Cybertelecom Federal Internet Law & Policy An Educational Project

Crypto :: Reference

Federal Activity

• The Security Race: Challenges, Leadership and Tools for Success Remarks by Chris Israel Deputy Assistant Secretary for Technology Policy, United States Department of Commerce Delivered May 20, 2002 at the GovNet 2002 Summit Hot Springs, VA
• Commerce Secretary Announces New Standard for global Information Security, Doc 12/5/01
• Financial Management Service, Fiscal Service, Treasury Electronic Authentication Policy Jan 2001
• Keep Big Brother's Hands Off The Internet  By Senator John Ashcroft  USIA Electronic Journal, Vol. 2, No. 4, October 1997
• NIST
• NIST IR-7298 Rev. 1 DRAFT Glossary of Key Information Security Terms This glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009). The terms included are not all inclusive of terms found in the NIST publications, but do include most of the terms in those publications. The glossary does contain all of the terms and definitions from CNSSI-4009. The purpose of this glossary is to provide a central resource of definitions most commonly used in NIST information security publications and in CNSS information assurance publications. Comments should be sent to secglossary@nist.gov by COB June 30, 2010 .
• Special Publication 800-21, Guideline for Implementing Cryptography in the Federal Government., NIST 9/19/2005
• RFC: NIST Special Publication 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, is now available, NIST 3/29/2005
• NIST has posted brief comments on the recent SHA-1 cryptanalytic attacks., NIST 2/25/2005
• NIST Details Certification Process FCW 10/30/02
• NIST says DES encryption 'inadequate', NWFusion 8/2/2004
• Third Annual Public Key Infrastructure R&D Workshop, April 12-14, 2004 (in conjunction with NIH and Internet 2), NIST 1/23/2004
• Commerce Secretary Announces New Standard for Global Information Security Dec 2001
• NIST Advanced Encryption Standard (AES) Questions and Answer
• NIST Announces Candidates for New Data Scrambling Standard 1998

Testimony

• Testimony of William A. Reinsch Under Secretary for Export Administration Department of Commerce Before The Senate Commerce Committee June 10, 1999 (on the direction of the Administration's encryption policy)
• Testimony of William A. Reinsch Under Secretary for Export Administration Department of Commerce  Before The Senate Commerce Committee 1999

Export

• Dept Commerce, Bureau of Export Affairs
• Guidance
• FAQs
• ENCRYPTION LICENSE EXCEPTION CHART
• Export of Encryption Technology (5E002)
• Presidents Export Council Subcommittee on Encryption Liberalization 2000: Recommendations for Revising the Encryption Export Regulations
• Technical Advice for U.S. Exporters ISSUES WITH SOFTWARE EXPORTATION, Trade Information Center, August 2001

Federal Crypto

• Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules
• "mandatory and binding for federal agencies that have determined that certain information be protected via cryptographic means." NIST, Security Considerations for VoIP Systems, Special Publication 800-58 (April 2004) p. 6
• National Institute of Standards and Technology, DRAFT FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems, September 18, 2003

PKI

• Federal Public-key Infrastructure Business Working Group (FPKI-BWG) "The FPKI-BWG co-chaired by GSA and the ACES vendors, brings together agency and ACES vendor representatives in a forum designed to discuss both agency-specific and cross-cutting agency PKI needs and how those needs can be reached. The group is developing a business case analysis and having agencies present their PKI implementation "best practices". The group is exploring different PKI solutions suited to each agency's applications. The BWG will interact and work in cooperation with the technical, and legal and policy working groups"
• PKI Interoperability
• FBCA Federal Bridge Certificate Authority "The FBCA is a non-hierarchical “hub” that is designed to permit disparate agency public key infrastructures to interoperate seamlessly.  In essence, the FBCA allows the recipient to accept with confidence the sender’s electronic credential (the certificate) and thus permits the transaction to consummate."

Links

• USG
  • DOC Bureau of Export Administration
  • DOC Bureau of Industry and Security: COMMERCIAL ENCRYPTION EXPORT CONTROLS
  • National Security Agency "The National Security Agency/Central Security Service is America’s cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. government information systems and produce foreign signals intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the government."
• CPSR
• CryptoRights
• Americans for Computer Privacy.
• CDT's Cryptography Policy Issues Page
• Electronic Privacy and Information Center
• Encryption Policy Resource Page
• Internet Research Task Force (IETF & ISOC) Crypto Forum
• Privacy International
• The Security and Freedom Through Encryption Act of 1997 H.R. 695
• Senator Kerry's Secure Public Network Act
• Senator Burn's Encryption Page Including Pro-Code
• Software Publishers Association
• UK Cryptography Policy Discussion Group

Law

    Regulation

• 15 CFR Parts 734, 740, 742, 770, 772, 774
• 61 FR 6111 Final Rule Dept State Amendment to the International Traffic in Arms Regulations Feb 16, 1996
• BXA Final Regs

