logging in or signing up policy overview Spencer Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 186 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: February 26, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Cryptography and Public Policy : Cryptography and Public Policy John C. Mitchell Stanford University CS 99Controversy: Controversy Can multiplication be a crime? What about exponentiation? Can this really be?: Can this really be? Legal Mary had a little lamb. Illegal Ary-may ad-pay an ittle-pay amb-lay.Government interest: Government interest Cryptography important in war and espionage Army analysts succeeded in breaking and the code systems used by the Imperial Japanese Army, producing intelligence which many believe shortened the war in the Pacific. Work begun by the Polish and continued by the British … decoded German military communications encrypted with the Enigma cipher machines. The intelligence produced by this effort … shortened the war in Europe. [Federation of American Scientists] Wiretapping traditional in law enforcementIndividual and business privacy: Individual and business privacy US No explicit constitutional right to privacy. First Amendment: Freedom of speech. Fourth: Freedom from unreasonable search and seizure. Europe Stronger privacy policies and laws Japan Less open use of cryptographyEchelon Wired News Report 5:20 p.m. 3.Jun.99.PDT: Echelon Wired News Report 5:20 p.m. 3.Jun.99.PDT Australia recently became the first nation to admit it participates in Echelon, a previously secret global surveillance network capable of intercepting electronic communications anywhere in the world. Echelon is said to be principally operated by the United States National Security Agency and its UK equivalent, the Government Communication Headquarters. In addition to Australia, the system relies on cooperation with other signals-intelligence agencies in Canada and New Zealand. Campbell had been asked to investigate the system in the wake of charges made last year in the European Parliament that Echelon was being used to funnel European government and industry secrets into US hands. Read for yourself and form your own opinion.German reaction: German reaction Germany Endorses Strong Crypto Wired News Report 5:20 p.m. 3.Jun.99.PDT In an apparent response to corporate spying allegedly conducted in Europe by the United States, Germany is encouraging citizens and businesses to use strong cryptography ... On the other hand … [Wired]: On the other hand … [Wired] Japan: More Crime, Less Privacy 3:00 a.m. 2.Jun.99.PDT TOKYO -- Privacy issues have taken center stage as Japan prepares to enact legislation allowing the police to eavesdrop on phone calls, intercept fax and computer transmissions, and read email. The draconian measures are ostensibly intended to help law enforcement halt premeditated murders, trafficking in drugs and guns, and smuggling of illegal aliens into Japan. At least that's what a bill cobbled together by the country's coalition government says. … More stories, see http://www.privacy.org/Basic conflicts: Basic conflicts Governments Intelligence and law enforcement interests Individuals Preserve privacy Control access to information Companies Preserve intellectual property, business practicesUS Policy on Cryptography: US Policy on Cryptography History Cryptography was province of NSA Government slow to adapt to public use of crypto Examples RSA conference presentation Shamir letter (hand out!) PGP Bernstein LawsuitRivest, Shamir, Adelman (1977): Rivest, Shamir, Adelman (1977) Rivest scheduled to present paper at FOCS IEEE received letter from “J.A. Meyer” Warned that since foreign nationals present, violation of US Int’l Traffic in Arms Regulation. Science journalist: Meyer worked for NSA NSA denied any connection with the letter RSA went ahead with publication, talk … subsequent inventors subject to secrecy ordersFeige, Fiat and Shamir: Feige, Fiat and Shamir Israeli authors submitted paper to conference Weizmann Institute filed for US patent US secrecy order, sent to Shamir in Israel: If subject matter has been revealed to any person, principals must inform that person of secrecy order If subject matter disclosed to person in foreign country or foreign national, principals must not inform that person of secrecy order. Shamir also notes that key ideas were presented to 4000+ researchers at previous conferences and asks anyone with documentation to destroy it!Phil Zimmermann, PGP : Phil Zimmermann, PGP PGP author hounded by Federal officials 1993: informed that Grand Jury in San Jose investigating charges of exporting PGP 1994: on return to US, detained in Customs, luggage searched, interrogated about itinerary, public speaking, prior trips -- without counsel Customs Service promised to subject him to the same hassle upon every re-entry into the US Investigation dropped in 1996Bernstein Case: Bernstein Case Daniel J. Bernstein Then Berkeley Ph.D. student in Mathematics Wrote an encryption program Wanted to post on Internet for discussion and scrutiny Asked State Department. Reply: need license as arms dealer to post algorithm if he applied for a license, request would be denied Bernstein cont’d: Bernstein cont’d EFF-sponsored case Bernstein sued Commerce Department, other agencies Claimed export control laws restrain constitutionally protected speech overly broad to serve protect national security Case was filed in federal district court Following three favorable rulings, the case went before the 9th Circuit Court of Appeals on December 8, 1997Court rulings: Court rulings Bernstein I, April 15, 1996: source code is speech protected by First Amend Bernstein II, December 6, 1996: export control laws on encryption are unconstitutional prior restraint on speech Bernstein III, August 25, 1997: restrictions on publication are unconstitutional prior restraint on speech even as written under the new Commerce Department regulationsAppeals Court (starting Dec, 1997): Appeals Court (starting Dec, 1997) Determine whether export control laws and regulations violate the First Amendment May 6, 1999: District Court upheld 2-1 Export restrictions against encryption are an unconstitutional prior restraint of free expression, impermissible under the First Amendment The Wassenaar Arrangement: The Wassenaar Arrangement Wassenaar Arrangement signed 1995 Involves 33 countries Objective of the Arrangement Prevent accumulation of military capabilities that threaten regional and int’l security and stability Controls export of cryptographic products Classified as dual-use goods having civilian and military applicationsWassenaar in more detail: Wassenaar in more detail In July 1996, after two years of negotiations, 33 countries approved guidelines and procedures for the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Wassenaar Arrangement members seek to coordinate export controls on conventional arms as well as "dual-use" advanced materials and technology -- those that have both military and civilian applications. The aim of the group is to prevent advanced arms and technology from going to pariah states like Iraq, Libya, and North Korea and to regions of instability like South Asia. Clinton administration officials have characterized [it] as a work in progress that should, over time, become as effective and reliable as any of the other non-proliferation regimes. Wassenaar continues ...: Wassenaar continues ... Cryptography experts meeting in Vienna in Sept 1998 Plenary session in Dec 1998 Results Additional controls over export of cryptography introduced into Wassenaar Arrangement. This has been widely condemned and has lead to the establishment of cryptography mirror sites around the world. In 1999 there is likely to be pressure within Wassenaar to control intangible exports. See ACM Computers, Freedom and PrivacyCanadian Wassenaar Policy: Canadian Wassenaar Policy In compliance with the current version of the Wassenaar Arrangement, Canadian government prohibits export of strong encryption products. As a result, Canadian high-tech companies like Entrust, Certicom, Timestep, and KyberPASS are prevented from selling to foreign customers hardware and software products that offer the best level of privacy and security. A provision known as the 'General Software Note', however, specifies that "public domain" software can be freely exported. "Paradoxically, our government enforces a policy that says we can't sell the fruit of our labours, but on the other hand, we can give it away for free”.French Policy: French Policy France has restricted domestic use and supply of cryptography authorization and declaration required for almost all cryptography Slightly liberalized in 1996 law mandating key deposits with Trusted Third Parties Domestic use of crypto liberalized in Jan 1999 US Export Policy: US Export Policy Weak cryptography exportable Strong cryptography not exportable Software havoc Other issues: Clipper and key escrow debates, ... You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
policy overview Spencer Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 186 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: February 26, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Cryptography and Public Policy : Cryptography and Public Policy John C. Mitchell Stanford University CS 99Controversy: Controversy Can multiplication be a crime? What about exponentiation? Can this really be?: Can this really be? Legal Mary had a little lamb. Illegal Ary-may ad-pay an ittle-pay amb-lay.Government interest: Government interest Cryptography important in war and espionage Army analysts succeeded in breaking and the code systems used by the Imperial Japanese Army, producing intelligence which many believe shortened the war in the Pacific. Work begun by the Polish and continued by the British … decoded German military communications encrypted with the Enigma cipher machines. The intelligence produced by this effort … shortened the war in Europe. [Federation of American Scientists] Wiretapping traditional in law enforcementIndividual and business privacy: Individual and business privacy US No explicit constitutional right to privacy. First Amendment: Freedom of speech. Fourth: Freedom from unreasonable search and seizure. Europe Stronger privacy policies and laws Japan Less open use of cryptographyEchelon Wired News Report 5:20 p.m. 3.Jun.99.PDT: Echelon Wired News Report 5:20 p.m. 3.Jun.99.PDT Australia recently became the first nation to admit it participates in Echelon, a previously secret global surveillance network capable of intercepting electronic communications anywhere in the world. Echelon is said to be principally operated by the United States National Security Agency and its UK equivalent, the Government Communication Headquarters. In addition to Australia, the system relies on cooperation with other signals-intelligence agencies in Canada and New Zealand. Campbell had been asked to investigate the system in the wake of charges made last year in the European Parliament that Echelon was being used to funnel European government and industry secrets into US hands. Read for yourself and form your own opinion.German reaction: German reaction Germany Endorses Strong Crypto Wired News Report 5:20 p.m. 3.Jun.99.PDT In an apparent response to corporate spying allegedly conducted in Europe by the United States, Germany is encouraging citizens and businesses to use strong cryptography ... On the other hand … [Wired]: On the other hand … [Wired] Japan: More Crime, Less Privacy 3:00 a.m. 2.Jun.99.PDT TOKYO -- Privacy issues have taken center stage as Japan prepares to enact legislation allowing the police to eavesdrop on phone calls, intercept fax and computer transmissions, and read email. The draconian measures are ostensibly intended to help law enforcement halt premeditated murders, trafficking in drugs and guns, and smuggling of illegal aliens into Japan. At least that's what a bill cobbled together by