Since World War II, Western governments, including the U.S. and its NATO allies have regulated the export of cryptography for national security considerations. In light of the enormous impact of cryptanalysis in WWII, it was abundantly clear to these governments that denying current and potential enemies access to cryptographic systems looked to be militarily valuable. They also wished to monitor the diplomatic communications of other nations, including the many new nations that were emerging in the post-colonial period and whose position on Cold War issues was regarded as vital. Since the U.S. and U.K. had, they believed, developed more advanced cryptographic capabilities than others, there arose a notion that controlling all dissemination of the more effective crypto techniques might be beneficial. Legal limitations made controlling all use of cryptography inside the U.S. difficult, but controlling access to U.S. developments by others was thought to be more practical -- there were at least no Constitutional impediments. Accordingly, regulations were introduced as part of munitions controls which required licenses to export cryptographic methods (and even their description); the regulations established that cryptography beyond a certain strength (defined by algorithm and length of key) would not be licensed for export except on a case-by-case basis. The expectation seems to have been that this would further national interests in reading 'their' communications and prevent others from reading 'ours'. This policy was also adopted elsewhere for various reasons. World War II was a truly global conflict with many facets: immense human suffering, fierce indoctrinations, and the use of new, extremely devastating weapons such as the atom bomb World War II, also known as the Second World War, was a mid-20th-century conflict that engulfed much of the... ... The NATO flag NATO 2002 Summit in Prague The North Atlantic Treaty Organisation (NATO), sometimes called North Atlantic Alliance, Atlantic Alliance or the Western Alliance, is an international organisation for defence collaboration established in 1949, in support of the North Atlantic Treaty signed in Washington, D.C., on April 4... The history of cryptography dates back thousands of years, and for the most part, it has been the history of classical cryptography; that is, methods of encryption which can be performed using pen and paper (or perhaps with simple mechanical aids). ... World map of colonialism circa 1945. ... For the generic term for a high-tension rivalry between countries, see cold war (war). ... ... The first ten Amendments to the U.S. Constitution make up the Bill of Rights. ... A key is a piece of information that controls the operation of a cryptography algorithm. ...

The development, and public release, of DES and asymmetric key techniques in the 1970s, the rise of the Internet, and the willingness of some to risk and resist prosecution, eventually made this policy impossible to enforce, and by the late 1990s it was being relaxed in the US, and to some extent (eg, France), elsewhere. Nevertheless, some officials in the U.S. still believe that wide-spread availability of 'strong' cryptography world-wide has hampered the ability of the NSA to read intercepted communications that might reveal important information about intentions hostile to the U.S. and that, had the relaxation not happened, NSA would have had (and would have in future) an easier time. Others feel that the export controls in place in the last half of the 20th century discouraged incorporation of widely-known cryptographic tools into commercial products, particularly personal computer operating systems, and are a root cause of the present crisis in information security, aside from interfering with U.S. trade in such products. They observe that many of the advances, including asymmetric key cryptography and many of its algorithms, were already public in any case. General Designer(s) IBM First published 1975 (January 1977 as the standard) Derived from Lucifer (cipher) Cipher(s) based on this design Triple DES, G-DES, DES-X, LOKI89, ICE Algorithm detail Block size(s) 64 bits Key size(s) 56 bits Structure Feistel network Number of rounds 16 Best... In cryptography, an asymmetric key algorithm uses a pair of cryptographic keys to encrypt and decrypt. ... This article provides extensive lists of events and significant personalities of the 1970s. ... ... Cryptography has had a long and colourful history. ... NSA can stand for: National Security Agency of the USA The British Librarys National Sound Archive This page concerning a three-letter acronym or abbreviation is a disambiguation page — a navigational aid which lists other pages that might otherwise share the same title. ... In computing, an operating system (OS) is the system software responsible for the direct control and management of hardware and basic system operations. ... Information security deals with several different trust aspects of information. ...

