The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

Regulating the technological actor: how governments tried to transform the technology and the market for cryptography and cryptographic services and the implications for the regulation of information and communications technologies

The formulation, adoption, and transformation of policy involves the interaction of actors as they negotiate, accept, and reject proposals. Traditional studies of policy discourse focus on social actors. By studying cryptography policy discourses, I argue that considering both social and technological actors in detail enriches our understanding of policy discourse. The case-based research looks at the various cryptography policy strategies employed by the governments of the United States of America and the United Kingdom. The research method is qualitative, using hermeneutics to elucidate the various actors’ interpretations. The research aims to understand policy discourse as a contest of principles involving various government actors advocating multiple regulatory mechanisms to maintain their surveillance capabilities, and the reactions of industry actors, non-governmental organisations, parliamentarians, and epistemic communities. I argue that studying socio-technological discourse helps us to understand the complex dynamics involved in regulation and regulatory change. Interests and alignments may be contingent and unstable. As a result, technologies can not be regarded as mere representations of social interests and relationships. By capturing the interpretations and articulations of social and technological actors we may attain a better understanding of the regulatory landscape for information and communications technologies

The Myth of Superiority of American Encryption Products

Encryption software and hardware use sophisticated mathematical algorithms to encipher a message so that only the intended recipient may read it. Fearing that criminals and terrorists will use encryption to evade authorities, the United States now restricts the export of encryption products with key lengths of more than 56 bits. The controls are futile, because strong encryption products are readily available overseas. Foreign-made encryption products are as good as, or better than, U.S.-made products. U.S. cryptographers have no monopoly on the mathematical knowledge and methods used to create strong encryption. Powerful encryption symmetric-key technologies developed in other countries include IDEA and GOST. Researchers in New Zealand have developed very strong public-key encryption systems. As patents on strong algorithms of U.S. origin expire, researchers in other countries will gain additional opportunities to develop strong encryption technology based on those algorithms