Cryptography law

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Cryptography is the practice and study of hiding information. There are many different cryptography laws in different nations. Some countries prohibit export of cryptography software and/or encryption algorithms or cryptoanalysis methods. In some countries a license is required to use encryption software, and a few countries ban citizens from encrypting their internet communication[citation needed]. Some countries require decryption keys to be recoverable in case of a police investigation.

Overview[edit]

Issues regarding cryptography law fall into four categories:[1]

  • Export control, which is the restriction on export of cryptography methods within a country to other countries

or commercial entities. There are international export control agreements, the main one being the Wassenaar Arrangement. The Wassenaar Arrangement was created after the dissolution of COCOM (Coordinating committee for Multilateral Export Controls), which in 1989 "decontrolled password and authentication-only cryptography."[2]

  • Import controls, which is the restriction on using certain types of cryptography within a country.
  • Patent issues, which deal with the use of cryptography tools that are patented.
  • Search and seizure issues, on whether and under what circumstances, a person can be compelled to decrypt data files or reveal an encryption key.

Cryptography law in different countries[edit]

France[edit]

As of 2011 and since 2004, the law for trust in the digital economy (LCEN) mostly liberalized the use of cryptography.[3]

  • As long as cryptography is only used for authentication and integrity purposes, it can be freely used. The cryptographic key or the nationality of the entities involved in the transaction do not matter. Typical e-business websites fall under this liberalized regime.
  • Exportation and importation of cryptographic tools to or from foreign countries must be either declared (when the other country is a member of the European Union) or requires an explicit authorization (for countries outside the EU).

United States[edit]

In the United States, the International Traffic in Arms Regulation restricts the export of cryptography.

See also[edit]

References[edit]

  1. ^ Kumar, Pankaj. "Cryptography with Java". Pearson. Retrieved 12 February 2013. 
  2. ^ Koops, Bert-Jaap (November 1996). "A survey of cryptography laws and regulations". Computer Law & Security Report. 6 12: 349–355. Retrieved 12 February 2013. 
  3. ^ "Legifrance.gouv.fr - Loi pour la confiance dans l'économie numérique (LCEN)". Retrieved June 14, 2011.