Cryptography law

After the source code for Philip Zimmermann's Pretty Good Privacy (PGP) encryption program found its way onto the Internet in June 1991, a complaint by RSA Security (then called RSA Data Security, Inc.) resulted in a lengthy criminal investigation of Zimmermann by the US Customs Service and the FBI, though no charges were ever filed.

[7][8] Daniel J. Bernstein, then a graduate student at UC Berkeley, brought a lawsuit against the US government challenging some aspects of the restrictions based on free speech grounds.

[10] Cryptography exports from the US became less strictly regulated as a consequence of a major relaxation in 2000;[11] there are no longer very many restrictions on key sizes in US-exported mass-market software.

[citation needed] Another contentious issue connected to cryptography in the United States is the influence of the National Security Agency on cipher development and policy.

[12] DES was designed to be resistant to differential cryptanalysis,[13] a powerful and general cryptanalytic technique known to the NSA and IBM, that became publicly known only when it was rediscovered in the late 1980s.

[citation needed] Another instance of the NSA's involvement was the 1993 Clipper chip affair, an encryption microchip intended to be part of the Capstone cryptography-control initiative.

The whole initiative was also criticized based on its violation of Kerckhoffs's Principle, as the scheme included a special escrow key held by the government for use by law enforcement (i.e.

[citation needed] The United States Department of Justice and FBI have not enforced the DMCA as rigorously as had been feared by some, but the law, nonetheless, remains a controversial one.

[16] Cryptologist Bruce Schneier has argued that the DMCA encourages vendor lock-in, while inhibiting actual measures toward cyber-security.

[17] Both Alan Cox (longtime Linux kernel developer) and Edward Felten (and some of his students at Princeton) have encountered problems related to the Act.

In 2007, the cryptographic keys responsible for Blu-ray and HD DVD content scrambling were discovered and released onto the Internet.

Failure to comply is an offense in its own right, punishable on conviction by a two-year jail sentence or up to five years in cases involving national security.

[citation needed] The 2016 FBI–Apple encryption dispute concerns the ability of courts in the United States to compel manufacturers' assistance in unlocking cell phones whose contents are cryptographically protected.

[27] As of 2011 and since 2004, the law for trust in the digital economy [fr] (French: Loi pour la confiance dans l'économie numérique; abbreviated LCEN) mostly liberalized the use of cryptography.

[28] Section 69 of the Information Technology Act, 2000 (as amended in 2008) authorizes Indian government officials or policemen to listen in on any phone calls, read any SMS messages or emails, or monitor the websites that anyone visits, without requiring a warrant.

[29]: 3 Electronics, including cryptographic products, is one of the categories of dual-use items in the Special Chemicals, Organisms, Materials, Equipment and Technologies (SCOMET; part of the Foreign Trade (Development & Regulation Act), 1992).