<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://wiki.expertiza.ncsu.edu/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Mwmccask</id>
	<title>Expertiza_Wiki - User contributions [en]</title>
	<link rel="self" type="application/atom+xml" href="https://wiki.expertiza.ncsu.edu/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Mwmccask"/>
	<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Special:Contributions/Mwmccask"/>
	<updated>2026-07-12T15:21:01Z</updated>
	<subtitle>User contributions</subtitle>
	<generator>MediaWiki 1.41.0</generator>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_5,_Group_1&amp;diff=16949</id>
		<title>CSC 379 SUM2008:Week 5, Group 1</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_5,_Group_1&amp;diff=16949"/>
		<updated>2008-08-09T00:29:58Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Avoiding the Need for Whistleblowing */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Avoiding the Need for Whistleblowing ==&lt;br /&gt;
&lt;br /&gt;
Whistleblowing is a term used to denote an activity whereby an individual within a group (a company, a university, etc) presents a public report detailing a (typically) unethical action that has taken place within their group. The report is presented to the public because the individual has presumably already reported the violation via internal channels, and no action has taken place. By making the violation public, pressure is applied to the group to rectify the problem.&lt;br /&gt;
&lt;br /&gt;
== Problems With Conventional Whistleblowing ==&lt;br /&gt;
&lt;br /&gt;
Whistleblowing is not without its disadvantages, however. The primary problem with whistleblowing is that the whistleblower almost always faces retaliation. This can range anywhere from facing hostility at work to being sued by the company for breach of confidentiality. Whistleblowers may even face demotions, reassignments, or in the worst case may lose their jobs. In rare instances, threats to their well-being or families may also occur. There is therefore a strong disincentive to remain silent about an illicit activity, should it be discovered. While laws are in place to protect whistleblowers, knowledge of their existence is limited, and whistleblowers may only find out about them after the statute of limitations has expired.&lt;br /&gt;
&lt;br /&gt;
But preventing or stopping that illicit activity is the morally and ethically correct course of action, and steps to do so can only be taken after the knowledge can be communicated to the people with the power to take action. And if the severity of the problem is great enough that it may result in loss of life, the whistleblower would even have a moral obligation to report his or her findings, regardless of the consequences.&lt;br /&gt;
&lt;br /&gt;
To balance the simultaneous needs of allowing whistleblowers to file their grievances and protecting them from retribution, alternatives are necessary. The below sections attempt to list and explain these alternatives.&lt;br /&gt;
&lt;br /&gt;
== Alternatives ==&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Assignment Description ==&lt;br /&gt;
&lt;br /&gt;
Examine the ways an organization can help employees resolve concerns internally, and thereby avoid the need for external whistleblowing.  How do these practices, such as anonymous reporting hotlines, apply to the work environment of a software engineer?  &lt;br /&gt;
&lt;br /&gt;
Due to ineffective or nonexistent feedback processes within an organization, many important concerns never reach anyone who is willing or able to take action.  Employees may forgo making complaints due to processes that are hard to use, or because the company culture has no way to report anything, except to one’s immediate superior.&lt;br /&gt;
&lt;br /&gt;
What can be done to reduce the need for external whistleblowing?  Are there proven cultural fixes?  Technological fixes?  If someone has a less serious concern, which (s)he considers too insignificant to take the risk of external whistleblowing, how could this be actively addressed before problems arise?  Is there an ethical obligation on the part of organizations to adopt practices that encourage effective internal whistleblowing?  Please explain your answers.&lt;br /&gt;
&lt;br /&gt;
* http://www3.interscience.wiley.com/journal/119949153/abstract&lt;br /&gt;
* http://www.springerlink.com/content/t61246w14l64k416/&lt;br /&gt;
* http://portal.acm.org/citation.cfm?doid=367211.367274&lt;br /&gt;
* http://courses.ncsu.edu/csc379/lec/001/lectures/wk15/lecture.html&lt;br /&gt;
* http://ethics.csc.ncsu.edu/basics/whistle/&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16809</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16809"/>
		<updated>2008-08-05T01:54:52Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* What is Encryption? */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key.[http://en.wikipedia.org/wiki/Cryptography#Terminology] The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of [http://www.csl.sri.com/users/neumann/judiciary.html key recovery], this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption '''Return to topic page''']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Previous Pages&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16808</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16808"/>
		<updated>2008-08-05T01:53:28Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of [http://www.csl.sri.com/users/neumann/judiciary.html key recovery], this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption '''Return to topic page''']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Previous Pages&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16807</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16807"/>
		<updated>2008-08-05T01:52:45Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of [http://www.csl.sri.com/users/neumann/judiciary.html key recovery], this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption '''Return to topic page''']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Previous Pages&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16806</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16806"/>
		<updated>2008-08-05T01:52:02Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of [http://www.csl.sri.com/users/neumann/judiciary.html key recovery], this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption '''Return to topic page''']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Previous Pages&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16805</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16805"/>
		<updated>2008-08-05T01:51:01Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Problems */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of [http://www.csl.sri.com/users/neumann/judiciary.html key recovery], this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption '''Return to topic page''']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Previous Pages&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16804</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16804"/>
		<updated>2008-08-05T01:49:51Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption '''Return to topic page''']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Previous Pages&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16802</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16802"/>
		<updated>2008-08-05T01:49:24Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption '''Return to topic page''']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Previous Pages*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16800</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16800"/>
		<updated>2008-08-05T01:49:01Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption '''Return to topic page''']&lt;br /&gt;
&lt;br /&gt;
Previous Pages&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16798</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16798"/>
		<updated>2008-08-05T01:48:17Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description 'Return to topic page']&lt;br /&gt;
&lt;br /&gt;
Previous Pages&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16796</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16796"/>
		<updated>2008-08-05T01:45:22Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Examples of Encryption Software */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA]. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16794</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16794"/>
		<updated>2008-08-05T01:44:58Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Examples of Encryption Software */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including [http://mathcircle.berkeley.edu/BMC3/rsa/node4.html RSA.] The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16793</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16793"/>
		<updated>2008-08-05T01:43:39Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Problems */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US this is a non-issue, as 128-bit encryption or higher is not uncommon.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16790</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16790"/>
