How Israel Regulates Encryption
Interesting essay about how Israel regulates encryption:
…the Israeli encryption control mechanisms operate without directly legislating any form of encryption-key depositories, built-in back or front door access points, or other similar requirements. Instead, Israel’s system emphasizes smooth initial licensing processes and cultivates government-private sector collaboration. These processes help ensure that Israeli authorities are apprised of the latest encryption and cyber developments and position the government to engage effectively with the private sector when national security risks are identified.
Basically, it looks like secret agreements made in smoke-filled rooms, very discreet with no oversight or accountability. The fact that pretty much everyone in IT security has served in an offensive cybersecurity capacity for the Israeli army helps. As does the fact that the country is so small, making informal deal-making manageable. It doesn’t scale.
Why is this important?
…companies in Israel, a country comprising less than 0.11% of the world’s population, are estimated to have sold 10% ($6 billion out of $60 billion) of global encryption and cyber technologies for 2014.
Jacob • December 8, 2015 8:18 AM
It is worth stressing that in Israel there is a major difference between commercial distribution of encryption products and private use.
Private individual, or a company, who wants to use encryption can do so without asking for any permission of filing for any type of licensing provided that it is for internal use only (meaning you can send out or receive an encrypted signal but can not distribute the encryptor itself), use publickly available product (i.e. open source, internet download, or a commercial package) and it is used unmodified (and this is a Good Thing!)
On the other hand, if one (private individual or a company) is engaged in commercial distribution of an encryption product/package/SW, or use a modified/self-developed package, then he needs to get it approved.
If a company wants to distribute a ommercial package dealing with encryption, then no back-rooms with cigar-smoking gentelmen, no requirements for any past defence engagements – just file an on-line form and get a response in a few days. During the last few years at least, no one got rejected.
I surmise that if one develops a quantum-based super-duper uncrackable RF encryptor, then the approval process might be more labourious…