Pre-World War II

State control of secret communications, and usually the means which permit the secrecy, have been important since ancient Greece and perhaps before. Cryptographic methods have generally been among a nation's most closely guarded secrets. Since at least the 19th century, disclosure of those means, or of the plaintext of messages protected by them, has been generally treated as treason and handled accordingly. With the development of electrical communication, first the telegraph and then wireless, governments and commercial interests have needed to use codes and cyphers to protect their communications or to reduce cable costs. Since the demonstration of the benefits of wireless in WWI, the publication by Admiral Jackie Fisher and Winston Churchill in the 20's of the fact of that the English read German Naval codes in WWI, the revelation on two occasions (also in the 20s) by UK ministers of information that could only have come from reading encrypted Soviet messages, and the publication of Herbert Yardley's book, The American Black Chamber, in 1931 (revealing major breaks of diplomatic cryptography -- especially in connection with the Washington Naval Conference), nations had even more motivation than before to attempt to protect the communications confidentiality. With the development of high quality cryptographic techniques during and after WWI, particularly commercial availability of rotor machines, some of these techniques became publicly available, even commercially. The US had a de facto policy (later made de jure) of not permitting the patenting of 'important' cryptographic and other security related inventions, which, at least for US inventions, limited public release of some techniques. There are several publicly known examples, including several innovations associated with cypher equipment like SIGABA. Inventors so treated are known to have included William F. Friedman and Frank Rowlett. Other countries have had similar policies. The plain text term has a different meaning. ... In law, treason is the crime of disloyalty to ones nation. ... Telegraphy (from the Greek words tele = far away and grapho = write) is the long distance transmission of written messages without physical transport of letters, originally over wire. ... Wireless was an old-fashioned term for a radio receiver, referring to its use as a wireless telegraph. ... WWI may be an acronym for: World War I World Wrestling Industry This is a disambiguation page — a navigational aid which lists pages that might otherwise share the same title. ... The Right Honourable Sir Winston Leonard Spencer-Churchill, KG , OM , CH , FRS , PC (30 November 1874 – 24 January 1965) was a British statesman, best known as Prime Minister of the United Kingdom during the Second World War. ... Herbert Osborne Yardley (13 April 1889-7 August 1958) was an American cryptologist most known for his book The American Black Chamber (1931). ... 1931 is a common year starting on Thursday. ... The Washington Naval Conference was a diplomatic conference held in Washington, D.C. in 1921 and 1922. ... In cryptography, a rotor machine is a electro-mechanical device used for encrypting and decrypting secret messages. ... De facto is a Latin expression that means in fact or in practice. It is commonly used as opposed to de jure (meaning by law) when referring to matters of law or governance or technique (such as standards), that are found in the common experience as created or developed without... Look up De jure in Wiktionary, the free dictionary De jure (in Classical Latin de iure) is an expression that means based on law, as contrasted with de facto, which means in fact. The terms de jure and de facto are used like in principle and in practice when one... SIGABA In the history of cryptography, the ECM Mark II was a rotor machine used by the United States from World War II (WWII) until the 1950s. ... William Friedman. ... Rowlett Frank Byron Rowlett (May 2, 1908 - June 29, 1998) was an American cryptanalyst. ...