		<updated>2008-08-05T01:27:01Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case[http://www.toad.com/gnu/export/export.html] against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16785</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16785"/>
		<updated>2008-08-05T01:16:34Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* What is Encryption? */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5x10&amp;lt;sup&amp;gt;38&amp;lt;/sup&amp;gt; combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16783</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16783"/>
		<updated>2008-08-05T01:09:25Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Problems */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5E38  (that's the number 35 followed by 37 zeros) combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Key_escrow ''Key escrowing''] - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16782</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16782"/>
		<updated>2008-08-05T01:08:06Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* What is Encryption? */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5E38  (that's the number 35 followed by 37 zeros) combinations, meaning that the likelihood of correctly guessing the key is astronomically small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16781</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16781"/>
		<updated>2008-08-05T01:07:48Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* What is Encryption? */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in roughly 3.5E38  (that's the number 35 followed by 37 zeros) combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16779</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16779"/>
		<updated>2008-08-05T01:05:04Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Examples of Encryption Software */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon [http://www.webopedia.com/TERM/P/public_key_cryptography.html public-key encryption] technology.&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16756</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16756"/>
		<updated>2008-08-03T23:24:13Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[[Image:new.gif|New]][http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[[Image:new.gif|New]][http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[[Image:new.gif|New]][http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[[Image:new.gif|New]][http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[[Image:new.gif|New]][http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[[Image:new.gif|New]][http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[[Image:new.gif|New]][http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[[Image:new.gif|New]][http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[[Image:new.gif|New]][http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16755</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16755"/>
		<updated>2008-08-03T23:22:21Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/clipper/ Clipper topic page]&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/export/ Encryption exporting topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16754</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16754"/>
		<updated>2008-08-03T23:11:07Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[[Image:new.gif|New]][http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16753</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16753"/>
		<updated>2008-08-03T23:07:14Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16752</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16752"/>
		<updated>2008-08-03T23:04:51Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://ethics.csc.ncsu.edu/privacy/encryption/ Old topic page]&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption topic description]&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16751</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16751"/>
		<updated>2008-08-03T23:02:51Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption Wikipedia entry on encryption]&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm How encryption works] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html Piecing together the encryption puzzle] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
*[http://pg-server.csc.ncsu.edu/mediawiki/index.php/CSC_379_SUM2008:Topics#Encryption Topic Description]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 Ethical considerations of privacy and cyber-medical information] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm Ethical considerations for providing professional services online] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ITLaw.Wikia entry on encryption]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 Your encryption key a fifth amendment right?]&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 A pretty good way to foil the NSA] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html Voice encryption may draw U.S. scrutiny] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html Federal government pushes full-disk encryption] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization Federal encryption standardization] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html Government buys encryption] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 Constitutional conflicts with encryption regulation] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html The university's role in advancing data encryption, part 2] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html Unlocking encryption management] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html Security risks in key recovery] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16676</id>
		<title>CSC 379 SUM2008:Week 4, Group 2</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16676"/>
		<updated>2008-08-01T20:57:58Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Benefits */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Open Government==&lt;br /&gt;
Most bills are passed by legislatures without ever being read by most legislators.  Letters, articles, reports, all often never escape the physical mediums (paper) of their existence.  Although technology has developed to the point where all non-private information in the United States government can, in theory, be made openly available, the support structures and culture of information sharing has not caught up to make full use of them.  Efforts are being made to use digitization and sharing technology; one of the most notable digitization efforts is THOMAS, a joint effort by the Library of Congress and the Government Printing Office (GPO).&lt;br /&gt;
&lt;br /&gt;
Examine the ethical implications of making policy with inadequate access to information, and the efforts being made to address those concerns.  Is there a need for a change in existing support structures and culture of information sharing in government?  Should support structures and culture change to encourage greater information sharing, if it required the government to slow down decision-making processes?&lt;br /&gt;
==History==&lt;br /&gt;
Open government is the doctrine that all levels of political administration should be open to public viewing and scrutiny.  The origins of which date back to the Enlightenment in Europe in the eighteenth century.  More recently, the passing of the [http://www.usdoj.gov/oip/ Freedom of Information Act (FOIA)] in the United States in 1966 is seen as the beginning of a modern movement toward open government.  After its passing, several countries have followed suit in the subsequent decades.&lt;br /&gt;
&lt;br /&gt;
The FOIA allows for complete or partial disclosure of previously unreleased information and documents from the US Government based on a series of conditions.  It applies to all government agencies.  There are nine exemptions to the FOIA:&lt;br /&gt;
*Classified national defense and foreign relations information&lt;br /&gt;
*Internal agency rules and practices&lt;br /&gt;
*Information that is prohibited from disclosure by another federal law&lt;br /&gt;
*Trade secrets and other confidential business information&lt;br /&gt;
*Inter-agency or intra-agency communications protected by legal privileges&lt;br /&gt;
*Information involving matters of personal privacy&lt;br /&gt;
*Records compiled for law enforcement purposes&lt;br /&gt;
*Information relating to the supervision of financial institutions&lt;br /&gt;
*Geological information on wells&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[http://thomas.loc.gov/ THOMAS] is a database kept by the Library of Congress detailing legislative information since 1995.  The database is named after Thomas Jefferson.  It includes information including:&lt;br /&gt;
*Bills and resolutions&lt;br /&gt;
*Congressional activity&lt;br /&gt;
*Congressional record&lt;br /&gt;
*Committee information&lt;br /&gt;
*Treaties&lt;br /&gt;
*Historical documents&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A new political philosophy is [http://en.wikipedia.org/wiki/Open_source_governance open source governance], which details a post-national state where any interested citizen can add to the creation of a policy, by way of a wiki or another mechanism.  The core of such a government structure is a &amp;quot;central codebase&amp;quot; that are maintained by public registry.  The policies are distributed to local areas that can alter the policy for their own uses and can send improvements back to the core.&lt;br /&gt;