    Caselaw

• Bernstein v. US DOJ, 176 F3d 1132 (9th Cir 1999) [NOTE The Ninth Withdrew this opinion for a hearing en banc - meaning the get to do it all over again Source]  “The government defendants appeal the grant of summary judgment to the plaintiff, Professor Daniel J. Bernstein ("Bernstein"), enjoining the enforcement of certain Export Administration Regulations ("EAR") that limit Bernstein's ability to distribute encryption software. We find that the EAR regulations (1) operate as a prepublication licensing scheme that burdens scientific expression, (2) vest boundless discretion in government officials, and (3) lack adequate pro- cedural safeguards. Consequently, we hold that the challenged regulations constitute a prior restraint on speech that offends the First Amendment. Although we employ a somewhat narrower rationale than did the district court, its judgment is accordingly affirmed.“
• Junger v. Daley, 209 F.3d 481 (6th Cir. 2000) This is a constitutional challenge to the provisions of the Export Admin Regulations, 15 CFR PArts 730-74, that regulate the export of encryption software.  ....Having concluded that the First Amendment protects computer code, we reverse the district court and remand for further consideration of Junger's constitutional claims in light of the amended regulations."  Prof Junger had sought to publish a text book with crypto code published in the text book.
• Karn v. U.S. Dep’t of State,  925 F.Supp. 1 (DDC 1996), 107 F.3d 923 (D.C.Cir. 1997) CDT Info
• Andersen Consulting LLP v. UOP and Bickel & Brewer, 991 F.Supp. 1041 (N.D.Ill 1998) (Court held ECPA does not apply to corporation's own network and therefore did not bar disclosure of email on that network).

Papers

• Harold Abelson, et. al, Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (July 6, 2015),
• Lance J. Hoffman, David M. Balenson, Karen A. Metivier-Carreiro, Anya Kim, Matthew G. Mundy Growing Development of Foreign Encryption Products in the Face of U.S. Export Regulations CPI-1999-02 PDF
• Leonard Kleinrock, et. al., Realizing the Information Future: The Internet and Beyond, National Research Council 82 (1994) (" The only effective means to protect information in the network is encryption.")
• ABA PKI Assessment Guidelines ("PAG") - Public Draft for Comment v0.30
• CAIDA:  Internet Measurement: Myths about Internet data (5 dec 01) Myth:  prevalence of encrypted passwords
• Department of Justice FAQ on Encryption Policy April 24, 1998
• Cryptography's Role In Securing The Information Society, Computer Science and Telecommunications Board, National Research Council (1996)
• Michael Froomkin, It Came From Planet Clipper, 1996 U. Chi. L. Forum 15 (The Law of Cyberspace symposium volume).
• CSTB Cryptography's Role in Securing the Information Society
• Michael Froomkin. The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution (143 U. Penn. L. Rev. 709 (1995)).
• Michael Froomkin, The Constitutionality of Mandatory Key Escrow--A First Look in Building in Big Brother: The Cryptographic Policy Debate 413 (Lance Hoffman, ed. 1995).

Links

• NSA: CryptoKids (filled with lots of trademark images that we cant use on this site!)
• National Cryptologic Museum

News

• Amie Stepanovich, Virtual Integrity: Three steps toward building stronger cryptographic standards, Access Now (Sept. 18, 2014),
• NIST Seeks Comments on Cryptography Standards Publication, NIST 12/17/2009
• Government Abuses Computer Crime Law to Boost Criminal Charges, EFF 8/9/2010
• Second Cryptographic Hash Workshop, NIST 4/7/2006
• Submissions Requested for Crypto Hash Workshop, NIST 7/5/2005
• Proposed Export Rules Could Stifle Innovation, ACM 6/29/2005
• Cold War encryption laws stand, but not as firmly, CNET 10/17/2003
• FBI awards public-key contract, FCW 9/11/03
• A Quantum Leap in Cryptography, BWO 7/18/03
• Why Criminalizing Crypto Is Wrong, Security Focus 3/3/03
• Noisy light is new key to encryption CNET 11/15/02
• Former FBI chief takes on encryption CNET 10/15/02
• Keeping e-mail encryption alive, AP 4/22/02
• Cold War restrictions on computer exports eased by President Bush, AP 1/4/02
• Fed adoption of encryption standard may spread slowly, CW 12/18/01
• Government Approves Encryption Standard, INews 12/5/01
• Strategies & Issues: Public Key Infrastructure Nuts and Bolts Network Mag Nov 2001
• Clinton administration relaxes encryption rules Oct 20, 2000 usatoday
• New Encryption Regs. In Effect Oct 19, 2000 washtech
• Relaxed encryption exports get green light Oct 19, 2000 nandotimes
• July 17, 2000 -- The Administration is updating its policy for encryption exports to the European Union and other key trading partners, thus assuring continued competitiveness of U.S. industry in international markets. Under the new policy, U.S. companies can export under license exception (i.e., without a license) any encryption product to any end user in the 15 nations of the European Union as well as Australia, Norway, Czech Republic, Hungary, Poland, Japan, New Zealand and Switzerland. White House Press Release July 20, 2000 pub
• U.S. To Follow EU Crypto Lead Wired 6/6
• Big Crypto Win for ‘Snuffle' ZDNET 2/28
• Dumb U.S. Encryption Policy Is Finally, Quietly Changed InternetNews 2/28