RSA Laboratories

6.4.3 Why is cryptography export-controlled?

Cryptography is export-controlled for several reasons. Strong cryptography can be used for criminal purposes or even as a weapon of war. During wartime, the ability to intercept and decipher enemy communications is crucial. For that reason, cryptographic technologies are subject to export controls.

In accordance with the Wassenaar Arrangement (see Question 6.5.3), U.S. government agencies consider strong encryption to be systems that use RSA with key sizes over 512 bits or symmetric algorithms (such as triple-DES, IDEA, or RC5) with key sizes over 56 bits. Since government encryption policy is heavily influenced by the agencies responsible for gathering domestic and international intelligence (the FBI and NSA, respectively) the government is compelled to balance the conflicting requirements of making strong cryptography available for commercial purposes while still making it possible for those agencies to break the codes, if need be. As already mentioned several times in this section, the major restrictions on export regulations were eliminated in the beginning of the year 2000.

To most cryptographers, the above level of cryptography - 512 for RSA and 56 for symmetric algorithms - is not considered ``strong'' at all. In fact, it is worth noting that RSA Laboratories has considered this level of cryptography to be commercially inadequate for several years.

Government agencies often prefer to use the terms ``strategic'' and ``standard'' to differentiate encryption systems. ``Standard'' refers to algorithms that have been drafted and selected as a federal standard; DES is the primary example. The government defines ``strategic'' as any algorithm that requires ``excessive work factors'' to successfully attack. Unfortunately, the government rarely publishes criteria for what it defines as ``acceptable'' or ``excessive'' work factors.

Top of the page