World War II

Virtually all trade between the Allies and the Axis was halted during WW II; that discovered was typically treated criminally, no matter what items were involved. Two of the Allies, the U.S. and the U.K., developed an especially close relationship that included exchanges of information on their deepest secrets, cryptography/cryptanalysis, RADAR and nuclear weapons research. While they provided large amounts of military equipment to its other major ally, the USSR, there is no record that any cryptographic assistance was provided, with the still speculative possibility that the Lucy spy ring was a covert information transfer channel. Indeed, the U.S. and U.K. were attempting to break Soviet codes until mid 1941 and, though the UK stopped even intercepting them then, the US continued to intercept and examine Soviet traffic. While Soviet cryptography was often quite sophisticated, a small part of the interecepted traffic was decrypted over the next 20 years. When spelt with a capital A, Allies usually denotes the countries that fought together against the Central Powers in World War I and against the Axis Powers in World War II. For more information, see the related articles: Allies of World War I and Allies of World War II. Other... This article needs to be cleaned up to conform to a higher standard of quality. ... German soldiers at the Battle of Stalingrad World War II was the most extensive and costly armed conflict in the history of the world, involving the great majority of the worlds nations, being fought simultaneously in several major theatres, and costing tens of millions of lives. ... This long range radar antenna (approximately 40m (130ft) in diameter) rotates on a track to observe activities near the horizon. ... The mushroom cloud of the atomic bombing of Nagasaki, Japan, 1945, rose some 18 km (11 mi) above the epicenter. ... In WWII espionage, the Lucy spy ring was an anti-German operation which operated in Switzerland. ... The VENONA project was a long-running and highly secret collaboration between United States intelligence agencies and the United Kingdoms MI5 that involved the cryptanalysis of messages sent by several Soviet intelligence agencies. ...

Cold War era

In the early days of the cold war, the U.S. and its allies developed an elaborate series of export control regulations designed to prevent a wide range of supposedly superior Western technology from falling into the hands of others, particularly the Soviet bloc. All export of technology classed as 'critical' required a license. CoCom was organized to coordinate Western export controls. For the generic term for a high-tension rivalry between countries, see cold war (war). ... ... During the Cold War, the Eastern Bloc (or Soviet Bloc) comprised the following Central and Eastern European countries: Bulgaria, Romania, Hungary, East Germany, Poland, Albania (until the early 1960s, see below), the Soviet Union, and Czechoslovakia. ... CoCom is an acronym for Coordinating Committee for Multilateral Export Controls. ...

Two types of technology were protected: technology associated only with weapons of war and dual use technology, which also had commercial applications. In the U.S., dual use technology export was controlled by the Department of Commerce, while munitions were controlled by the State Department. Encryption technology (techniques as well as equipment and, after computers became important, crypto software) was classified as a munition. However, this hardly mattered in practice since secure encryption was not, certainly in the immediate post War period, available to the general public. The United States Department of Commerce is a Cabinet department of the United States government concerned with promoting economic growth. ... The United States Department of State, often referred to as the State Department, is the Cabinet-level foreign affairs agency of the United States government, equivalent to foreign ministries in other countries. ...

The U.S. Government's introduction of the Data Encryption Standard in 1975 meant that commercial uses of high quality encryption would become common, and serious problems of export control began to arise. Generally these were dealt with through case-by-case export license request proceedings brought by computer manufacturers, such as IBM, and by their large corporate customers. General Designer(s) IBM First published 1975 (January 1977 as the standard) Derived from Lucifer (cipher) Cipher(s) based on this design Triple DES, G-DES, DES-X, LOKI89, ICE Algorithm detail Block size(s) 64 bits Key size(s) 56 bits Structure Feistel network Number of rounds 16 Best... 1975 was a common year starting on Wednesday (the link is to a full 1975 calendar). ... International Business Machines Corporation (IBM, or colloquially, Big Blue) NYSE: IBM (incorporated June 15, 1911, in operation since 1888) is headquartered in Armonk, NY, USA. The company manufactures and sells computer hardware, software, and services. ...

PC era

Encryption export controls became a matter of public concern with the introduction of the personal computer. Phil Zimmermann's PGP cryptosystem and its distribution on the Internet in 1991 was the first major 'individual level' challenge to controls on export of cryptography. The growth of electronic commerce in the 1990s created additional pressure for reduced restrictions. Shortly afterward, Netscape's SSL technology was widely adopted as a method for protecting credit card transactions using public key cryptography. Phil Zimmermann is the creator of the popular PGP encryption software. ... Pgp is an acronym for: Pretty Good Privacy, a computer program for the encryption and decryption of data; P-glycoprotein, a type of protein Party for the Government of the People (Partido por el Gobierno del Pueblo} Pearl of Great Price the ICAO code for Perm Airlines This page concerning... A cryptosystem (or cryptographic system) is the package of all procedures, protocols, cryptographic algorithms and instructions used for encoding and decoding messages using cryptography. ... 1991 is a common year starting on Tuesday of the Gregorian calendar. ... Electronic commerce, e-commerce or ecommerce consists primarily of the distributing, buying, selling, marketing, and servicing john is gayof products or services over electronic systems such as the Internet and other computer networks. ... // Events and trends The 1990s are generally classified as having moved slightly away from the more conservative 1980s, but otherwise retaining the same mindset. ... Netscape Communications Corporation was the publisher of the Netscape Navigator web browser as well as many other internet and intranet client and server software products. ... Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. ... Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. ...

