DOI QR코드

DOI QR Code

A Crypto Control Guideline for Global Enterprises in Order to Respond the Decryption Order

글로벌 기업의 암호해독명령 대응 방안

  • 손상일 (수원대학교 IT 대학 컴퓨터공학과) ;
  • 손유승 (수원대학교 IT 대학 컴퓨터공학과) ;
  • 김영권 (수원대학교 IT 대학 컴퓨터공학과) ;
  • 고승철 (수원대학교 IT 대학 정보보호학과)
  • Received : 2012.04.26
  • Accepted : 2012.06.20
  • Published : 2012.06.30

Abstract

Nowadays, encryption is core technology widely used in IT industry to protect private information of individuals and important intellectual assets of companies. However, when criminals and terror suspects abuse such technology, national security can be threatened and law enforcement can be disturbed. To prevent such adverse effects of cryptography, some nations have enacted legislations that allow legally obtained encrypted data to be decrypted by certain law enforcement agencies. Hence it is imperative that firms having international presence understand and comply by each nation's regulations on decryption order. This paper explains circumstances under which legislations on decryption order were established, organizes countries with regulations and punishment, explores what global enterprises need to consider in making policies to effectively respond to decryption orders, and suggests that technological methods and managerial guidelines for control of encryption be established.

Keywords

References

  1. Nehaluddin Ahmad, "Restrictions on cryptography in India-A case study of encryption and privacy", Computer Law and Security Review, Vol.25(2009), pp.173-180. https://doi.org/10.1016/j.clsr.2009.02.001
  2. Chris Sundt, "Cryptography in the real world", Information Security Technical Report, Vol. 15, No.1(2010), pp.2-7. https://doi.org/10.1016/j.istr.2010.10.002
  3. http://www.guardian.co.uk/technology/2011/apr/18/uae-blackberry-emails-secure.
  4. http://www.nytimes.com/2010/08/02/busi-ne ss/global/02berry.html?_r = 1&pagewanted = all.
  5. 권현조, 전길수, 이재일, "국내외 암호관련 법 제도 현황", 정보보호학회지, 제15권, 제2호 (2005), pp.37-53.
  6. 백승조, 임종인, "피의자 개인의 암호이용 통제정책에 대한 연구", 정보보호학회논문지, 제20권, 제6호(2010), pp.271-288.
  7. Zelezny, J. D., Communications Law, p.493.
  8. Bert-Jaas Koops's web site, http://rechten.uvt.nl/koops/cryptolaw.
  9. http://www.idc.com/groups/isi/main.html.
  10. http://data.worldbank.org/data-catalog/GDPranking-table.
  11. http://isms.kisa.or.kr, "정보보호관리체계 인증심사 기준", 2007.
  12. 박광청, 이규호, 조은영, "기업 환경 VPN 실전 구축 가이드", 시사컴퓨터, 2004.