Cryptography Reference
In-Depth Information
Risks Due to Abuse
A stolen 'picklock' (perhaps only after its generation, similar to eavesdropping on
the Clipper chip) is related to a much smaller risk for the investigators, compared
with the theft of other information. The risk of corruption and bribing is very high.
Both individuals and businesses are almost defenseless in the event of a political
overthrow.
Relativity
Key escrow is expensive. Huge amounts of data have to be searched to filter a
comparatively small amount of interesting information that merely complement
other data harvested in a traditional way. The major part concerns information on
law-abiding citizens. The protection of these data (which is never perfect anyhow)
against misuse and abuse causes costs not to be underestimated.
Harmfulness
The information society needs strong cryptology. Key escrow would hinder or even
stop the required public research in this field. Limitation to a few algorithms is a
basic risk.
Cryptography needs diversity; otherwise it is too dangerous.
Acceptance
When the public is informed about the matter, strong resistance has to be expected,
which increases the creativity in finding bypasses.
Figure 8.3:
(
continued
)
8.2.4 Export Regulations and Patents
This section discusses two other obstacles hindering the development of cryp-
tology: export restrictions for cryptographic software and hardware, and patent-
law issues. This discussion will be short, because both issues have come up
several times in this topic already.
Export Restrictions
Export restrictions are usually mentioned in connection with the US export
laws, which turned into a barrier for many US firms. These laws allowed them
to export only software and hardware with an effective key length of up to
40 bits. With the SSL protocol used in the Netscape Navigator browser, for
example, an additional 88 key bits were shipped in an unprotected way. The
