Sunday, October 7, 2007

Export of cryptography

The export of cryptography refers to the transfer from one country to another of devices and technology related to cryptography. Since World War II, Western governments, including the U.S.NATO allies, have regulated the export of cryptography for national security considerations, and, for a time, defined cryptography to be a munition.

In light of the enormous impact of cryptanalysis in WWII, it was abundantly clear to these governments that denying current and potential enemies access to cryptographic systems looked to be militarily valuable. They also wished to monitor the diplomatic communications of other nations, including the many new nations that were emerging in the post-colonial period and whose position on Cold War issues was regarded as vital. (Kahn, The Codebreakers, Ch. 19) Since the U.S. and U.K. had, they believed, developed more advanced cryptographic capabilities than others, there arose a notion that controlling all dissemination of the more effective crypto techniques might be beneficial. The First Amendment made controlling all use of cryptography inside the U.S. difficult, but controlling access to U.S. developments by others was thought to be more practical — there were at least no constitutional impediments. Accordingly, regulations were introduced as part of munitions controls which required licenses to export cryptographic methods (and even their description); the regulations established that cryptography beyond a certain strength (defined by algorithm and length of key) would not be licensed for export except on a case-by-case basis. The expectation seems to have been that this would further national interests in reading 'their' communications and prevent others from reading 'ours'. This policy was also adopted elsewhere for various reasons.

The development, and public release, of DES and asymmetric key techniques in the 1970s, the rise of the Internet, and the willingness of some to risk and resist prosecution, eventually made this policy impossible to enforce, and by the late 1990s it was being relaxed in the US, and to some extent (e.g. France) elsewhere. Nevertheless, some officials in the U.S. believe that widespread availability of strong cryptography world-wide has hampered the ability of the NSA to read intercepted communications that might reveal important information about intentions hostile to the United States.[1] Others feel that the export controls in place in the last half of the 20th century discouraged incorporation of widely known cryptographic tools into commercial products, particularly personal computer operating systems, and are a root cause of the present crisis in information security, aside from interfering with U.S. trade in such products. They observe that many of the advances, including asymmetric key cryptography and many of its algorithms, were already public in any case.

again from wikipedia

No comments: