Legal Framework Regulating Data Encryption

Escrow Encryption Standard

Export Policy

Case Study

Glossary

Legal Framework Regulating Data Encryption
Escrow Encryption Standard

The USA is one of the countries with specific regulation on the use and the export of cryptographic materials. The two major areas explored here is the newly introduced Escrow Encryption Standard and the US encryption product export law.

Escrow Encryption Standard
Two separate independent escrow agents store two separate chip unique key components. These components are released to authorized government official only when authorized request for electronic surveillance comply with procedures approved by the Attorney-General.

These key components are needed to construct addition modulo 2 key. An 80-bit session key (KS) serves as initialization block for encryption process that could be selected. In Law Enforcement Access Field (LEAF), current session key is stored in encrypted form and by using chip unique key the session key is obtained. In the event that the court orders for government surveillance, a government-controlled decrypt device could extract and decrypt session key from LEAF. At this point, any intercepted message is open to surveillance.

CLIPPER chip used is generally tamper-proof. Though generally EES shows little weakness, however, LEAF is transmitted across open communications and thus still susceptible to unauthorized attempt at decryption.

SKIPJACK algorithm here is used within CLIPPER chip. To restrict its use, it cannot be obtained as software; instead it can only be obtained as a tamper-resistant chip, programmed specifically by Mykotronx (in CLIPPER) under specific configurations. SKIPJACK itself is an algorithm kept private, classified as secret by the government, and most importantly, not releasable to foreign nationals. This last bit corresponds to the US' protectionism policy.