Encryption and International Law

Who's Fooling Who? Encryption Security and the Law

Although Enigma is named after the famous German encryption system of World War II, it implements the modern Data Encryption Standard (DES). DES is the current standard for commercial and unclassified data protection. The freeware version distributed on a variety of networks and local BBSs implements a much weaker level of encryption based on the DES algorithm. This weaker level of encryption is proof against casual snoopers and those without access to sophisticated computers. It is not adequate protection against a knowledgeable and dedicated attack. If you need the stronger protection you can purchase a version of Enigma that implements the complete DES algorithm.

US law does not allow export of the full DES algorithm outside the United States and Canada. Stupid though it sounds, DES is considered a "munition" by the US government. Export of DES outside the United States and Canada is a rather severe felony if the Justice Department should decide to prosecute. The freeware version implements a limited version that is significantly less secure so it does not violate US law. Technical details are discussed in the section describing the DES Algorithm.

Please write your members of Congress and let them know you oppose the FBI's proposed Digital Telephony Bill that could force manufacturers of computer and telephone equipment to provide a back door for any encryption equipment. They have also seriously proposed making programs such as Enigma or any strong encryption program illegal unless the US Government has an easy way to read encrypted documents. Also support non-government encryption solutions such as that provided by RSA and PGP and ignore government standards with built in back doors such as Clipper. [Yes I know DES is a government developed algorithm, but at least it contains no blatant back doors, and has survived the test of time.]

Back to the Next Wave Home Page

HTML markup by kokane@gmu.edu, tweintra@gmu.edu, jmanhan@gmu.edu
Modified and integrated into the Next Wave Software homepage by mike@thenextwave.com