- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Encryption is subject to a web of regulations around the world because nations view encryption as "dual-use technology" that has military and commercial value. To varying degrees, they set restrictions on import, export and use.
Network managers who want to use encryption methods for ensuring voice and data secrecy across global operations must learn the rules that prevail where they intend to conduct business -lest they be in for a rude surprise in countries where encryption use is still closely controlled by the state. Many countries are tougher than the U.S. on what they let corporations do.
"We have part of our business in Beijing," says Bernie Cowens, vice president for security services at encryption vendor Rainbow Technologies. "If you encrypt data in China, you have to provide the Chinese government the ability to access the keys. By this regulation, the Chinese should be able to get access to [Secure Sockets Layer]-encrypted traffic, too."
The result is that businesses - including Rainbow - tend not to use encryption in China, Cowens says.
"Every country has its own rules," says David Addis, attorney with law firm Covington & Burling in Washington, D.C. "China has restrictions on the import and use of encryption, and so do Russia and Israel."
Chinese government officials have had an ongoing dialogue about encryption with foreign corporations doing business there. According to attorneys familiar with the matter, Chinese officials say the encryption restrictions are aimed at Chinese citizens, not foreign corporations. However, Addis says companies can expect the Chinese government to ask for details about the encryption they're using - in addition to requiring them to appoint an "encryption contact" who will give the government the encryption keys when asked.
"China is the big problem area now," confirms Stewart Baker, attorney at law firm Steptoe & Johnson in Washington, D.C. "China really has an enthusiasm for regulation and standardization that is unmatched anywhere else in the world."
Baker said it appears likely that by June all businesses in China using wireless LANs will be required to use the Chinese WLAN Authentication and Privacy Infrastructure (WAPI) standard if they want to encrypt WLAN traffic. WAPI, which has become a point of trade friction between the U.S. and China, "seems to be an effort to drive industrial policy," he says.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment