Germany Email EncryptionNew U.S. Regulations Give Consumers More Access to Strong Encryption, Free Expression Concerns Remain -The U.S. government is expected to shortly release new encryption export rules representing a major change in U.S. policy. Consumers all over the world will have better access to the strongest encryption -- regardless of key length or algorithm -- built into the programs they use every day. However, the complex new regulations will still make it difficult for many to freely exchange encryption products and does not solve the Constitutional free speech concerns raised by encryption export controls. More January 12, 2000
- Final Draft of Encryption Regulations
New Computer Security Plan Features
Monitoring -- On January 7, 2000, the Clinton Administration issued
a national plan for critical infrastructure protection. While plans for the
"FIDNet" monitoring system have been scaled back, and the role of the FBI
diminished, the plan still calls for creation of a centralized intrusion detection
monitoring system that will involve scanning millions of legitimate computer transactions
with the government in search of potential cyber attacks. January
- CDT analysis (Dec. 1999)
E-mail Encryption------When you send e-mail, you probably assume that the person you send it to is the only person reading it. But that's not necessarily the case. Like a postcard, an e-mail message makes several stops, and at each stop there's a chance someone will read it before it reaches its destination.
Secure e-mail solutions address this problem by using encryption and digital signatures. Encryption programs encode text into unreadable cipher text for transmission over public networks, and then, once received, decode it. Most email clients and add-ons use public-key encryption, a process that requires a pair of keys--one on each end--to encode and decode messages. The security of the messages is dictated by the key length--the longer the key, the tougher it is to crack. Digital signatures prove that you are who you say you are and that your message hasn't been tampered with during transmission. Your secure mail solution can generate one, or you can download one from a service such as VeriSign.
Most users do not send secure e-mail, because it remains too difficult to use, and competing standards (S/MIME and PGP/MIME) make exchanging secure email hit or miss. For this story, we tested seven secure e-mail plug-ins that address some of these problems, making it easier to exchange e-mail securely.
CHART which shows several of the available programs to sign and/or encrypt e-mail with.
You can also obtain a Digital ID to digitally sign and/or encrypt your e-mail. Some of the companies available are Thawte and Verisign. This method can be less time consuming but may prove difficult to setup. However keep in mind that the encryption level will only be 40-bit for Digital IDs, but can be up to 4,096-bit with certain encryption programs.
Germany - a crypto ban cannot be enforced.
German Minister of Justice: Governments' attempts to regulate the internet on their own are nonsensical, technically and economically. National states are obsolete. A crypto ban cannot be enforced. The German news magazine DER SPIEGEL features a story about the internet, with 33 pages of the usual hype. However, there is a remarkable interview with the German Minister of Justice, Edzard Schmidt-Jortzig: The minister says that he is not glad about always having to talk about control when concerned with the internet. According to him, the internet has been getting on without any special laws. The discussion about pornography and blocking programs reminds him of the discussion about the "dangerous device TV" in his youth. The state has legitimate interests in regulations, he says, but it is "nonsensical, when those attempts are restricted to one country. The internet has no borders. What is illegal in one state will simply be served to the net elsewhere." He admits that in a way he is happy about that: "This whole discussion still is at its very beginning." Conceivably, providers could be obliged to block pages with illegal contents to their customers, Schmidt-Jortzig says. However, such a step, performed by the government on its own, would hardly make sense technically and economically: Instead of going through the exteme effort of controlling the contents, providers would simply move to countries such as Andorra, Liechtenstein or Luxemburg. That would only increase telephone bills for the customers, but Germany would lose many innovative businesses and jobs. Propaganda from overseas could only be avoided by a world-wide convention or UN treaty, but he does not expect any such things for the next 10 years. Facing the development of technology, "our thinking in national categories is no longer adequate. That way, we will not be able to control the net. I rather think that we will have to say good-bye to the idea of enforcing German law on the internet." Of course, Nazi propaganda or child pornography would remain illegal in Germany, but the question were if it can be enforced. "I can already imagine those users sending their paroles and pamphletes to the net from Luxemburg, deriding the helpless German authorities. I don't really think that is great, but I don't see any solution." "I think the internet with its unlimited possibilites of communication and its anarchistic structure is one of the most amazing challenges the state currently has to face. Faster than we would have thought, the traditional national state will prove obsolete. A legislation ending at the borders of a certain territory will be increasingly hard to defend." He knows that many will find it difficult to bear, says Schmidt-Jortzig, "but we cannot outlaw the internet only because it does not fit with the conception of life of some [people living in yesterday's world]. Not even the Chinese can." The idea of the global citizen in the internet, who no loger has to cope with national ideas, is a nice vision, he says, but still very unrealistic. For some time, national states would remain authoritative and defend their function. "But I am afraid that this stuggle will eventually fail." Schmidt-Jortzig says that the Bavarian prosecutors' proceed against CompuServe has been absolutely legitimate, but if they will be sentenced were a totally different question, because the accused had no way of verifying every internet resource. In a global community, there could be something like a net police. German controls however, would be totally senseless today: "If I really were to regulate the internet with laws and prohibition in spite of all argumentation, then I would certainly need such control, a new federal Data Police. But I think nobody would have such absurd an idea, as everyone knows that would also mean the death of this innovative business field in Germany." The state could not care for fully effective privacy on the net, but may have to inform about the threads towards privacy. Schmidt-Jortzig does not see any reason for banning encryption software the police cannot break: "Why should I outlaw that on this still rather insecure media, people encrypt their private mail, and be it only the results of the federal league." - "Even if I wanted to, I could hardly enforce that ban. You can download encryption programs for free on the internet. Meanwhile, there even is software that allows you to undetectibly hide a message in normal e-mail. The state is participating in a persuit race that it cannot win at all. Of course that does not exempt us from having to try to persue in the beginning." Asked about criminals using encryption, he says that he knows there will be large scepticism if the state gives up that quickly. "Only, I am afraid that those who work against this development will eventually have to lay down arms. Any attempt to find a national solution will fail."
Last update: March 22, 2005