&lt;br /&gt;
== Benefits ==&lt;br /&gt;
&lt;br /&gt;
One of the advantages of an open source government is that more of the government's actions and intentions become transparent by posting reports about said activity in a widely accessible place (such as the internet). This gives a much wider range of people the opportunity to decide for themselves if they actually support what their leaders and representatives are doing.&lt;br /&gt;
&lt;br /&gt;
For example, one common problem with bills is that they typically get &amp;quot;riders,&amp;quot; which are extra provisions that are appended to the bill and may or may not have anything to do with the original intent of the bill. Typically they are used to covertly pass items through the bill-approval process that would otherwise be met with opposition. At this time, the threat of being discovered is minimal because the riders tend to be written in a very verbose, jargon-fill manner, which very few people are willing to examine and interpret.&lt;br /&gt;
&lt;br /&gt;
It is not really a question of how to obtain access to information about these bills and various attachments. All of this information is available to the general public (e.g. via [http://thomas.loc.gov/home/abt_thom.html THOMAS]); anyone is well within their bounds to perform their own research. It is more a question of how to obtain access to this information that is easily digestible and understandable. As stated, the wording of bills can be very confusing. Not everyone has the time or the inclination to sit down and understand what a bill is meant to accomplish. People have access to the information, they just don't have access to the abridged version of that information.&lt;br /&gt;
&lt;br /&gt;
Open source governance would help to change that by first bringing together individuals and interest groups (such as the Sunlight Foundation[http://www.sunlightfoundation.com/]) who do have the patience to analyze bills and riders. By cooperating and collaborating, these individuals can better coordinate their efforts and disseminate their findings to a wider audience. Once a larger percentage of the the general population is more aware of what is contained in the bills, they will be better informed and be able to make sound decisions on whether or not they support what sorts of things are included in the bills.&lt;br /&gt;
&lt;br /&gt;
In theory, this would reduce the amount of riders that get passed through, because law-makers would have a more difficult time passing things through that might not necessarily have popular support. At a minimum, they would be more mindful of what sorts of things they choose to include in a bill because a responsive and well-informed populace would quickly voice their opposition to anything objectionable.&lt;br /&gt;
&lt;br /&gt;
==Additional Links==&lt;br /&gt;
* http://thomas.loc.gov/home/abt_thom.html&lt;br /&gt;
* http://www.lessig.org/blog/&lt;br /&gt;
* http://www.archives.gov/nhprc/announcement/digitizing-faqs.html&lt;br /&gt;
* http://www.sunlightfoundation.com/&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16675</id>
		<title>CSC 379 SUM2008:Week 4, Group 2</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16675"/>
		<updated>2008-08-01T20:57:39Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Benefits */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Open Government==&lt;br /&gt;
Most bills are passed by legislatures without ever being read by most legislators.  Letters, articles, reports, all often never escape the physical mediums (paper) of their existence.  Although technology has developed to the point where all non-private information in the United States government can, in theory, be made openly available, the support structures and culture of information sharing has not caught up to make full use of them.  Efforts are being made to use digitization and sharing technology; one of the most notable digitization efforts is THOMAS, a joint effort by the Library of Congress and the Government Printing Office (GPO).&lt;br /&gt;
&lt;br /&gt;
Examine the ethical implications of making policy with inadequate access to information, and the efforts being made to address those concerns.  Is there a need for a change in existing support structures and culture of information sharing in government?  Should support structures and culture change to encourage greater information sharing, if it required the government to slow down decision-making processes?&lt;br /&gt;
==History==&lt;br /&gt;
Open government is the doctrine that all levels of political administration should be open to public viewing and scrutiny.  The origins of which date back to the Enlightenment in Europe in the eighteenth century.  More recently, the passing of the [http://www.usdoj.gov/oip/ Freedom of Information Act (FOIA)] in the United States in 1966 is seen as the beginning of a modern movement toward open government.  After its passing, several countries have followed suit in the subsequent decades.&lt;br /&gt;
&lt;br /&gt;
The FOIA allows for complete or partial disclosure of previously unreleased information and documents from the US Government based on a series of conditions.  It applies to all government agencies.  There are nine exemptions to the FOIA:&lt;br /&gt;
*Classified national defense and foreign relations information&lt;br /&gt;
*Internal agency rules and practices&lt;br /&gt;
*Information that is prohibited from disclosure by another federal law&lt;br /&gt;
*Trade secrets and other confidential business information&lt;br /&gt;
*Inter-agency or intra-agency communications protected by legal privileges&lt;br /&gt;
*Information involving matters of personal privacy&lt;br /&gt;
*Records compiled for law enforcement purposes&lt;br /&gt;
*Information relating to the supervision of financial institutions&lt;br /&gt;
*Geological information on wells&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[http://thomas.loc.gov/ THOMAS] is a database kept by the Library of Congress detailing legislative information since 1995.  The database is named after Thomas Jefferson.  It includes information including:&lt;br /&gt;
*Bills and resolutions&lt;br /&gt;
*Congressional activity&lt;br /&gt;
*Congressional record&lt;br /&gt;
*Committee information&lt;br /&gt;
*Treaties&lt;br /&gt;
*Historical documents&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A new political philosophy is [http://en.wikipedia.org/wiki/Open_source_governance open source governance], which details a post-national state where any interested citizen can add to the creation of a policy, by way of a wiki or another mechanism.  The core of such a government structure is a &amp;quot;central codebase&amp;quot; that are maintained by public registry.  The policies are distributed to local areas that can alter the policy for their own uses and can send improvements back to the core.&lt;br /&gt;
&lt;br /&gt;
== Benefits ==&lt;br /&gt;
&lt;br /&gt;
One of the advantages of an open source government is that more of the government's actions and intentions become transparent by posting reports about said activity in a widely accessible place (such as the internet). This gives a much wider range of people the opportunity to decide for themselves if they actually support what their leaders and representatives are doing.&lt;br /&gt;
&lt;br /&gt;
For example, one common problem with bills is that they typically get &amp;quot;riders,&amp;quot; which are extra provisions that are appended to the bill and may or may not have anything to do with the original intent of the bill. Typically they are used to covertly pass items through the bill-approval process that would otherwise be met with opposition. At this time, the threat of being discovered is minimal because the riders tend to be written in a very verbose, jargon-fill manner, which very few people are willing to examine and interpret.&lt;br /&gt;
&lt;br /&gt;
It is not really a question of how to obtain access to information about these bills and various attachments. All of this information is available to the general public (e.g. via [http://thomas.loc.gov/home/abt_thom.htmlTHOMAS]); anyone is well within their bounds to perform their own research. It is more a question of how to obtain access to this information that is easily digestible and understandable. As stated, the wording of bills can be very confusing. Not everyone has the time or the inclination to sit down and understand what a bill is meant to accomplish. People have access to the information, they just don't have access to the abridged version of that information.&lt;br /&gt;
&lt;br /&gt;
Open source governance would help to change that by first bringing together individuals and interest groups (such as the Sunlight Foundation[http://www.sunlightfoundation.com/]) who do have the patience to analyze bills and riders. By cooperating and collaborating, these individuals can better coordinate their efforts and disseminate their findings to a wider audience. Once a larger percentage of the the general population is more aware of what is contained in the bills, they will be better informed and be able to make sound decisions on whether or not they support what sorts of things are included in the bills.&lt;br /&gt;
&lt;br /&gt;
In theory, this would reduce the amount of riders that get passed through, because law-makers would have a more difficult time passing things through that might not necessarily have popular support. At a minimum, they would be more mindful of what sorts of things they choose to include in a bill because a responsive and well-informed populace would quickly voice their opposition to anything objectionable.&lt;br /&gt;
&lt;br /&gt;
==Additional Links==&lt;br /&gt;
* http://thomas.loc.gov/home/abt_thom.html&lt;br /&gt;
* http://www.lessig.org/blog/&lt;br /&gt;
* http://www.archives.gov/nhprc/announcement/digitizing-faqs.html&lt;br /&gt;
* http://www.sunlightfoundation.com/&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16674</id>
		<title>CSC 379 SUM2008:Week 4, Group 2</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16674"/>
		<updated>2008-08-01T20:50:22Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Benefits */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Open Government==&lt;br /&gt;
Most bills are passed by legislatures without ever being read by most legislators.  Letters, articles, reports, all often never escape the physical mediums (paper) of their existence.  Although technology has developed to the point where all non-private information in the United States government can, in theory, be made openly available, the support structures and culture of information sharing has not caught up to make full use of them.  Efforts are being made to use digitization and sharing technology; one of the most notable digitization efforts is THOMAS, a joint effort by the Library of Congress and the Government Printing Office (GPO).&lt;br /&gt;
&lt;br /&gt;
Examine the ethical implications of making policy with inadequate access to information, and the efforts being made to address those concerns.  Is there a need for a change in existing support structures and culture of information sharing in government?  Should support structures and culture change to encourage greater information sharing, if it required the government to slow down decision-making processes?&lt;br /&gt;
==History==&lt;br /&gt;
Open government is the doctrine that all levels of political administration should be open to public viewing and scrutiny.  The origins of which date back to the Enlightenment in Europe in the eighteenth century.  More recently, the passing of the [http://www.usdoj.gov/oip/ Freedom of Information Act (FOIA)] in the United States in 1966 is seen as the beginning of a modern movement toward open government.  After its passing, several countries have followed suit in the subsequent decades.&lt;br /&gt;
&lt;br /&gt;
The FOIA allows for complete or partial disclosure of previously unreleased information and documents from the US Government based on a series of conditions.  It applies to all government agencies.  There are nine exemptions to the FOIA:&lt;br /&gt;
*Classified national defense and foreign relations information&lt;br /&gt;
*Internal agency rules and practices&lt;br /&gt;
*Information that is prohibited from disclosure by another federal law&lt;br /&gt;
*Trade secrets and other confidential business information&lt;br /&gt;
*Inter-agency or intra-agency communications protected by legal privileges&lt;br /&gt;
*Information involving matters of personal privacy&lt;br /&gt;
*Records compiled for law enforcement purposes&lt;br /&gt;
*Information relating to the supervision of financial institutions&lt;br /&gt;
*Geological information on wells&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[http://thomas.loc.gov/ THOMAS] is a database kept by the Library of Congress detailing legislative information since 1995.  The database is named after Thomas Jefferson.  It includes information including:&lt;br /&gt;
*Bills and resolutions&lt;br /&gt;
*Congressional activity&lt;br /&gt;
*Congressional record&lt;br /&gt;
*Committee information&lt;br /&gt;
*Treaties&lt;br /&gt;
*Historical documents&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A new political philosophy is [http://en.wikipedia.org/wiki/Open_source_governance open source governance], which details a post-national state where any interested citizen can add to the creation of a policy, by way of a wiki or another mechanism.  The core of such a government structure is a &amp;quot;central codebase&amp;quot; that are maintained by public registry.  The policies are distributed to local areas that can alter the policy for their own uses and can send improvements back to the core.&lt;br /&gt;
&lt;br /&gt;
== Benefits ==&lt;br /&gt;
&lt;br /&gt;
One of the advantages of an open source government is that more of the government's actions and intentions become transparent by posting reports about said activity in a widely accessible place (such as the internet). This gives a much wider range of people the opportunity to decide for themselves if they actually support what their leaders and representatives are doing.&lt;br /&gt;
&lt;br /&gt;
For example, one common problem with bills is that they typically get &amp;quot;riders,&amp;quot; which are extra provisions that are appended to the bill and may or may not have anything to do with the original intent of the bill. Typically they are used to covertly pass items through the bill-approval process that would otherwise be met with opposition. At this time, the threat of being discovered is minimal because the riders tend to be written in a very verbose, jargon-fill manner, which very few people are willing to examine and interpret.&lt;br /&gt;
&lt;br /&gt;
Open source governance would help to change that by first bringing together individuals and interest groups who do have the patience to analyze bills and riders. By cooperating and collaborating, these individuals can better coordinate their efforts and disseminate their findings to a wider audience. Once a larger percentage of the the general population is more aware of what is contained in the bills, they will be better informed and be able to make sound decisions on whether or not they support what sorts of things are included in the bills.&lt;br /&gt;
&lt;br /&gt;
In theory, this would reduce the amount of riders that get passed through, because law-makers would have a more difficult time passing things through that might not necessarily have popular support. At a minimum, they would be more mindful of what sorts of things they choose to include in a bill because a responsive and well-informed populace would quickly voice their opposition to anything objectionable.&lt;br /&gt;
&lt;br /&gt;
==Additional Links==&lt;br /&gt;
* http://thomas.loc.gov/home/abt_thom.html&lt;br /&gt;
* http://www.lessig.org/blog/&lt;br /&gt;
* http://www.archives.gov/nhprc/announcement/digitizing-faqs.html&lt;br /&gt;
* http://www.sunlightfoundation.com/&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16673</id>
		<title>CSC 379 SUM2008:Week 4, Group 2</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16673"/>
		<updated>2008-08-01T20:46:56Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Benefits */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Open Government==&lt;br /&gt;
Most bills are passed by legislatures without ever being read by most legislators.  Letters, articles, reports, all often never escape the physical mediums (paper) of their existence.  Although technology has developed to the point where all non-private information in the United States government can, in theory, be made openly available, the support structures and culture of information sharing has not caught up to make full use of them.  Efforts are being made to use digitization and sharing technology; one of the most notable digitization efforts is THOMAS, a joint effort by the Library of Congress and the Government Printing Office (GPO).&lt;br /&gt;
&lt;br /&gt;
Examine the ethical implications of making policy with inadequate access to information, and the efforts being made to address those concerns.  Is there a need for a change in existing support structures and culture of information sharing in government?  Should support structures and culture change to encourage greater information sharing, if it required the government to slow down decision-making processes?&lt;br /&gt;
==History==&lt;br /&gt;
Open government is the doctrine that all levels of political administration should be open to public viewing and scrutiny.  The origins of which date back to the Enlightenment in Europe in the eighteenth century.  More recently, the passing of the [http://www.usdoj.gov/oip/ Freedom of Information Act (FOIA)] in the United States in 1966 is seen as the beginning of a modern movement toward open government.  After its passing, several countries have followed suit in the subsequent decades.&lt;br /&gt;
&lt;br /&gt;
The FOIA allows for complete or partial disclosure of previously unreleased information and documents from the US Government based on a series of conditions.  It applies to all government agencies.  There are nine exemptions to the FOIA:&lt;br /&gt;
*Classified national defense and foreign relations information&lt;br /&gt;
*Internal agency rules and practices&lt;br /&gt;
*Information that is prohibited from disclosure by another federal law&lt;br /&gt;
*Trade secrets and other confidential business information&lt;br /&gt;
*Inter-agency or intra-agency communications protected by legal privileges&lt;br /&gt;
