If you live in the United States of America, there are several laws regarding encryption products that you should be aware of. They all deal with the export of high-performance cryptographic products. In general, the regulations say that you cannot export a product that uses over forty bits of encryption.

The purpose of this restriction was to prevent high security products from falling into enemy hands during the cold war. If you check out Editorials, though, you can read why the law is outdated in today’s society.

If you don’t live in the United States, you do still have some options for obtaining high-performance encryption products. First, you could break US law and download the application. In order to prosecute, the United States would have to extradite you. The government has every right to do this, though I do believe it hasn’t been done yet. We recommend against this option.

On the other hand, you could find yourself an encryption program that was not written in the US. US law only applies to products exported from the United States, so if you don’t export, there is no problem to begin with.

In any case, more on restrictions. Though a big aspect, export regulations are by no means the only method governments are using to control encryption technology. To varying degrees, governments are trying to implement "key escrow," or technology to facilitate law enforcement personnel to recover plain text data. One example of this is the "clipper chip" that President Clinton attempted to implement in the past couple years.

The idea of this chip was have all encryption done through this chip, which leaves a loophole. When the police obtain a subpoena to forcibly decrypt suspect data, they would have to put together the chip. What this means is that they would have to get half of the key from two independent "escrow agencies" Only then could the data be read by the police.

Currently, the United States does not require mandatory key escrow, and doing so would be extremely hard to implement. Also, first amendment rights come into question. Do you have the right to speak privately? The courts seem believe you do thus far. Some countries, however, seem to believe that key escrow is important, and are implementing it. For example, China is requiring all internet providers to install systems so the government can easily read each and every email message sent. Pretty scary.

On the complete opposite side of the table is Canada, the first government in the world to openly acknowledge that encryption can be good for the people, and encourage its proliferation into society. The Canadian government has suggests that everyone use a public key system to protect email messages. With any luck, more governments will follow Canada’s lead and move towards a system where people have guaranteed privacy as the result of strong encryption technology.