Encryption was first recorded in 600 BC when the Spartans use a device to send secret messages during battle. Since then the use of encryption has become much more advanced and used exponentially more. Many people believe that regulating encryption will help prevent criminals from remaining anonymous. Every country is different when it comes to regulating encryption, but no one has found the perfect balance between providing effective security and preventing criminals from avoiding investigation. This report will analyze if governmental regulation of encryption is worth the violations of privacy. Specifically, this paper will compare the pros and cons of regulating encryption which can violate citizen’s privacy or assist in seizing criminals.
Keywords: encryption, regulation, data security, government 关键词:加密，监管，数据安全，政府
Does the Government Need to Regulate Something as Important as Encryption?政府需要规范加密这样重要的东西吗?
In the rapidly growing age of technology, things become new more quickly. With the constant need to keep ‘updated’ in the world, there is also a need to keep security. Encryption has been around for a long time, but modern encryption wasn’t invented until the enigma machine in 1918. This is very recent, putting in perspective that no laws or policies were in place at the time to keep encryption from running rampant. Even in current day, we are still having trouble coming up with regulations for this. When Apple had an argument with the FBI over access to a locked iPhone used by the San Bernardino gunman, North Carolina’s senators offered a bill that would have required companies to provide unencrypted versions of data if given a court order. This is just one example of many. Current day encryption has a multitude of different algorithms, some of which are monitored and regulated by the government. But does the government regulating encryption mean that citizens must give up some sense of privacy? Or does it meant that criminals attempting to remain anonymous will be caught.? This report will analyze scholarly opinions and different country’s policies on regulating encryption and come to a conclusion, answering the following questions.
What are the current regulations for encryption and do countries have different rules?
Are citizen’s privacy at risk by regulating or not regulating encryption?
What are the trade-offs for regulating or not regulating encryption?
What are some possible regulations to control encryption?
How will these regulations affect our daily lives?
In a new age of technology, privacy is a key component to a healthy, functioning society and the government’s role in regulating encryption could jeopardize these rights.
What are the current regulations for encryption and do countries have different rules?目前对加密的规定是什么?各国有不同的规定吗?
Before looking to deeply into the morals of regulating encryption we need to understand what regulations are currently in place. Every country has a different take on what needs to be controlled. For example, Estonia surprisingly, is one of the most networked countries in the world. Citizens use networks for banking, voting, paying taxes as well as other things. In 2007, Estonia was hit with a massive cyber attack taking down banks, telephone networks and television stations (Sales, 2013, para. 3). Since then, Estonia has set up a “Cyber Defense Unit” to react to those kinds of situations. However, despite a dedicated unit, according to article 215 of their Criminal Procedure Code, investigative authorities can order the production of information from any person, but they cannot require that person to divulge encryption keys or passwords. This means that the citizens are allowed some form of privacy, which other countries do not. All countries take a different approach by attempting to regulate encryption in a multitude of ways. Saper stated in his journal that “some countries restrict the import or export of cryptographic technology, others restrict the import of encrypted data, and still others restrict or prohibit the use of encryption within their borders” (Saper, 2013, p. 3). Countries like the United states are an example of all three. The U.S. regulates all imported and exported encryption through The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR).
在深入研究规范加密的道德之前，我们需要了解目前有哪些规定。每个国家对需要控制的东西都有不同的看法。例如，令人惊讶的是，爱沙尼亚是世界上网络最紧密的国家之一。公民使用网络进行银行、投票、纳税以及其他活动。2007年，爱沙尼亚遭受了大规模的网络攻击，银行、电话网络和电视台纷纷瘫痪。3)此后，爱沙尼亚成立了一个“网络防御单位”，以应对这类情况。但是，根据《刑事诉讼法》第215条，虽然设立了专门机关，但调查机关可以命令任何人提供信息，但不能要求任何人泄露密钥或密码。这意味着公民可以享有某种形式的隐私，而其他国家是不允许的。所有国家都采取了不同的方法，试图以多种方式监管加密。Saper在他的期刊中写道:“一些国家限制加密技术的进口或出口，另一些国家限制加密数据的进口，还有一些国家限制或禁止在其境内使用加密”(Saper, 2013, p. 3)。像美国这样的国家就是这三种情况的一个例子。美国通过《国际武器贸易条例》(ITAR)和《出口管理条例》(EAR)管理所有进出口加密技术。
Each country has a unique way of dealing with encryption techniques which vary in forms of privacy; India has a mandatory encryption strength. China requires that manufacturers must have their encryption method approved by the National Commission on Encryption Code Regulations. Russia demands a license for distributing encryption algorithms. They all attempt to help them draw the line between being able to prevent criminals from using encryption maliciously, while simultaneously allowing citizens their right of discretion. Regulating encryption is a constantly evolving area and the disparate regulations of each country presents the complexity of the problem we are facing as this issue evolves further.
Are Citizen’s Privacy at Risk by Regulating or not Regulating Encryption?规范或不规范加密是否会危及公民隐私?
Governments regulating encryption is not pointed towards specific or individual people. They are not targeting the privacy of their citizens. For the most part governments are attempting to regulate companies or tech providers that hold or sell user data. The data that the government is regulating however, is user data at the core. Unless you are under investigative authority there is not much you have to worry about. In fact, encryption regulations simply help every day consumers. For example, section 103(a) of the Communications Assistance for Law Enforcement Act of says that “telecommunications carriers cannot use encryption themselves in a way which would prevent them from being able to intercept communications or deliver them to the government” (Global Partners Digital, 2018). But everything is prone to being hacked, meaning ultimately no ones data is 100% secure or private.