the country's coalition government says. … More stories, see http://www.privacy.org/Basic conflicts: Basic conflicts Governments Intelligence and law enforcement interests Individuals Preserve privacy Control access to information Companies Preserve intellectual property, business practicesUS Policy on Cryptography: US Policy on Cryptography History Cryptography was province of NSA Government slow to adapt to public use of crypto Examples RSA conference presentation Shamir letter (hand out!) PGP Bernstein LawsuitRivest, Shamir, Adelman (1977): Rivest, Shamir, Adelman (1977) Rivest scheduled to present paper at FOCS IEEE received letter from “J.A. Meyer” Warned that since foreign nationals present, violation of US Int’l Traffic in Arms Regulation. Science journalist: Meyer worked for NSA NSA denied any connection with the letter RSA went ahead with publication, talk … subsequent inventors subject to secrecy ordersFeige, Fiat and Shamir: Feige, Fiat and Shamir Israeli authors submitted paper to conference Weizmann Institute filed for US patent US secrecy order, sent to Shamir in Israel: If subject matter has been revealed to any person, principals must inform that person of secrecy order If subject matter disclosed to person in foreign country or foreign national, principals must not inform that person of secrecy order. Shamir also notes that key ideas were presented to 4000+ researchers at previous conferences and asks anyone with documentation to destroy it!Phil Zimmermann, PGP : Phil Zimmermann, PGP PGP author hounded by Federal officials 1993: informed that Grand Jury in San Jose investigating charges of exporting PGP 1994: on return to US, detained in Customs, luggage searched, interrogated about itinerary, public speaking, prior trips -- without counsel Customs Service promised to subject him to the same hassle upon every re-entry into the US Investigation dropped in 1996Bernstein Case: Bernstein Case Daniel J. Bernstein Then Berkeley Ph.D. student in Mathematics Wrote an encryption program Wanted to post on Internet for discussion and scrutiny Asked State Department. Reply: need license as arms dealer to post algorithm if he applied for a license, request would be denied Bernstein cont’d: Bernstein cont’d EFF-sponsored case Bernstein sued Commerce Department, other agencies Claimed export control laws restrain constitutionally protected speech overly broad to serve protect national security Case was filed in federal district court Following three favorable rulings, the case went before the 9th Circuit Court of Appeals on December 8, 1997Court rulings: Court rulings Bernstein I, April 15, 1996: source code is speech protected by First Amend Bernstein II, December 6, 1996: export control laws on encryption are unconstitutional prior restraint on speech Bernstein III, August 25, 1997: restrictions on publication are unconstitutional prior restraint on speech even as written under the new Commerce Department regulationsAppeals Court (starting Dec, 1997): Appeals Court (starting Dec, 1997) Determine whether export control laws and regulations violate the First Amendment May 6, 1999: District Court upheld 2-1 Export restrictions against encryption are an unconstitutional prior restraint of free expression, impermissible under the First Amendment The Wassenaar Arrangement: The Wassenaar Arrangement Wassenaar Arrangement signed 1995 Involves 33 countries Objective of the Arrangement Prevent accumulation of military capabilities that threaten regional and int’l security and stability Controls export of cryptographic products Classified as dual-use goods having civilian and military applicationsWassenaar in more detail: Wassenaar in more detail In July 1996, after two years of negotiations, 33 countries approved guidelines and procedures for the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Wassenaar Arrangement members seek to coordinate export controls on conventional arms as well as "dual-use" advanced materials and technology -- those that have both military and civilian applications. The aim of the group is to prevent advanced arms and technology from going to pariah states like Iraq, Libya, and North Korea and to regions of instability like South Asia. Clinton administration officials have characterized [it] as a work in progress that should, over time, become as effective and reliable as any of the other non-proliferation regimes. Wassenaar continues ...: Wassenaar continues ... Cryptography experts meeting in Vienna in Sept 1998 Plenary session in Dec 1998 Results Additional controls over export of cryptography introduced into Wassenaar Arrangement. This has been widely condemned and has lead to the establishment of cryptography mirror sites around the world. In 1999 there is likely to be pressure within Wassenaar to control intangible exports. See ACM Computers, Freedom and PrivacyCanadian Wassenaar Policy: Canadian Wassenaar Policy In compliance with the current version of the Wassenaar Arrangement, Canadian government prohibits export of strong encryption products. As a result, Canadian high-tech companies like Entrust, Certicom, Timestep, and KyberPASS are prevented from selling to foreign customers hardware and software products that offer the best level of privacy and security. A provision known as the 'General Software Note', however, specifies that "public domain" software can be freely exported. "Paradoxically, our government enforces a policy that says we can't sell the fruit of our labours, but on the other hand, we can give it away for free”.French Policy: French Policy France has restricted domestic use and supply of cryptography authorization and declaration required for almost all cryptography Slightly liberalized in 1996 law mandating key deposits with Trusted Third Parties Domestic use of crypto liberalized in Jan 1999 US Export Policy: US Export Policy Weak cryptography exportable Strong cryptography not exportable Software havoc Other issues: Clipper and key escrow debates, ...