Encryption Export Regulations
Export Regulations

Study Guide

Encryption - Privacy vs National Security

The United States has always taken it's national security very seriously.  Obvious manifestations of its security ideology are the FBI and CIA.  Now security, even more so since 9/11, is of paramount importance.  Recently new security mechanisms have been created and new laws have been enacted in order to ensure that the United States remains safe from terrorist attack.  So what does this have to do with encryption?  Encryption is a tool that we can use to express our right to privacy (a civil liberty).  We protect our email from being read by encrypting it before we transmit it across the public Internet.  This seems harmless enough but consider how it would help the enemies of the United States?  An example would be if the United States couldn't  decrypt an email fast enough to prevent another 9/11 from happening.  Terrorists willingly exploit the freedoms granted to Americans by the Constitution in order to push their deadly agendas.  So now we have to consider limiting encryption so that it cannot be used by our enemies.

Please consider the following questions:

1) Should high strength encryption be allowed to be used by any American Citizen or Corporation?
a) If yes, then why so and how can we ensure that terrorists won't exploit it?
b) If no, then what measures can we take to ensure that our critical infrastructure (banking, corporate secrets, emails) aren't tampered with?

2)  Should high strength encryption be allowed as long as the US has a "back door" mechanism to get into any encrypted item quickly?

3) Does limiting the export of high encryption devices and software to select countries really allow the US to ensure it can decipher critical emails from terrorist?

4)  Which is better, security derived through hiding secrets or security derived by not having them in the first place?  How does this relate to encryption and it's export?

5) Was it a good idea for the United States to develop the AES encryption standard?  Does the algorithm in being public, make it  more vulnerable to it being broken or made useless?  

6)  The argument can be made that guns don't kill people, people kill people.  Is this argument the same for encryption in it's own way?  

7)  Does having high strength encryption encourage illegal activities?

8)  China currently mandates that the security technologies used by it's public be decryptable by its government.  What does this mean for US businesses doing business in china?  Do you think that this will limit business and democracy in China?