What Are the Trade-Offs for Regulating or not Regulating Encryption?规范或不规范加密的权衡是什么?
Like all aspects of life there are pros and cons to everything. In trading in privacy there are a lot of downsides that come with it. The growing use of encryption has significantly reduced the amount of plaintext that investigative officials can access. The number of smart phone users have boomed in the last decade with 47% of all smartphone and tablets using full disk encryption. This poses a serious threat to law enforcement and intelligence agencies. “Federal Bureau of Investigation (FBI) General Counsel James Baker reported that for fiscal year 2016, the FBI had encountered passcodes on 2,095 of the 6,814 mobile devices examined by its forensic laboratories.” (National Academics of sciences, et. al, 2018, pg. 31) Of those 2,095 devices only 1,210 were able to be broken into. And in 2017 the “FBI was unable to access about 7,500 mobile devices submitted to its Computer Analysis and Response Team, even though there was legal authority to do so.” This means there was an alarming amount of evidence that the FBI was denied to encryption standards not held by the government or companies. Not only are investigative authorities being held up by device encryption but most information off shore is inaccessible for the most part. Gmail, for example, stores their emails in servers not in the united states. Because Google stores these servers over seas it makes it harder for intelligence officials to gain accesses to plaintext. The increased use of encryption also has other effects in helping criminals retain anonymity on the web. The U.S. Department of Justice’s National Strategy on Child Exploitation Prevention and Interdiction Working Group conducted a study on “more than 1,000 federal, state, local, and tribal investigators” (National Academics of sciences, et. al, 2018, pg. 42). In 2016 they concluded that more than 30 percent of respondents reported that the use of encryption by child pornography offenders has significantly increased.
By these statistics it shows that not only are intelligence agencies and tech corporations having trouble retaining access to plaintext of everyday items like smart phones and emails, but criminals are using it to provide themselves cover for communication. Like many things, encryption is a double-edged sword, and universal or at least federal regulations are a must-have when attempting to control encryption.
What Are some Possible Regulations to Control Encryption?控制加密的一些可能的规则是什么?
As mentioned in footnote one (pg.6), the CLOUD act takes a huge step in being able to receive data that is stored over seas from the United States. This means the companies that operate without borders are now required to give data in the United States. But this is just in investigative cases, there are other steps being taken by other countries and state powers. California, for example, passed the Consumer Privacy Act of 2018 which means that” companies who do not encrypt data or neglect to employ ‘reasonable security procedures’ are liable to be sued by consumers whose data is compromised” (Crane, 2019, para 7). This means that aside from information security, companies are to be held liable for ignorance in user data security. Denmark also has a regulation known as Data Protection Regulation. It states that when transmitting sensitive data, public authorities and private companies must use some form of encryption. The exact same as the United States’ Federal Information Processing Standards and General Data Protection Regulation. These are all example of great legislation by different unions that have shown to be effective in preventing sensitive data from being accessed as plaintext by malicious third parties. There are also a lot of great regulations in banking like the European Banking authority, the Gramm-Leach Bliley Act of the U.S., the New York Department of Financial Services. But the best is the Payment Card Industry Data Security Standard from the Payment Card Industry Security Standards Council. This is a global regulation that requires that companies that do not encrypt data and use security procedures be held liable by fines or penalties.
A lot of progress is being made in order to completely protect consumers. The problem is protecting consumers while also allowing intelligence agencies to be able to function. Very few countries have a minimum or maximum-security standard, for encryption and still only a few countries regulate import and exported encryption (Fig. 1).
Figure 1 “Countries with Import and Export regulated encryption” (Global Partners Digital, 2018)
There are already several regulations that we have, that have made great strides in helping improve not only the security of consumers, but also aided in allowing intelligence agencies and government officials’ investigations. There is still a lot of work to be done. Recently the ‘Five Eyes’ Governments, (US, UK, Canada, Australia and New Zealand) called for encryption backdoors to be used in tech companies released devices. This is not a great solution as it violates many citizens’ privacy and let’s be realistic, there is no such thing as a secure back door. In fact, there have been numerous times where the government’s security has failed, 2015’s U.S. voter database just being one example.
How Will these Regulations Affect Our Daily Lives?这些规定将如何影响我们的日常生活?
These upcoming and new regulations are a step in the right direction to maintain national and personal security. Some of the proposed legislature might be going a little overboard, not only violating citizens’ privacy, but their security as well. Currently, for the most part, all encryption regulations are really imposed to require tech companies to secure and control user data or aid in investigations. Unless you run a business, staying up-to-date on encryption legislation is not a necessity. Of course, it can’t hurt to know what laws there are surrounding your geographical location, but for your everyday consumer these regulations are designed solely to protect you.
Despite being an age-old tactic in sending and receiving hidden messages, encryption is the latest in the constantly evolving world of science and technology. There are many current and useful regulations for encryption. Global regulations like the PCI DSS all the way down to state regulations like California Consumer Privacy Act. However, the use of encryption by criminals is unprecedented and must be stopped. Creating regulations that balance citizens privacy and uphold standards set by intelligence officials is key in attempting to create a secure and safe society.
UKthesis provides an online writing service for all types of academic writing. Check out some of them and don't hesitate to place your order.
英国留学生公共财政方面英语硕士课程作业范文格式参考-Chester Aid to the Homeless: How f...
How to write a descriptive essay about an object？The descrip...
How to write a definition essay outline？Knowing how to writ...
How to write a descriptive essay？If your college professor e...
How to write a scholarship essay?When you’re applying for a...