next up previous contents
Next: Code breaking Up: Cryptography Issues in the Previous: Information   Contents

Government Controls on Information

With the potential for unrestricted information flow protected by cryptography established, the government has no choice but to act. The government has a few tools for containment: export restrictions, common carrier laws, data retention laws, and court compelled testimony and evidence. These provide a strong non-technological method of breaking today's public cryptosystems that experts like to classify as ``rubber hose cryptography.''[3] So called, because a rubber hose can be a brutal tool to break people behind the system without needing to break the system itself.

Curiously, cryptosystems have been classified as weapons, and are subject to ITAR (International Trafficking in Arms Regulations)[8]. This fact has led to the production of t-shirts with cryptosystems written on them, creating the ironic realization that such t-shirts are in fact considered weapons. Despite attempts to show the ridiculous nature of such a classification, these restrictions have proved an effective tool. By branding cryptosystems as weapons, the US government controls the strength of exported cryptosystems. As a consequence, rather than develop multiple versions of a product, companies often develop products with only weak encryption that can be marketed both inside and outside the US. Some companies with large resources such as IBM attempt to sidestep the issue by developing the cryptographic products outside the US and then importing rather than exporting it.

Another set of laws is the common carrier laws. These laws protect ``common carriers'', or services that must accept all customers and cannot violate the customer's privacy, from liability for the customer's actions[4, Common Carrier]. Examples of common carriers include the mail system and the phone system. These laws would help anonymous cryptosystems, which similarly protect privacy and fail to discriminate their customers, however the prevailing notion is that in exchange for common carrier privileges, the service must also help the government. For instance, in the case of phone services, this help comes in the form of wiretapping ability. In the case of Internet Service Providers, detailed logs are required for immunity from liability.


next up previous contents
Next: Code breaking Up: Cryptography Issues in the Previous: Information   Contents
Paul Ingemi 2004-10-25