*Information involving matters of personal privacy&lt;br /&gt;
*Records compiled for law enforcement purposes&lt;br /&gt;
*Information relating to the supervision of financial institutions&lt;br /&gt;
*Geological information on wells&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[http://thomas.loc.gov/ THOMAS] is a database kept by the Library of Congress detailing legislative information since 1995.  The database is named after Thomas Jefferson.  It includes information including:&lt;br /&gt;
*Bills and resolutions&lt;br /&gt;
*Congressional activity&lt;br /&gt;
*Congressional record&lt;br /&gt;
*Committee information&lt;br /&gt;
*Treaties&lt;br /&gt;
*Historical documents&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A new political philosophy is [http://en.wikipedia.org/wiki/Open_source_governance open source governance], which details a post-national state where any interested citizen can add to the creation of a policy, by way of a wiki or another mechanism.  The core of such a government structure is a &amp;quot;central codebase&amp;quot; that are maintained by public registry.  The policies are distributed to local areas that can alter the policy for their own uses and can send improvements back to the core.&lt;br /&gt;
&lt;br /&gt;
== Benefits ==&lt;br /&gt;
&lt;br /&gt;
One of the advantages of an open source government is that more of the government's actions and intentions become transparent, giving everyone an opportunity to decide for themselves if they actually support what their leaders and representatives are doing.&lt;br /&gt;
&lt;br /&gt;
For example, one common problem with bills is that they typically get &amp;quot;riders,&amp;quot; which are extra provisions that are appended to the bill and may or may not have anything to do with the original intent of the bill. Typically they are used to covertly pass items through the bill-approval process that would otherwise be met with opposition. At this time, the threat of being discovered is minimal because the riders tend to be written in a very verbose, jargon-fill manner, which very few people are willing to examine and interpret.&lt;br /&gt;
&lt;br /&gt;
Open source governance would help to change that by first bringing together individuals and interest groups who do have the patience to analyze bills and riders. By cooperating and collaborating, these individuals can better coordinate their efforts and disseminate their findings to a wider audience. Once a larger percentage of the the general population is more aware of what is contained in the bills, they will be better informed and be able to make sound decisions on whether or not they support what sorts of things are included in the bills.&lt;br /&gt;
&lt;br /&gt;
In theory, this would reduce the amount of riders that get passed through, because law-makers would have a more difficult time passing things through that might not necessarily have popular support. At a minimum, they would be more mindful of what sorts of things they choose to include in a bill because a responsive and well-informed populace would quickly voice their opposition to anything objectionable.&lt;br /&gt;
&lt;br /&gt;
==Additional Links==&lt;br /&gt;
* http://thomas.loc.gov/home/abt_thom.html&lt;br /&gt;
* http://www.lessig.org/blog/&lt;br /&gt;
* http://www.archives.gov/nhprc/announcement/digitizing-faqs.html&lt;br /&gt;
* http://www.sunlightfoundation.com/&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16672</id>
		<title>CSC 379 SUM2008:Week 4, Group 2</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16672"/>
		<updated>2008-08-01T20:46:18Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* History */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Open Government==&lt;br /&gt;
Most bills are passed by legislatures without ever being read by most legislators.  Letters, articles, reports, all often never escape the physical mediums (paper) of their existence.  Although technology has developed to the point where all non-private information in the United States government can, in theory, be made openly available, the support structures and culture of information sharing has not caught up to make full use of them.  Efforts are being made to use digitization and sharing technology; one of the most notable digitization efforts is THOMAS, a joint effort by the Library of Congress and the Government Printing Office (GPO).&lt;br /&gt;
&lt;br /&gt;
Examine the ethical implications of making policy with inadequate access to information, and the efforts being made to address those concerns.  Is there a need for a change in existing support structures and culture of information sharing in government?  Should support structures and culture change to encourage greater information sharing, if it required the government to slow down decision-making processes?&lt;br /&gt;
==History==&lt;br /&gt;
Open government is the doctrine that all levels of political administration should be open to public viewing and scrutiny.  The origins of which date back to the Enlightenment in Europe in the eighteenth century.  More recently, the passing of the [http://www.usdoj.gov/oip/ Freedom of Information Act (FOIA)] in the United States in 1966 is seen as the beginning of a modern movement toward open government.  After its passing, several countries have followed suit in the subsequent decades.&lt;br /&gt;
&lt;br /&gt;
The FOIA allows for complete or partial disclosure of previously unreleased information and documents from the US Government based on a series of conditions.  It applies to all government agencies.  There are nine exemptions to the FOIA:&lt;br /&gt;
*Classified national defense and foreign relations information&lt;br /&gt;
*Internal agency rules and practices&lt;br /&gt;
*Information that is prohibited from disclosure by another federal law&lt;br /&gt;
*Trade secrets and other confidential business information&lt;br /&gt;
*Inter-agency or intra-agency communications protected by legal privileges&lt;br /&gt;
*Information involving matters of personal privacy&lt;br /&gt;
*Records compiled for law enforcement purposes&lt;br /&gt;
*Information relating to the supervision of financial institutions&lt;br /&gt;
*Geological information on wells&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[http://thomas.loc.gov/ THOMAS] is a database kept by the Library of Congress detailing legislative information since 1995.  The database is named after Thomas Jefferson.  It includes information including:&lt;br /&gt;
*Bills and resolutions&lt;br /&gt;
*Congressional activity&lt;br /&gt;
*Congressional record&lt;br /&gt;
*Committee information&lt;br /&gt;
*Treaties&lt;br /&gt;
*Historical documents&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A new political philosophy is [http://en.wikipedia.org/wiki/Open_source_governance open source governance], which details a post-national state where any interested citizen can add to the creation of a policy, by way of a wiki or another mechanism.  The core of such a government structure is a &amp;quot;central codebase&amp;quot; that are maintained by public registry.  The policies are distributed to local areas that can alter the policy for their own uses and can send improvements back to the core.&lt;br /&gt;
&lt;br /&gt;
== Benefits ==&lt;br /&gt;
&lt;br /&gt;
One of the advantages of an open government is that more of the government's actions and intentions become transparent, giving everyone an opportunity to decide for themselves if they actually support what their leaders and representatives are doing.&lt;br /&gt;
&lt;br /&gt;
For example, one common problem with bills is that they typically get &amp;quot;riders,&amp;quot; which are extra provisions that are appended to the bill and may or may not have anything to do with the original intent of the bill. Typically they are used to covertly pass items through the bill-approval process that would otherwise be met with opposition. At this time, the threat of being discovered is minimal because the riders tend to be written in a very verbose, jargon-fill manner, which very few people are willing to examine and interpret.&lt;br /&gt;
&lt;br /&gt;
Open government would help to change that by first bringing together individuals and interest groups who do have the patience to analyze bills and riders. By cooperating and collaborating, these individuals can better coordinate their efforts and disseminate their findings to a wider audience. Once a larger percentage of the the general population is more aware of what is contained in the bills, they will be better informed and be able to make sound decisions on whether or not they support what sorts of things are included in the bills.&lt;br /&gt;
&lt;br /&gt;
In theory, this would reduce the amount of riders that get passed through, because law-makers would have a more difficult time passing things through that might not necessarily have popular support. At a minimum, they would be more mindful of what sorts of things they choose to include in a bill because a responsive and well-informed populace would quickly voice their opposition to anything objectionable.&lt;br /&gt;
&lt;br /&gt;
==Additional Links==&lt;br /&gt;
* http://thomas.loc.gov/home/abt_thom.html&lt;br /&gt;
* http://www.lessig.org/blog/&lt;br /&gt;
* http://www.archives.gov/nhprc/announcement/digitizing-faqs.html&lt;br /&gt;
* http://www.sunlightfoundation.com/&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16671</id>
