[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Legal Definition of Encryption?



  The U.S. Export Administration Regulations (Commerce Department) include
the following definitions:

  "Cryptography" -- "The discipline that embodies principles, means and
methods for the transformation of data in order to hide its information
content, prevent its undetected modification or prevent its unauthorized
use.  'Cryptography' is limited to the transformation of information using
one or more 'secret parameters' (e.g., crypto variables) and/or associated
key management.  Note: 'Secret parameter': a constant or key kept from the
knowledge of others or shared only within a group." (Part 772)

  "Information security" -- "All the means and functions ensuring the
accessibility, confidentiality or integrity of information or
communications, excluding the means and functions intended to safeguard
against malfunctions.  This includes 'cryptography', 'cryptanalysis',
protection against compromising emanations and computer security."

  These definitions and others are used within the Commerce Control List
(Supplement No. 1 to Part 774) to regulate the export of certain Information
Security related equipment, software, etc. (Category 5:II).

  The U.S. International Traffic in Arms Regulations (State Department) also
regulates (until 1/1/97, when jurisdiction is expected to move to Commerce)
the export of certain "Cryptographic systems", etc. including those with the
capability of maintaining secrecy or confidentiality of information systems.
(The United States Munitions List, Section 121.1, Category XIII-Auxiliary
Military Equipment)

   - Richard Field



At 01:48 PM 11/8/96 -0400, "William H. Geiger III" <[email protected]> wrote:

>Is there any law(s) that actully define encryption?
>
>At it's very basics encryption is taking a group of 1's & 0's converting
them into a different group of 1's & 0's and providing a mecanisim to change
them back to the original group of 1's & 0's.
>
>>From a legal standpoitnt how is PGP any different than PKZIP? How does the
law make a diference between an "encryption" program and a "compression"
program other than the fact that the encryption program is advertized as
encryption and the compression program is advertized as compression?