of obtaining international cooperation on policy regarding secure communication is addressed here. In the export control domain, attempts are under way to establish an organization known as the New Forum to achieve some common policy regarding exports.
|
From page 443... ...
• Interoperability. Cooperating nations would work, perhaps in part through telephone companies and PTTs, to ensure that encrypted communications across national borders would remain encrypted but also conform to national laws.
|
From page 444... ...
(Note that a division of the world into core and noncore nations might require the fractionation of a multinational company's information network into those inside and outside the core group.) G.7 THE FUNDAMENTAL QUESTIONS OF INTERNATIONAL CRYPTOGRAPHY POLICY If the assumption is made that escrowed encryption is the underpinning of national governments' attempting to manage cryptography, three basic questions arise regarding cryptography policy internationally.
|
From page 445... ...
persons, and foreign governments (or escrow agents subject to the laws of those foreign governments) hold all keys for escrowed encryption products used by nationals of those governments.26 3.
|
From page 446... ...
Option 2 alone will not satisfy U.S. needs for intelligence gathering from the foreign nations involved, because by assumption it requires the involvement (and hence the knowledge)
|
From page 447... ...
Harmonized Export Policies Agreement on the following points would be necessary to develop a common export control policy that would help to preserve law enforcement and intelligence-gathering capabilities by retarding the spread of cryptography worldwide: • Rough concurrence among nations exporting cryptography about the nations whose access to encryption capabilities should be kept to a minimum and what policy toward those nations should be; • Willingness to allow relatively free trade in products with encryption capabilities among member nations; • Willingness to abide by prohibitions on re-export to rogue nations; and • Agreement among member nations about the types of encryption capabilities that would constitute a threat if widely deployed. 27National Institute of Standards and Technology, Draft Software Key Escrow Encryption Export Criteria, November 6, 1995; see Box 5.3, Chapter 5.
|
From page 448... ...
Harmonized Policies Regarding Use As noted above, the Organization for Economic Cooperation and Development held a December 1995 meeting in Paris among member nations to discuss how these nations were planning to cope with the public policy problems posed by cryptography.29 What this meeting made clear is that many OECD member nations are starting to come to grips with the public policy problems posed by encryption, but that the dialogue on harmonizing policies across national borders has not yet matured. Moreover, national policies are quite fluid at this time, with various nations considering different types of regulation regarding the use, export, and import of cryptography.
|
From page 449... ...
to serve as the generators of cryptographic keys for confidentiality for use by the public as well as escrow agents holding these keys and responding to legally authorized requests for encryption keys for law enforcement purposes.30 However, the needs of national security were not mentioned for the most part.31,32 30See, for example, Nigel Jefferies, Chris Mitchell, and Michael Walker, A Proposed Architecture for Trusted Third Party Services, Royal Holloway, University of London, 1995. 31For additional industry-oriented views on international policies concerning the use of cryptography, see U.S.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.