		<title>CSC 379 SUM2008:Week 4, Group 2</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16671"/>
		<updated>2008-08-01T20:46:07Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Benefits */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Open Government==&lt;br /&gt;
Most bills are passed by legislatures without ever being read by most legislators.  Letters, articles, reports, all often never escape the physical mediums (paper) of their existence.  Although technology has developed to the point where all non-private information in the United States government can, in theory, be made openly available, the support structures and culture of information sharing has not caught up to make full use of them.  Efforts are being made to use digitization and sharing technology; one of the most notable digitization efforts is THOMAS, a joint effort by the Library of Congress and the Government Printing Office (GPO).&lt;br /&gt;
&lt;br /&gt;
Examine the ethical implications of making policy with inadequate access to information, and the efforts being made to address those concerns.  Is there a need for a change in existing support structures and culture of information sharing in government?  Should support structures and culture change to encourage greater information sharing, if it required the government to slow down decision-making processes?&lt;br /&gt;
==History==&lt;br /&gt;
Open government is the doctrine that all levels of political administration should be open to public viewing and scrutiny.  The origins of which date back to the Enlightenment in Europe in the eighteenth century.  More recently, the passing of the [http://www.usdoj.gov/oip/ Freedom of Information Act (FOIA)] in the United States in 1966 is seen as the beginning of a modern movement toward open government.  After its passing, several countries have followed suit in the subsequent decades.&lt;br /&gt;
&lt;br /&gt;
The FOIA allows for complete or partial disclosure of previously unreleased information and documents from the US Government based on a series of conditions.  It applies to all government agencies.  There are nine exemptions to the FOIA:&lt;br /&gt;
*Classified national defense and foreign relations information&lt;br /&gt;
*Internal agency rules and practices&lt;br /&gt;
*Information that is prohibited from disclosure by another federal law&lt;br /&gt;
*Trade secrets and other confidential business information&lt;br /&gt;
*Inter-agency or intra-agency communications protected by legal privileges&lt;br /&gt;
*Information involving matters of personal privacy&lt;br /&gt;
*Records compiled for law enforcement purposes&lt;br /&gt;
*Information relating to the supervision of financial institutions&lt;br /&gt;
*Geological information on wells&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[http://thomas.loc.gov/ THOMAS] is a database kept by the Library of Congress detailing legislative information since 1995.  The database is named after Thomas Jefferson.  It includes information including:&lt;br /&gt;
*Bills and resolutions&lt;br /&gt;
*Congressional activity&lt;br /&gt;
*Congressional record&lt;br /&gt;
*Committee information&lt;br /&gt;
*Treaties&lt;br /&gt;
*Historical documents&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A new political philosophy is [http://en.wikipedia.org/wiki/Open_source_governance open source governance], which details a post-national state where any interested citizen can add to the creation of a policy, by way of a wiki or another mechanism.  The core of such a government structure is a &amp;quot;central codebase&amp;quot; that are maintained by public registry.  The policies are distributed to local areas that can alter the policy for their own uses and can send improvements back to the core.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Benefits ==&lt;br /&gt;
&lt;br /&gt;
One of the advantages of an open government is that more of the government's actions and intentions become transparent, giving everyone an opportunity to decide for themselves if they actually support what their leaders and representatives are doing.&lt;br /&gt;
&lt;br /&gt;
For example, one common problem with bills is that they typically get &amp;quot;riders,&amp;quot; which are extra provisions that are appended to the bill and may or may not have anything to do with the original intent of the bill. Typically they are used to covertly pass items through the bill-approval process that would otherwise be met with opposition. At this time, the threat of being discovered is minimal because the riders tend to be written in a very verbose, jargon-fill manner, which very few people are willing to examine and interpret.&lt;br /&gt;
&lt;br /&gt;
Open government would help to change that by first bringing together individuals and interest groups who do have the patience to analyze bills and riders. By cooperating and collaborating, these individuals can better coordinate their efforts and disseminate their findings to a wider audience. Once a larger percentage of the the general population is more aware of what is contained in the bills, they will be better informed and be able to make sound decisions on whether or not they support what sorts of things are included in the bills.&lt;br /&gt;
&lt;br /&gt;
In theory, this would reduce the amount of riders that get passed through, because law-makers would have a more difficult time passing things through that might not necessarily have popular support. At a minimum, they would be more mindful of what sorts of things they choose to include in a bill because a responsive and well-informed populace would quickly voice their opposition to anything objectionable.&lt;br /&gt;
&lt;br /&gt;
==Additional Links==&lt;br /&gt;
* http://thomas.loc.gov/home/abt_thom.html&lt;br /&gt;
* http://www.lessig.org/blog/&lt;br /&gt;
* http://www.archives.gov/nhprc/announcement/digitizing-faqs.html&lt;br /&gt;
* http://www.sunlightfoundation.com/&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16670</id>
		<title>CSC 379 SUM2008:Week 4, Group 2</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379_SUM2008:Week_4,_Group_2&amp;diff=16670"/>
		<updated>2008-08-01T20:29:51Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* History */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Open Government==&lt;br /&gt;
Most bills are passed by legislatures without ever being read by most legislators.  Letters, articles, reports, all often never escape the physical mediums (paper) of their existence.  Although technology has developed to the point where all non-private information in the United States government can, in theory, be made openly available, the support structures and culture of information sharing has not caught up to make full use of them.  Efforts are being made to use digitization and sharing technology; one of the most notable digitization efforts is THOMAS, a joint effort by the Library of Congress and the Government Printing Office (GPO).&lt;br /&gt;
&lt;br /&gt;
Examine the ethical implications of making policy with inadequate access to information, and the efforts being made to address those concerns.  Is there a need for a change in existing support structures and culture of information sharing in government?  Should support structures and culture change to encourage greater information sharing, if it required the government to slow down decision-making processes?&lt;br /&gt;
==History==&lt;br /&gt;
Open government is the doctrine that all levels of political administration should be open to public viewing and scrutiny.  The origins of which date back to the Enlightenment in Europe in the eighteenth century.  More recently, the passing of the [http://www.usdoj.gov/oip/ Freedom of Information Act (FOIA)] in the United States in 1966 is seen as the beginning of a modern movement toward open government.  After its passing, several countries have followed suit in the subsequent decades.&lt;br /&gt;
&lt;br /&gt;
The FOIA allows for complete or partial disclosure of previously unreleased information and documents from the US Government based on a series of conditions.  It applies to all government agencies.  There are nine exemptions to the FOIA:&lt;br /&gt;
*Classified national defense and foreign relations information&lt;br /&gt;
*Internal agency rules and practices&lt;br /&gt;
*Information that is prohibited from disclosure by another federal law&lt;br /&gt;
*Trade secrets and other confidential business information&lt;br /&gt;
*Inter-agency or intra-agency communications protected by legal privileges&lt;br /&gt;
*Information involving matters of personal privacy&lt;br /&gt;
*Records compiled for law enforcement purposes&lt;br /&gt;
*Information relating to the supervision of financial institutions&lt;br /&gt;
*Geological information on wells&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[http://thomas.loc.gov/ THOMAS] is a database kept by the Library of Congress detailing legislative information since 1995.  The database is named after Thomas Jefferson.  It includes information including:&lt;br /&gt;
*Bills and resolutions&lt;br /&gt;
*Congressional activity&lt;br /&gt;
*Congressional record&lt;br /&gt;
*Committee information&lt;br /&gt;
*Treaties&lt;br /&gt;
*Historical documents&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
