Laws and Regulations

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

Jump to: navigation, search

There is a segregation of legal authority concerning the use of cryptographic hardware, firmware and software. These are broken out in basic categories:

  • Export/Import
  • Medium of Cryptography
  • Authorized Usage
  • Technological Restrictions
  • Intellectual Property

Export/Import This is the most widely regulated aspect of cryptography. Regardless of what or how something is encrypted, these laws will vary greatly by country. Some situations exist where there are treaties which cover this topic in passing or specifically. This will include not only commercial or private products, but the public-domain's freeware/shareware as well. As of the early 1990's, mass-marketed encryption softwares are considered as allowable for export, but signing-nations might still maintain their own seperate regulations. Due to the capability of certain encryption software, exportation is strictly forbidden.

Medium of Cryptography There are various modes of transmitting data and practically all of them can be encrypted; electronic graphics and text, audio and video signals. Audio and video are sometimes referred to as "feeds" or "streams". Audio includes voice communications over land-lines, cellular relay towers, voice-over-IP and/or satellite telephony. While encryption tends to be utilized by law enforcement and military agencies for security, the general public is more concerned about protecting their personal information and priviledged data. Though there are not many regulations in place, when some very strong method of encryption is introduced, a government might place lawful restrictions upon it's use and distribution.

Authorized Usage Personal privacy is quickly becoming one of the hottest issues for debate. With fierce competition in businesses and greater problems with identity-theft, people are looking for ways to improve their information exhanges in a more secure environment. This means encryption in many cases. On the Internet, it's a very essential component for monetary transactions over the World Wide Web. While laws do not specifically target any particular usage in many countries, there are cases where the court might deem that it's use is a violation of a person out on probation or parole.

Technological Restrictions Sometimes the encryption equipment uses proprietary technology which is what may be restricted, versus the actual encryption product as a whole. Computers were not allowed to be exported to certain countries from other countries for the feeling that these products would be exposed to reverse-engineering. This basically means that whatever technological innovations were discovered and put into manufacturing could be discovered by having that product in their possession. This will only apply to computer hardware or electronic devices, microchips, etc.

Intellectual Property For any products that use various algorithms, the basic forms of protection are considered as copyrights, trademarks and patents. Yet this are not necessarily observed on the international level. For countries or regions where this is problematic, either international organizations and/or treaties cover this or export/import laws are passed. For global marketing, the latter is not their desired solution, so may end up in disputes with parties from other countries that will drag out over time. Usually, it will be individuals or management of corporations that will be more diligent in whom the end-users will be.

Laws on Digital Signatures


European Union

England, Scotland and Wales



New Zealand

United Nations Commission on International Trade Law

United States