Encryption Law - Guide to Cryptography Law
Encryption Law or Cryptography Law deals with legislation ensuring that information is secure and transmitted confidentially, as well as policies designed to keep secure encryption schemes out of the hands of unauthorized individuals and foreign powers. The government has implemented several tools to transform data via encryption technology to prevent unauthorized access to or modification of sensitive governmental and public information.
Issues regarding cryptography law fall into four basic categories: export control, import control, patent issues, and search and seizure. Many aspects of these categories overlap, such as import and export controls.
Export Control Laws
Export control laws restrict the export of cryptography methods within a country to other countries or commercial entities. These laws often relate to matters of national security, but can also relate to private or commercial matters, as well. To protect cryptography for military use, there are international export control agreements such as the Wassenaar Arrangement which requires disclosures by member nations of any military technology exported to other countries, including cryptography technology.
Import Control Laws
Import control laws pertaining to cryptography restrict the use of certain types of cryptography within a country. These laws are designed to go hand-in-hand with international agreements to discourage the importation of cryptography from other nations. It also helps to protect international business interests by allowing governments to prohibit the importation of private sector encryption technologies that could jeopardize legitimate business interests and allow for unfair competition.
Some cryptography law deals with the use of cryptography tools that are patented. These laws pertain to protecting intellectual property that allows for different forms of encryption, such as technologies for securing electronic financial transactions, keeping E-mail communications private, or authenticating web sites. These often go hand-in-hand with import laws designed to protect intellectual property from illegal import and use in another country without the permission of the inventor.
Search and Seizure
A final area of interest to cryptography laws are issues related to search and seizure. These are often criminal constitutional issues regarding under what circumstances a person can be compelled to decrypt data files or reveal an encryption key to allow investigators to compile a case against that individual. This is a hotly contested area of encryption law given the competing interests in protecting the public and national security versus the constitutional protections against self-incrimination and for due process.
For more information about encryption and cryptography laws, visit our resources below. Additionally, should you have a specific question or require assistance with an encryption or cryptography issue, you can find an attorney in your area that focuses their practice in this field by visiting our Law Firms page.
Encryption Law - US
- Bureau of Industry and Security
BIS Mission: Advance U.S. national security, foreign policy, and economic objectives by ensuring an effective export control and treaty compliance system and promoting continued U.S. strategic technology leadership.
- Cryptographic Module Validation Program (CMVP)
On July 17, 1995, the National Institute of Standards and Technology (NIST) established the Cryptographic Module Validation Program (CMVP) that validates cryptographic modules to Federal Information Processing Standards (FIPS) 140-1 Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards.
- e-Government Act
Congress found that the use of computers and the Internet was profoundly changing the relationships “among citizens, private businesses and Government” and that “Federal Government has had uneven success in applying advances in information technology to enhance governmental functions and services.” Among the varied purposes of this law was to “promote the use of the Internet and electronic government services,” “to make the Federal Government more transparent and accountable,” as well as “to provide enhanced access to Government information and services in a manner consistent with laws regarding protection of personal privacy, national security, records retention, access for persons with disabilities, and other relevant laws.”
- Encryption - Defintion
Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood.
- Federal Information Processing Standards (FIPS)
Under the Information Technology Management Reform Act (Public Law 104-106), the Secretary of Commerce approves standards and guidelines that are developed by the National Institute of Standards and Technology (NIST) for Federal computer systems. These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions.
- Federal Information Security Management Act (FISMA)
The E-Government Act (Public Law 107-347) passed by the 107th Congress and signed into law by the President in December 2002 recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
- PKCS 1 - RSA Cryptography Standard
This document provides recommendations for the implementation of public-key cryptography based on the RSA algorithm, covering the following aspects: cryptographic primitives; encryption schemes; signature schemes with appendix; ASN.1 syntax for representing keys and for identifying the schemes.
- United States Encryption Export Control Policy
This rule updates our mass market encryption policies, consistent with global policy developments, and clarifies existing procedures and requirements for other types of dual-use encryption items. Our major trading and security partners, such as the European Union, Japan and other member nations of the Wassenaar Arrangement, also have updated their mass market encryption export control policies. The guiding principles for U.S. encryption export control policy have not changed. The policy continues to rest on three tenets: a review of encryption products in advance of sale, a streamlined post-export reporting system that takes into account differing distribution models, and review of certain exports to foreign government end-users.
- Voice Encryption for Radios
Public safety Land Mobile Radio systems are vulnerable to eavesdropping and can easily be exploited by criminals. Readily available scanners and other devices can be used to receive voice signals from analog and digital public safety radio systems, including trunked radio systems. Lists of frequencies and channel assignments used in public safety jurisdictions are easily obtained from numerous print and online sources.
Organizations Related to Encryption Law
- Central Intelligence Agency (CIA)
The Central Intelligence Agency was created in 1947 with the signing of the National Security Act by President Harry S. Truman. The act also created a Director of Central Intelligence (DCI) to serve as head of the United States intelligence community; act as the principal adviser to the President for intelligence matters related to the national security; and serve as head of the Central Intelligence Agency.
- Department of Homeland Security
The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. This requires the dedication of more than 230,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility inspector. Our duties are wide-ranging, but our goal is clear - keeping America safe.
- National Institute of Justice - Technology and Tools
Law enforcement and corrections officers rely on various technologies for effective law enforcement and their own safety. NIJ helps ensure that officers have the equipment they need by developing standards and testing equipment against the standards. NIJ also helps to bring affordable new equipment to market by funding research and development of innovative technologies.
- National Institute of Standards and Technology
Advancing the state-of-the-art in IT in such applications as cyber security and biometrics, the National Institute of Standards and Technology accelerates the development and deployment of systems that are reliable, usable, interoperable, and secure; advances measurement science through innovations in mathematics, statistics, and computer science; and conducts research to develop the measurements and standards infrastructure for emerging information technologies and applications.
- National Security Agency
The National Security Agency/Central Security Service (NSA/CSS) is home to America's codemakers and codebreakers. The National Security Agency has provided timely information to U.S. decision makers and military leaders for more than half a century. The Central Security Service was established in 1972 to promote a full partnership between NSA and the cryptologic elements of the armed forces.
- NIST Computer Security Division - Cryptographic Technology
Our work in cryptography is making an impact within and outside the Federal government. Strong cryptography improves the security of systems and the information they process. IT users also enjoy the enhanced availability in the marketplace of secure applications through cryptography, Public Key Infrastructure (PKI), and e-authentication.
Publications Related to Encryption Law
- Journal of Computer and Information Law
The Journal of Computer & Information Law is focused on providing current, relevant legal analysis regarding international information technology and privacy law. The Journal strives to publish articles that are both scholarly and practical, and achieves this goal by involving international insight, keeping abreast of evolving technology, and including input from several viewpoints including academia, government, business and private practice.
- NIST - Special Publications (800 Series)
Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.
- Technology Review - Communications
Technology Review and Technologyreview.com are published by Technology Review Inc., an independent media company owned by the Massachusetts Institute of Technology. The oldest technology magazine in the world (est. 1899), Technology Review aims to promote the understanding of emerging technologies and to analyze their commercial, social, and political impacts.