A new political philosophy is [http://en.wikipedia.org/wiki/Open_source_governance open source governance], which details a post-national state where any interested citizen can add to the creation of a policy, by way of a wiki or another mechanism.  The core of such a government structure is a &amp;quot;central codebase&amp;quot; that are maintained by public registry.  The policies are distributed to local areas that can alter the policy for their own uses and can send improvements back to the core.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Benefits ==&lt;br /&gt;
&lt;br /&gt;
==Additional Links==&lt;br /&gt;
* http://thomas.loc.gov/home/abt_thom.html&lt;br /&gt;
* http://www.lessig.org/blog/&lt;br /&gt;
* http://www.archives.gov/nhprc/announcement/digitizing-faqs.html&lt;br /&gt;
* http://www.sunlightfoundation.com/&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16531</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16531"/>
		<updated>2008-08-01T02:52:36Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Examples of Encryption Software */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ GnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key Escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html ''Security Risks in Key Recovery''] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16527</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16527"/>
		<updated>2008-08-01T02:47:54Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key Escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.[http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/limits091798.htm]&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html ''Security Risks in Key Recovery''] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16525</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16525"/>
		<updated>2008-08-01T02:45:58Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key Escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services, whereas government control has remained comparatively higher in other countries. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html ''Security Risks in Key Recovery''] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16522</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16522"/>
		<updated>2008-08-01T02:44:24Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key Escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results. One rather famous moment occurred in 1993, when the US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html ''Security Risks in Key Recovery''] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16519</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16519"/>
		<updated>2008-08-01T02:43:31Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key Escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
=== Role of Government ===&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html ''Security Risks in Key Recovery''] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16518</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16518"/>
		<updated>2008-08-01T02:43:12Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Problems */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
*''Key Escrowing'' - A variation of key recovery, this is essentially a set-up wherein a person can grant their key to a third party that requires their information (e.g. a private company or a government entity). The third party typically has to present authorization and a compelling reason for needing that access. It is still a controversial topic due to the very nature of third-party access that would be necessary, and to date no one has come up with a sufficiently secure system that was not technically complex.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html ''Security Risks in Key Recovery''] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16515</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16515"/>
		<updated>2008-08-01T02:40:08Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been sporadic attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html ''Security Risks in Key Recovery''] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16511</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16511"/>
		<updated>2008-08-01T02:33:33Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been various attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*''Previous Restrictions'' - In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
*''Key Recovery'' - &lt;br /&gt;
*''Key Escrowing'' -&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;br /&gt;
*[http://www.csl.sri.com/users/neumann/judiciary.html ''Security Risks in Key Recovery''] by Peter Neumann&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16426</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16426"/>
		<updated>2008-08-01T00:12:29Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been various attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*''Previous Restrictions'' - In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
*''Key Recovery'' - &lt;br /&gt;
*''Key Escrowing'' -&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
The general trend in the US has been a push for less government interference into privately-owned encryption services. The debate is far from over, however.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16425</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16425"/>
		<updated>2008-08-01T00:09:55Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Examples of Encryption Software */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
=== Examples of Encryption Software ===&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*''Previous Restrictions'' - In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
*''Key Recovery'' - &lt;br /&gt;
*''Key Escrowing'' -&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16424</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16424"/>
		<updated>2008-08-01T00:09:38Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Examples of Encryption Software */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
== Examples of Encryption Software ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
*[http://www.gnupg.org/ BnuPG] - Another free data and communications encryption program that typically comes packaged with open source software such as Linux OS's. It uses some public-key techniques, but for the most part uses unpatented encryption methods.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*''Previous Restrictions'' - In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
*''Key Recovery'' - &lt;br /&gt;
*''Key Escrowing'' -&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16420</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16420"/>
		<updated>2008-08-01T00:04:36Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* What is Encryption? */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
In terms of software, key complexity or length refers to how long the binary string representation of that key is. This length is measured in individual 1's and 0's, known as bits. Since there are only two possible values for a single bit, adding just one more bit to the key gives it twice as many possible combinations. A key that is 2 bits long, for example, has 4 possible values it can be, while a 3-bit key has 8 possible values. In the US, keys are typically 128 bits long, if not longer. This results in 2^128 combinations, meaning that the likelihood of correctly guessing the key is very small.&lt;br /&gt;
&lt;br /&gt;
== Examples of Encryption Software ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*''Previous Restrictions'' - In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
*''Key Recovery'' - &lt;br /&gt;
*''Key Escrowing'' -&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16419</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16419"/>
		<updated>2008-07-31T23:59:56Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Problems */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
== Examples of Encryption Software ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US 128-bit encryption or higher is not uncommon, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*''Previous Restrictions'' - In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
*''Key Recovery'' - &lt;br /&gt;
*''Key Escrowing'' -&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16418</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16418"/>
		<updated>2008-07-31T23:59:12Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
== Examples of Encryption Software ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US encryption is 128-bit, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*''Previous Restrictions'' - In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
*''Key Recovery'' - &lt;br /&gt;
*''Key Escrowing'' -&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16417</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16417"/>
		<updated>2008-07-31T23:58:45Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Role of Government */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
== Examples of Encryption Software ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US encryption is 128-bit, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
*''Key Recovery'' - &lt;br /&gt;
