Legal Mechanisms

A more conventional approach to controlling the use of cryptography is the law. However, it’s not obvious how to use legal mechanisms to facilitate the general use of cryptography while also allowing cryptographic protection to be removed in special circumstances. The law can either be:

• Restrictive: Making it hard to use cryptography. In this case, how do we overcome the inevitable difficulties associated with the genuine use of cryptography? And how do we prevent the illegal use of cryptography?

• Permissive: Make it easy to use cryptography. In this case, how can cryptographically-protected information be accessed in special circumstances (such as during a legally authorized investigation)?

Finding suitable legal means of addressing the cryptography dilemma is a considerable challenge. We’ll discuss several attempts to do this. Traditional approaches tend to be restrictive, but such techniques aren’t particularly suitable for controlling the use of cryptography today. Most of us now live in societies with a more permissive approach to the use of cryptography.

Export restrictions

Until the 1980s, one of the main ways to address the cryptography dilemma was the relatively straightforward technique of imposing export (and import) controls on cryptographic technology. At this time, the use of cryptography was not widespread, and any cryptography used tended to be implemented inside a hardware device. Therefore, cryptographic technology was something that could be inspected at national borders, and so its international movement could be controlled.

Note: The controlling movement doesn’t in itself fully address the cryptography dilemma, particularly the use of cryptography within national borders.

Most export controls specify limits on the key length of cryptographic technology. Keeping in mind that some governments have traditionally had access to greater computing power than everyone else, this kind of government could define a key length to provide:

• ‘Sufficient’ security to protect users of cryptographic technology against general threats.

• ‘Insufficient’ security to allow the government, if necessary, to undermine the cryptographic technology.

For example, in the 1990s, the US had a policy that prevented cryptographic technology using symmetric keys from being exported if the keys were longer than 40 bits. Any cryptographic technology with more than 40-bit keys required a specific license. Since DES was released the previous decade with 56-bit keys, it’s clear that the government in the US did not regard 40-bit security as ‘sufficient’ for its use. Indeed, many US cryptographic technologies in the 1990s had two versions, one for national consumption (with longer keys) and a 40-bit international version that could be exported.

Whether one agrees with the idea or not, restricting key length is at least a plausible strategy for controlling the use of cryptography in hardware. However, as the 20th century drew to a close, particularly with the increased use of the Internet, cryptographic mechanisms were increasingly being designed by the non-government community and implemented in software. There was a steadily increasing demand for technologies providing strong cryptographic security. As a result, the regime of export controls on cryptographic technology was challenged by advocates of freer use of cryptography.

That was when the cryptographic dilemma first really emerged as a public debate. It also touched on some much wider societal issues, such as whether source code is a form of free speech. Since means of encryption could now easily cross international borders (and certainly did), export controls were evidently no longer effective as a primary control of the use of cryptography.

While some export restrictions on cryptographic technology remain today, they are much less significant and effective than they once were.

Key escrow

In the 1990s, governments broadly recognized that strong cryptography was necessary to provide security for the expanding Internet. While export controls had been rendered ineffective by changes to the environment within which cryptography was being used, the cryptography dilemma remained. How could governments allow strong encryption to be widely used while still retaining some means of access to protected information?

An alternative idea that emerged from the US, and which was also considered by several other countries including the UK, was key escrow. The idea behind key escrow is that if any data is encrypted, then a copy of the decryption key is stored (escrowed) by a trusted third party in such a way that, should it be necessary and legally sanctioned by the appropriate authority, the decryption key can be obtained within the full terms of the law and used to recover the data. A situation like this might arise if the encrypted data is uncovered during a criminal investigation.

This idea requires the existence of escrow agents that are deemed sufficiently trustworthy and competent to store and manage escrowed keys. This alone makes key escrow both controversial and hard to implement. Moreover, the concept of key escrow is fraught with additional problems, which include: