Email Encryption (SMIME & PGP)
Home > Ask the Security Experts > Application Security Questions & Answers > Which email encryption products can be released internationally?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Which email encryption products can be released internationally?

Michael Cobb EXPERT RESPONSE FROM: Michael Cobb

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 23 April 2007
What are some internationally releasable email encryption options? PGP would be nice, but it has to be used in Iraq.

>
EXPERT RESPONSE
Firstly, I'm not a lawyer, and I strongly recommend that you consult one if you wish to use an email encryption program in Iraq. Here's what I do know. The Bureau of Industry and Security (BIS) is responsible for implementing and enforcing the Export Administration Regulations (EAR), which regulate the export and re-export of most commercial items. Any item, including software, sent from the United States to a foreign destination is considered an export.

So what does this mean for email encryption programs? Programs that provide encryption capabilities are subject to U.S. export controls and sanctions administered by BIS under EAR, and the Commerce Control List (CCL). Most commercial encryption products have a license exception assigned to them by the BIS. This allows vendors to export them to specified destinations without always having to go the Commerce Department for special permission.

Taking PGP as an example, all PGP-enabled products fall within three types of License Exception: Mass Market (eligible for export with no license required), ENC Restricted (eligible for export to any end user in EU member countries) and ENC Unrestricted (eligible for export to any end user). None of these categories, however, allow encryption products to be exported to the following embargoed countries: Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria.

If you wish to take or send an email encryption program to Iraq, then you will have to apply for an export license from the BIS and possibly obtain authorization from other U.S. government agencies as well. The U.S. government, and vendors too, are very serious about controlling the export of encryption tools. In PGP's license agreements, for example, customers must represent that they will not export to a prohibited country or to a restricted type of user. Even the release of technology or source code to a foreign national in the United States is subject to the EAR and is deemed to be an export to the home country of the foreign national. I would contact a lawyer or PGP Corp. for further advice.

More information:

  • Use OpenPGP to verify the authenticity of email senders and receivers.
  • Learn the pros and cons of using an email encryption gateway.


    • Sound Off! -   Be the first to post a message to Sound Off!


    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Application Security
    Protecting exposed servers from Google hacks (and Google 'dorks')
    Which automated quality assurance tools can be used to test software?
    Has proof-of-concept mobile device malware translated into any meaningful attacks?
    How to test the security of personal details submitted to a website
    Is security improved when the number of Internet gateways is reduced?
    Are Internet cafe users' email credentials at risk?
    Which operating system can best secure an FTP site?
    Will firewall technology have to adapt to applications that use port 80?
    How secure is a mobile phone platform that has an open source framework?
    What ports should be opened and closed when IPsec filters are implemented?

    Email Encryption (SMIME & PGP)
    Tumbleweed merger seen as a negative for email security customers
    Secure messaging complications result in limited protection
    Information security book excerpts and reviews
    ING hopes to cut phishing attacks with encryption software
    Companies still monitoring email manually, survey finds
    Should iPhone email be sent without SSL encryption?
    Can the symmetric encryption algorithm for S/MIME messages be changed?
    Security vendor Postini acquired by Google
    What are the pros and cons of using an email encryption gateway?
    Companies plug FTP holes with secure FTP servers
    Email Encryption (SMIME & PGP) Research

    Information Security Laws, Investigations and Ethics
    Learn from NIST: Best practices in security program management
    Data breach laws have no effect on prevention, researchers say
    Botnet disruption raises ethical concerns among researchers
    Disclosure Laws Fail as an Incentive to Secure Data
    Government and cybersecurity
    Security Learning its Role in E-Discovery
    E-Discovery Compliance Requires Security Pros to Think As Lawyers Do
    House legislators rip Bush's Cyber Initiative plan
    FISA: Telecoms will continue wiretap cooperation -- for now
    Federal government falling short on cybercrime

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    asymmetric cryptography  (SearchSecurity.com)
    cryptographic checksum  (SearchSecurity.com)
    data encryption/decryption IC  (SearchSecurity.com)
    deniable encryption  (SearchSecurity.com)
    elliptical curve cryptography  (SearchSecurity.com)
    Escrowed Encryption Standard  (SearchSecurity.com)
    MPPE  (SearchSecurity.com)
    Quiz: Cryptography  (SearchSecurity.com)
    session key  (SearchSecurity.com)
    Twofish  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts