Encryption was first recorded in 600 BC when the Spartans use a device to send secret messages during battle. Since then the use of encryption has become much more advanced and used exponentially more. Many people believe that regulating encryption will help prevent criminals from remaining anonymous. Every country is different when it comes to regulating encryption, but no one has found the perfect balance between providing effective security and preventing criminals from avoiding investigation. This report will analyze if governmental regulation of encryption is worth the violations of privacy. Specifically, this paper will compare the pros and cons of regulating encryption which can violate citizen’s privacy or assist in seizing criminals.
Keywords: encryption, regulation, data security, government 關鍵詞:加密，監管，數據安全，政府
Does the Government Need to Regulate Something as Important as Encryption?政府需要規范加密這樣重要的東西嗎?
In the rapidly growing age of technology, things become new more quickly. With the constant need to keep ‘updated’ in the world, there is also a need to keep security. Encryption has been around for a long time, but modern encryption wasn’t invented until the enigma machine in 1918. This is very recent, putting in perspective that no laws or policies were in place at the time to keep encryption from running rampant. Even in current day, we are still having trouble coming up with regulations for this. When Apple had an argument with the FBI over access to a locked iPhone used by the San Bernardino gunman, North Carolina’s senators offered a bill that would have required companies to provide unencrypted versions of data if given a court order. This is just one example of many. Current day encryption has a multitude of different algorithms, some of which are monitored and regulated by the government. But does the government regulating encryption mean that citizens must give up some sense of privacy? Or does it meant that criminals attempting to remain anonymous will be caught.? This report will analyze scholarly opinions and different country’s policies on regulating encryption and come to a conclusion, answering the following questions.
What are the current regulations for encryption and do countries have different rules?
Are citizen’s privacy at risk by regulating or not regulating encryption?
What are the trade-offs for regulating or not regulating encryption?
What are some possible regulations to control encryption?
How will these regulations affect our daily lives?
In a new age of technology, privacy is a key component to a healthy, functioning society and the government’s role in regulating encryption could jeopardize these rights.
What are the current regulations for encryption and do countries have different rules?目前對加密的規定是什么?各國有不同的規定嗎?
Before looking to deeply into the morals of regulating encryption we need to understand what regulations are currently in place. Every country has a different take on what needs to be controlled. For example, Estonia surprisingly, is one of the most networked countries in the world. Citizens use networks for banking, voting, paying taxes as well as other things. In 2007, Estonia was hit with a massive cyber attack taking down banks, telephone networks and television stations (Sales, 2013, para. 3). Since then, Estonia has set up a “Cyber Defense Unit” to react to those kinds of situations. However, despite a dedicated unit, according to article 215 of their Criminal Procedure Code, investigative authorities can order the production of information from any person, but they cannot require that person to divulge encryption keys or passwords. This means that the citizens are allowed some form of privacy, which other countries do not. All countries take a different approach by attempting to regulate encryption in a multitude of ways. Saper stated in his journal that “some countries restrict the import or export of cryptographic technology, others restrict the import of encrypted data, and still others restrict or prohibit the use of encryption within their borders” (Saper, 2013, p. 3). Countries like the United states are an example of all three. The U.S. regulates all imported and exported encryption through The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR).
在深入研究規范加密的道德之前，我們需要了解目前有哪些規定。每個國家對需要控制的東西都有不同的看法。例如，令人驚訝的是，愛沙尼亞是世界上網絡最緊密的國家之一。公民使用網絡進行銀行、投票、納稅以及其他活動。2007年，愛沙尼亞遭受了大規模的網絡攻擊，銀行、電話網絡和電視臺紛紛癱瘓。3)此后，愛沙尼亞成立了一個“網絡防御單位”，以應對這類情況。但是，根據《刑事訴訟法》第215條，雖然設立了專門機關，但調查機關可以命令任何人提供信息，但不能要求任何人泄露密鑰或密碼。這意味著公民可以享有某種形式的隱私，而其他國家是不允許的。所有國家都采取了不同的方法，試圖以多種方式監管加密。Saper在他的期刊中寫道:“一些國家限制加密技術的進口或出口，另一些國家限制加密數據的進口，還有一些國家限制或禁止在其境內使用加密”(Saper, 2013, p. 3)。像美國這樣的國家就是這三種情況的一個例子。美國通過《國際武器貿易條例》(ITAR)和《出口管理條例》(EAR)管理所有進出口加密技術。
Each country has a unique way of dealing with encryption techniques which vary in forms of privacy; India has a mandatory encryption strength. China requires that manufacturers must have their encryption method approved by the National Commission on Encryption Code Regulations. Russia demands a license for distributing encryption algorithms. They all attempt to help them draw the line between being able to prevent criminals from using encryption maliciously, while simultaneously allowing citizens their right of discretion. Regulating encryption is a constantly evolving area and the disparate regulations of each country presents the complexity of the problem we are facing as this issue evolves further.
Are Citizen’s Privacy at Risk by Regulating or not Regulating Encryption?規范或不規范加密是否會危及公民隱私?
Governments regulating encryption is not pointed towards specific or individual people. They are not targeting the privacy of their citizens. For the most part governments are attempting to regulate companies or tech providers that hold or sell user data. The data that the government is regulating however, is user data at the core. Unless you are under investigative authority there is not much you have to worry about. In fact, encryption regulations simply help every day consumers. For example, section 103(a) of the Communications Assistance for Law Enforcement Act of says that “telecommunications carriers cannot use encryption themselves in a way which would prevent them from being able to intercept communications or deliver them to the government” (Global Partners Digital, 2018). But everything is prone to being hacked, meaning ultimately no ones data is 100% secure or private.
What Are the Trade-Offs for Regulating or not Regulating Encryption?規范或不規范加密的權衡是什么?
Like all aspects of life there are pros and cons to everything. In trading in privacy there are a lot of downsides that come with it. The growing use of encryption has significantly reduced the amount of plaintext that investigative officials can access. The number of smart phone users have boomed in the last decade with 47% of all smartphone and tablets using full disk encryption. This poses a serious threat to law enforcement and intelligence agencies. “Federal Bureau of Investigation (FBI) General Counsel James Baker reported that for fiscal year 2016, the FBI had encountered passcodes on 2,095 of the 6,814 mobile devices examined by its forensic laboratories.” (National Academics of sciences, et. al, 2018, pg. 31) Of those 2,095 devices only 1,210 were able to be broken into. And in 2017 the “FBI was unable to access about 7,500 mobile devices submitted to its Computer Analysis and Response Team, even though there was legal authority to do so.” This means there was an alarming amount of evidence that the FBI was denied to encryption standards not held by the government or companies. Not only are investigative authorities being held up by device encryption but most information off shore is inaccessible for the most part. Gmail, for example, stores their emails in servers not in the united states. Because Google stores these servers over seas it makes it harder for intelligence officials to gain accesses to plaintext. The increased use of encryption also has other effects in helping criminals retain anonymity on the web. The U.S. Department of Justice’s National Strategy on Child Exploitation Prevention and Interdiction Working Group conducted a study on “more than 1,000 federal, state, local, and tribal investigators” (National Academics of sciences, et. al, 2018, pg. 42). In 2016 they concluded that more than 30 percent of respondents reported that the use of encryption by child pornography offenders has significantly increased.
By these statistics it shows that not only are intelligence agencies and tech corporations having trouble retaining access to plaintext of everyday items like smart phones and emails, but criminals are using it to provide themselves cover for communication. Like many things, encryption is a double-edged sword, and universal or at least federal regulations are a must-have when attempting to control encryption.
What Are some Possible Regulations to Control Encryption?控制加密的一些可能的規則是什么?
As mentioned in footnote one (pg.6), the CLOUD act takes a huge step in being able to receive data that is stored over seas from the United States. This means the companies that operate without borders are now required to give data in the United States. But this is just in investigative cases, there are other steps being taken by other countries and state powers. California, for example, passed the Consumer Privacy Act of 2018 which means that” companies who do not encrypt data or neglect to employ ‘reasonable security procedures’ are liable to be sued by consumers whose data is compromised” (Crane, 2019, para 7). This means that aside from information security, companies are to be held liable for ignorance in user data security. Denmark also has a regulation known as Data Protection Regulation. It states that when transmitting sensitive data, public authorities and private companies must use some form of encryption. The exact same as the United States’ Federal Information Processing Standards and General Data Protection Regulation. These are all example of great legislation by different unions that have shown to be effective in preventing sensitive data from being accessed as plaintext by malicious third parties. There are also a lot of great regulations in banking like the European Banking authority, the Gramm-Leach Bliley Act of the U.S., the New York Department of Financial Services. But the best is the Payment Card Industry Data Security Standard from the Payment Card Industry Security Standards Council. This is a global regulation that requires that companies that do not encrypt data and use security procedures be held liable by fines or penalties.
A lot of progress is being made in order to completely protect consumers. The problem is protecting consumers while also allowing intelligence agencies to be able to function. Very few countries have a minimum or maximum-security standard, for encryption and still only a few countries regulate import and exported encryption (Fig. 1).
Figure 1 “Countries with Import and Export regulated encryption” (Global Partners Digital, 2018)
There are already several regulations that we have, that have made great strides in helping improve not only the security of consumers, but also aided in allowing intelligence agencies and government officials’ investigations. There is still a lot of work to be done. Recently the ‘Five Eyes’ Governments, (US, UK, Canada, Australia and New Zealand) called for encryption backdoors to be used in tech companies released devices. This is not a great solution as it violates many citizens’ privacy and let’s be realistic, there is no such thing as a secure back door. In fact, there have been numerous times where the government’s security has failed, 2015’s U.S. voter database just being one example.
How Will these Regulations Affect Our Daily Lives?這些規定將如何影響我們的日常生活?
These upcoming and new regulations are a step in the right direction to maintain national and personal security. Some of the proposed legislature might be going a little overboard, not only violating citizens’ privacy, but their security as well. Currently, for the most part, all encryption regulations are really imposed to require tech companies to secure and control user data or aid in investigations. Unless you run a business, staying up-to-date on encryption legislation is not a necessity. Of course, it can’t hurt to know what laws there are surrounding your geographical location, but for your everyday consumer these regulations are designed solely to protect you.
Despite being an age-old tactic in sending and receiving hidden messages, encryption is the latest in the constantly evolving world of science and technology. There are many current and useful regulations for encryption. Global regulations like the PCI DSS all the way down to state regulations like California Consumer Privacy Act. However, the use of encryption by criminals is unprecedented and must be stopped. Creating regulations that balance citizens privacy and uphold standards set by intelligence officials is key in attempting to create a secure and safe society.
UKthesis provides an online writing service for all types of academic writing. Check out some of them and don't hesitate to place your order.
?How to write an argumentative essay outline？By now you have...
本文是市場學專業的Essay范例，題目是“How Companies Identify Attractive Marke...
?How to start a narrative essay？A robust variety of essay ty...
?How to write a narrative essay？As the name suggests, narrat...