Cryptography law
Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit export of cryptography software and/or encryption algorithms or cryptoanalysis methods. In some countries a license is required to use encryption software, and a few countries ban citizens from encrypting their internet communication. Some countries require decryption keys to be recoverable in case of a police investigation.
Overview
Issues regarding cryptography law fall into four categories:[1]
- Export control, which is the restriction on export of cryptography methods within a country to other countries or commercial entities. There are international export control agreements, the main one being the Wassenaar Arrangement. The Wassenaar Arrangement was created after the dissolution of COCOM (Coordinating committee for Multilateral Export Controls), which in 1989 "decontrolled password and authentication-only cryptography."[2]
- Import controls, which is the restriction on using certain types of cryptography within a country.
- Patent issues, which deal with the use of cryptography tools that are patented.
- Search and seizure issues, on whether and under what circumstances, a person can be compelled to decrypt data files or reveal an encryption key.
Cryptography law in different countries
France
As of 2011 and since 2004, the law for trust in the digital economy (LCEN) mostly liberalized the use of cryptography.[3]
- As long as cryptography is only used for authentication and integrity purposes, it can be freely used. The cryptographic key or the nationality of the entities involved in the transaction do not matter. Typical e-business websites fall under this liberalized regime.
- Exportation and importation of cryptographic tools to or from foreign countries must be either declared (when the other country is a member of the European Union) or requires an explicit authorization (for countries outside the EU).
United States
In the United States, the International Traffic in Arms Regulation restricts the export of cryptography.
See also
- Official Secrets Act - (United Kingdom, India, Ireland, Malaysia and formerly New Zealand)
- Regulation of Investigatory Powers Act 2000 (United Kingdom)
- Restrictions on the Import of Cryptography
- Export of cryptography
- Key disclosure law
- United States v. Boucher, on the right of a criminal defendant not to reveal a passphrase
- FBI–Apple encryption dispute on whether cellphone manufacturers can be compelled to assist in their unlocking
- CryptoLaw, set of legal regimes governing cryptocurrencies and related instruments.
References
- Kumar, Pankaj. "Cryptography with Java". Pearson. Retrieved 12 February 2013.
- Koops, Bert-Jaap (November 1996). "A survey of cryptography laws and regulations". Computer Law & Security Report. 6. 12: 349–355. (access restricted to current University of Toronto)
- "Legifrance.gouv.fr - Loi pour la confiance dans l'économie numérique (LCEN)". Retrieved June 14, 2011.
External links
- Bert-Jaap Koops' Crypto Law Survey - existing and proposed laws and regulations on cryptography