SSL encrypted messages using the RC4 cipher, and used 128-bit keys. U.S. government export regulations would not permit crypto systems using 128-bit keys to be exported. The longest key size allowed for export without individual license proceedings was 40 bits, so Netscape developed two versions of its web browser. The "U.S." edition had the full 128-bit strength. The "International Edition" had its effective key length reduced to 40-bits by revealing 88 bits of the key in the SSL protocol. Acquiring the 'U.S. domestic' version turned out to be sufficient hassle that most computer users, even in the U.S., ended up with the 'International' version, whose weak 40-bit encryption could be broken in a matter of days using a single personal computer. Much the same thing happened with Lotus Notes and for the same reasons. For the Vietnam road named RC4, see Route Coloniale 4. ... A key is a piece of information that controls the operation of a cryptography algorithm. ... In cryptography, the key size (alternatively key length) is a measure of the number of possible keys which can be used in a cipher. ... 40-bit encryption is a key size for symmetric encryption representing a low-level of security where the key is forty bits in length (five bytes). ... Web browser shortcuts on an Apple computer A web browser is a software application that enables a user to display and interact with HTML documents hosted by web servers or held in a file system. ... A cryptographic protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods. ... 40-bit encryption is a key size for symmetric encryption representing a low-level of security where the key is forty bits in length (five bytes). ...

Legal challenges by civil libertarians and privacy advocates, the wide spread availability of encryption software outside the U.S., and the perception by many corporate interests that adverse publicity about weak encryption was limiting their sales and the growth of e-commerce, led to a series of relaxations in US export controls, culminating in 1996 in the effective elimination of export controls on mass-market "shrinkwrap" and open source software containing cryptography (which, in any case, a "rogue state" could have downloaded, and subsequently verified, from file sharing networks or servers outside the US). Bernstein v. ... 1996 is a leap year starting on Monday of the Gregorian calendar, and was designated the International Year for the Eradication of Poverty. ... Open source refers to projects that are open to the public and which draw on other projects that are freely available to the general public. ...

Current status

Cryptography exports from the U.S. are now (as of 2004) controlled by the Department of Commerce's Bureau of Industry and Security. Some restrictions still exist, even on mass market products, particularly with regard to export to "rogue states" and terrorist organizations. Militarized encryption equipment, TEMPEST-approved electronics, custom cryptographic software, and even cryptographic consulting services still require an export license. The regulations, though relaxed from pre-1996 standards, are still complex, and often require expert legal and cryptographic consulation. Other countries, notably those participating in the Wassenaar Arrangement, have similar restrictions. 2004(MMIV) is a leap year starting on Thursday of the Gregorian calendar. ... A rogue state is a political entity that, contrary to the stated desires of other powers, attempts to acquire weapons that other countries seek to prevent from appearing under their custody, use weapons in domestic or international warfare that other powers consider abominable, commit crimes against humanity, harbor terrorists, tolerate... Look up terrorist in Wiktionary, the free dictionary. ... A tempest is a violent storm. ... The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is an arms control arrangement with 33 participating states. ...

See also

• Bernstein v. United States

Bernstein v. ...

External links

• Crypto law survey
• Bureau of Industry and Security
• My life as a Kiwi arms courier — Peter Gutmann's farcical account of his experiences exporting cryptographic software from New Zealand.
• Export Control Blog