| |||
| |||
|
INFORMATION HIGHWAYS AND SERVICES
© Secretary of State for industry - France Encryption is the science of studying methods used to make information secure against intentional intrusion. These methods are generally the result of complex mathematical problems which are extremely difficult to resolve unless a secret key or convention is known.
The law on telecommunications regulations (article 17) considerably relaxes and simplifies the legal framework which regulated encryption up to now. We will give details of this new framework as soon as the decrees for its application are made. For the moment, the principal features are outlined below. There will be total freedom to use encryption methods to authenticate or guarantee the integrity of messages. That is to say, that when information is transmitted without encoding, encryption can be used freely for an electronic signature, or to guarantee that the message is authentic. This is fundamental, for example, for electronic mail and commerce. There will also be total freedom to use encryption methods to make a message confidential on the condition that the confidentiality services used are managed by a third party of confidence. The third party of confidence is an officially recognised organisation which manages encoding keys for users. These latter contract with the third party of confidence who regularly transmits the keys to use to encode user information. The licence issued to the third party of confidence includes a clause which stipulates that the third party of confidence must submit encoding keys to the appropriate authorities according to the law. Thus the user can count on a professional encryption service, with a guarantee that the service is of high quality, while at the same time, the State can, if necessary, access the information. These liberalising provisions which are of interest to the user transfer the onus of respecting regulations to the encryption professionals. These latter must inform the public powers of the products they are putting on the market, products which have been specially designed for this purpose, and which they have been authorised to supply. They must also apply for an official seal of recognition if they wish to become third parties of confidence. Finally, they must strictly adhere to the code of conduct to which they have agreed; penal provisions are planned for if they do not.
a) regulation (CE) n 3381/94 of the Council, of 19 December 1994, creating a community regime to control the export of goods with a double use (Official Journal of the European Communities L 367 of 31 December 1994) ; - modified by regulation (CE) n 837/95 of the Council of 10 April 1995 (Official Journal of the European Communities n L 90 of 21 April 1995) ; b) decision of the Council of 19 December 1994, relative to the common action adopted by the Council on the basis of article J.3 of the treaty of the European Union, concerning the control of export of goods with a double use (Official Journal of the European Communities L 367 of 31 December 1994, and notably appendix 1 pages 109 to 111 and appendix IV pages 156 and 157) ; - modified by decisions 95/127/PESC and 95/128/PESC, of 10 April 1995 (Official Journal of the European Communities n L 90 of 21 April 1995).
c) law 90-1170 of 29 December 1990 (Official Journal of 30 December 1990), notably article 28, modified by law 91-648 of 11 July 1991 (Official Journal of 13 July 1991) ; d) decree 92-1358 of 28 December 1992 in application of the preceding laws (Official Journal of 30 December 1992, pages 17914 to 17916) ; e) order of 28 December 1992 concerning declarations and requests for authorisations with regard to means of encryption and services (Official Journal of 30 December 1992, pages 17916 and 17917, Official Journal of 9 January 1993, pages 507 and 508) ; f) order of 28 December 1992 defining the particular conditions which apply to encryption services (Official Journal of 30 December 1992, page 17917) ; g) decree 95-613 of 5 May 1995 on the control of the export of goods with a double use (Official Journal of 7 May 1995, page 7547) ; h) order of 5 May 1995 on the control of export to third party countries and the transfer to member states of the European Community of goods with a double use (Official Journal of 7 May 1995, page 7561) ; i) order of 5 May 1995 defining the general G.502 licence for the export of encryption methods and setting out the means for establishing and using this licence (Official Journal of 7 May 1995, page 7578). j) decree 96-67 of 29 january 1996 relating to the powers of the Secretary General for National Defense (SGDN) on security in information technology (Official Journal of 30 January 1996) k) law n·96-659 of 26 July 1996 on telecommunications regulations (article 17 - Official Journal of 27 July 1996 ). 25 July 1997 : the two cryptography decrees unpublished as yet For more information : Service central de la sécurité des systèmes d'information (SCSSI) (Central service for the security of information systems), Prime Ministerial department under the authority of the Secretary General for National Defence (SGDN) 18, rue du docteur Zamenhof - 92131 Issy-Les-Moulineaux Cedex , France Fax : 33 1 41 46 37 01. Glossary Normalisation organisations such as the AFNOR in France and the ISO at an international level have defined encryption vocabulary. One of the reference documents is ISO 7498-2 dated September 1990 (classification index Z 70-102). Bibliography "Applied Cryptography: Protocols, Algorithms, and Source Code in C", Bruce Schneier, John Wiley & Sons, 1994.
|
. The technological stakes
. Electronic trade and encryption
(updated : 25 July 97)
. Internet