*''Key Escrowing'' -&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16414</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16414"/>
		<updated>2008-07-31T23:57:26Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
== Examples of Encryption Software ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US encryption is 128-bit, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Ethical Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://itlaw.wikia.com/wiki/Encryption ''ITLaw.Wikia Entry on Encryption'']&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16412</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16412"/>
		<updated>2008-07-31T23:49:15Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
== Examples of Encryption Software ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US encryption is 128-bit, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
*[http://library.findlaw.com/1997/Jul/1/126870.html ''Piecing Together the Encryption Puzzle''] by Paul, Hastings, Janofsky &amp;amp; Walker&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
	<entry>
		<id>https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16408</id>
		<title>Encryption</title>
		<link rel="alternate" type="text/html" href="https://wiki.expertiza.ncsu.edu/index.php?title=Encryption&amp;diff=16408"/>
		<updated>2008-07-31T23:43:47Z</updated>

		<summary type="html">&lt;p&gt;Mwmccask: /* Additional Resources */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;= Study Guide =&lt;br /&gt;
&lt;br /&gt;
== What is Encryption? ==&lt;br /&gt;
&lt;br /&gt;
Encryption, in the context of software, is process by which data in a computer can be encoded in such a way that no one can determine its original value, save for the original owner of the data and whoever he or she sees fit. In this manner, private or sensitive data can be protected without having to physically deny access to the medium that holds the data (e.g. a server).&lt;br /&gt;
&lt;br /&gt;
In general, encryption consists of three items: the original data, the encryption algorithm known as the cypher, and the &amp;quot;solution&amp;quot; to that algorithm called the key. The cypher uses instructions provided by the key to perform an operation on the data, giving it a new value that does not yield any useful information about the original state of the data. At first glance, the new data may appear to simply be gibberish or random noise. In this state, the data is said to be encrypted. To decrypt the data, one simply has to plug the key back into the cypher and run the operations in reverse.&lt;br /&gt;
&lt;br /&gt;
It is not impossible to perform the decryption without the key, but if the key is of sufficient complexity or length, even a brute-force approach may require an impractical amount of time. It is for this reason that most clients can be certain that their data will not be compromised. It is also for this reason that clients need to take care that their key is only provided to people that they want to share the data with.&lt;br /&gt;
&lt;br /&gt;
== Examples of Encryption Software ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.pgpi.org/ PGP-]Originally used only to encrypt email messages and attachments, but has since diversified into several applications, including disk encryption for laptops and IM sessions. It is built upon public-key encryption technology[http://www.webopedia.com/TERM/P/public_key_cryptography.html].&lt;br /&gt;
*[http://about.skype.com/ Skype] - Provides telephone services over the internet. Uses several different encryption methods, including RSA. The encryption cannot be disabled by the user, and is managed automatically.&lt;br /&gt;
&lt;br /&gt;
== Issues With Encryption ==&lt;br /&gt;
&lt;br /&gt;
=== Problems ===&lt;br /&gt;
&lt;br /&gt;
While encryption is very secure if managed properly, it is not fool-proof. It also comes with some of its own inherent disadvantages. There are many factors that you should consider before deciding to use encryption to protect your data:&lt;br /&gt;
&lt;br /&gt;
* ''Protecting the key'' - If an unauthorized person manages to acquire your key, that person can access your data at will, without your knowledge. It does not even necessarily have to be your key; if you share your key with other trusted persons, they can also a copy of the key to escape, accidentally or not. Programs that use public-key encryption have largely eliminated this problem, however.&lt;br /&gt;
*''Using sufficient key strength'' - If a key is not large enough, the worst-case time required to perform a decryption via brute force is small. In the US encryption is 128-bit, which is more than sufficient, but in other countries it may be as low as 40.&lt;br /&gt;
*''The process can be slow'' - Depending upon how much data there is and how often you need to access it, constant decryption and re-encryption can lead to longer access times. This may cause some people to consider it an annoyance and forgo it.&lt;br /&gt;
&lt;br /&gt;
=== Ethical Considerations ===&lt;br /&gt;
&lt;br /&gt;
While encryption can be used to protect important but otherwise harmless data such as financial records, there equally exists the possibility that it can be used to hide illegal or malicious data. An obvious example is child pornography. If someone with illegal data were being investigated, nobody could ever prove that they have that data if they never offered the key. Another potential scenario is that two people who are conspiring to commit a crime, terrorist act, etc can do so in safety over the internet via encrypting their exchanges. This raises concerns over whether or not encryption should be regulated and controlled. If investigators needed access to an encrypted computer, they would have a much easier time if the owner was legally required to give them the key if requested.&lt;br /&gt;
&lt;br /&gt;
But then this enters into other sensitive issues, primarily one of privacy vs. security. If authorities are allowed to access your private data at will, then the purpose of the encryption is rendered null. Someone would have to determine what kinds of encryption are acceptable and what kinds are not, and define what the criteria for acceptability would be.&lt;br /&gt;
&lt;br /&gt;
== Role of Government ==&lt;br /&gt;
&lt;br /&gt;
There have been attempts at governmental intervention in the past, often with mixed results.&lt;br /&gt;
&lt;br /&gt;
*In 1993, he US federal government attempted to mount a case against Philip Zimmermann, the creator of PGP. At the time, encryption was legally considered a &amp;quot;munition,&amp;quot; and therefore had its exportation restricted. The case was ultimately thrown out after Zimmermann convinced the court that software can be printed in books, and is therefore protected under the 1st Amendment. A couple of years later, the federal government substantially reduced its restrictions upon encryption software and disqualified it as a munition.&lt;br /&gt;
&lt;br /&gt;
= Additional Resources =&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Info&lt;br /&gt;
*[http://en.wikipedia.org/wiki/Encryption ''Wikipedia Entry on Encryption'']&lt;br /&gt;
*[http://computer.howstuffworks.com/encryption.htm ''How Encryption Works''] by Jeff Tyson&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
General Discussion&lt;br /&gt;
*[http://ezinearticles.com/?Ethical-Considerations-of-Privacy-and-Cyber-Medical-Information&amp;amp;id=1077289 ''Ethical Considerations of Privacy and Cyber-Medical Information''] by Jonathan Klemens&lt;br /&gt;
*[http://www.nysscpa.org/cpajournal/2008/508/essentials/p62.htm ''Ethical Considerations for Providing Professional Services Online''] by J.H. Yamamura and F.H. Grupe&lt;br /&gt;
*[http://www.dslreports.com/shownews/Your-Encryption-Key-a-Fifth-Amendment-Right-90282 ''Your Encryption Key a Fifth Amendment Right?'']&lt;br /&gt;
*[http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1 ''A Pretty Good Way to Foil the NSA''] by Ryan Singel&lt;br /&gt;
*[http://www.nytimes.com/2006/05/22/technology/22privacy.html ''Voice Encryption May Draw U.S. Scrutiny''] by John Markoff&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For Government Regulation&lt;br /&gt;
*[http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1238490,00.html ''Federal government pushes full-disk encryption''] by Dennis Fisher&lt;br /&gt;
*[http://blogs.computerworld.com/federal_encryption_standardization ''Federal encryption standardization''] by Douglas Schweitzer&lt;br /&gt;
*[http://securityblog.typepad.com/technology_security/2007/06/government_buys.html ''Government buys encryption''] by Michael Mongold&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Against Government Regulation&lt;br /&gt;
*[http://oai.dtic.mil/oai/oai?verb=getRecord&amp;amp;metadataPrefix=html&amp;amp;identifier=ADA392334 ''Constitutional Conflicts with Encryption Regulation''] by Regina Winchester&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
These will be sorted later on.&lt;br /&gt;
*[http://www.technewsworld.com/story/60102.html ''The University's Role in Advancing Data Encryption, Part 2''] by Andrew Burger&lt;br /&gt;
*[http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&amp;amp;A=/article/07/12/19/Unlocking-encryption-management_1.html ''Unlocking encryption management''] by Matt Hines&lt;/div&gt;</summary>
		<author><name>Mwmccask</name></author>
	</entry>
</feed>