On July 5, 2022, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the National Institute of Standards and Technology (“NIST”) strongly recommended that organizations begin preparing to transition to a post-quantum cryptographic standard. “The term ‘post-quantum cryptography’ is often referred to as ‘quantum-resistant cryptography’ and includes, ‘cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by” a CRQC (cryptanalytically relevant quantum computer) or a classical computer. NIST “has announced that a new post-quantum cryptographic standard will replace current public-key cryptography, which is vulnerable to quantum-based attacks.” NIST does not intend to publish the new post-quantum cryptographic standard for commercial products until 2024 but urges companies to begin preparing now by following the Post-Quantum Cryptography Roadmap. Continue Reading CISA and NIST Urge Companies to Prepare to Transition to a Post-Quantum Cryptographic Standard
encryption
Lawful Access to Encrypted Data Act Introduced
Senators Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.) and Marsha Blackburn (R-Tenn.) have introduced the Lawful Access to Encrypted Data Act, a bill that would require tech companies to assist law enforcement in executing search warrants that seek encrypted data. The bill would apply to law enforcement efforts to obtain data at rest as well as data in motion. It would also apply to both criminal and national security legal process. This proposal comes in the wake of the Senate Judiciary Committee’s December 2019 hearing on encryption and lawful access to data. According to its sponsors, the purpose of the bill is to “end[] the use of ‘warrant-proof’ encrypted technology . . . to conceal illicit behavior.”
Continue Reading Lawful Access to Encrypted Data Act Introduced
FCC Allows All-Digital Cable Systems to Encrypt Basic Tier
Cable systems that have converted to all-digital transmission will be allowed to encrypt their basic-tier programming, the Federal Communications Commission decided last week. The FCC on Friday released its full Report and Order, which explained the decision and outlined transitional protections for existing subscribers who might be affected.
Background
Previously, FCC rules prohibited cable operators from encrypting their basic-tier service, while allowing encryption on higher service tiers. Cable operators typically encrypt most of their programming as a way of ensuring only paying subscribers have access. Subscribers can decrypt the signals with operator-provided set-top boxes or with third-party equipment that complies with the CableCARD technical standard. The FCC’s prohibition on basic-tier encryption meant that subscribers could view basic-tier programming — usually consisting mostly of broadcast and public-access channels — on standard televisions simply by connecting the cable to the TV, without the need to lease or buy set-top boxes or other equipment.Continue Reading FCC Allows All-Digital Cable Systems to Encrypt Basic Tier