During the past few years a debate has been raging around the conflict between the rights of an individual to privacy in information to foster its competitiveness and the Government's need to access information for national security and law enforcement purposes. At the heart of the debate is the difficulty in arriving at a position whereby a robust implementation of an encryption process can be accomplished that protects sensitive private or industrial data yet insures that the government can have access to information if that information is part of a criminal conspiracy or enterprise, or other action hostile to the United States. The U.S. Government initially tendered a ciyptographic scheme known as the Clipper Escrow Key management plan. Using communication encryption technology, the government wanted to mandate an encryption process for which it maintained the key used for the decrypting of information transiting any communications path. This key would be split and distributed to escrow agents. The split key would have to be combined if the government were to use the key to decrypt and monitor criminal or other such activities. That methodology met with howls of protest from much of U.S. society (industry and private) due to a certain mistrust of the government and its handling of private information (for example, various IRS scandals). The debate has shifted from the technical solution provided by the Clipper initiative to alternate methods that defme key escrow in terms of a commercial or private entity. A NIST-sponsored key escrow meeting was held on August 17, 1995 to listen to the government's proposal to work towards a solution which industry and the international community would accept and which would provide needed security to private information. The meeting was a positive step towards resolving the conflicting issues surrounding cryptography. The government's proposal to extend the key length of any cryptographic algorithm used to 64 bits to enable export of cryptographic products more readily is a small step towards industry's desire for "good" cryptography. As a result, the government has set the stage to extend cryptography into the broader international field of electronic commerce. Privacy is still an issue and must be included in the resultant key escrow solution. Since the very onset of the debate TECSEC has espoused private key escrow as the only method that individuals, industry and the international community would accept for cryptography. A split key method has been developed that could satisfy many of the issues. The technology is called Constructive Key Management ("CKM "); the resultant product using CKM is called VEIL. VEIL is a software key management design that utilizes multiple key splits with labels as cryptographic triggers. It offers complete administrative control of the key, and it includes an inherent method to construct the key used for encrypting a file or database that results in a fixed header and audit information. By defining the roles of the escrow agent as a mix between government and private as necessary, VEIL can be applied to solve the private key escrow question.
Remotely sensed data appears in databases in many forms and is used for a wide variety of purposes. Key questions arise in the use of such data bases and imagery such as 'who owns the data,' and 'what is the liability of those who provide the database for others to use.' In America, (where we litigate everything) these are important questions if you are to establish your rights to use remotely sensed data and, of most import, profit from that use. The law in the U.S. is anything but clear. There are however certain guidelines, that are discussed, that give you a better chance at avoiding problems and profiting from your technology.
The ability to recover cost by the sale of geographic information is dependent upon the ownership of the copyright in and to that information. The ownership of the copyright turns upon whether one entity is an employee of the other or whether the copyrightable work falls within certain statutorily defined categories in the copyright law. Absent the specific requirements being fulfilled the ownership of the data may not be exactly as the parties expect.
Liability of database providers for erroneous information provided in a database which leads to economic, personal, or property injury to a third party who relies on that information is predicated on there being a `special relationship' between the party that created the database or the publisher of that database and the party relying on the information to its detriment. Absent such special relationship constitutional concerns that the transmission of ideas be free flowing will take precedence over the injuries suffered by a third party who relies on those ideas.