RU10: Technical Communication and Encryption
Adding Value to the Technical Communicator's Job
Working on a global scale might give you the opportunity
to add value to your technical communicator's job.
In particular, when dealing with encryption on the Internet,
you should be aware of restrictions which might have an impact on your documentation.
Defining Encryption
Encryption grants privacy to electronic data by modifying your mail
so that nobody but the intended person can read it.
When encrypted, the message looks like a meaningless jumble of random characters.
Encryption Issues
With electronic commerce emerging in Europe,
encryption is becoming a real issue as it is the best way
to secure transactions on the Internet.
Several companies are involved in e-commerce,
either designing or providing encryption software, merchandising secured routers,
adding encryption features to browsers or using encryption
to secure data exchange with customers.
Encryption Issues for the Global Technical Communicator
When dealing with the French market,
the technical communicator should keep in mind the specific issues of encryption.
This might be an opportunity to add a real value to the communicator's
documentation activity.
Forms of Encryption
On the Internet, encryption can have two aspects:
digital signature or data encryption:
- Digital signature is used to prove (assert) the origin of the data.
It authenticates the message (authentication)
and checks that data has not been altered (integrity).
Digital signature is used to verify
that a message really comes from the claimed sender.
- Encryption aims at maintaining data confidentiality
and is based on sophisticated mathematical research.
This computation technique provides either private or public encryption keys.
The most well-known encryption method is RSA (Rivest, Shamir, Adleman)
which provides the basis for the easily available
PGP (Pretty Good Privacy) encryption software.
To be reliable, an encryption system must be made of very long keys.
The bigger the key, the more difficult it is to break the code.
French Barriers to Encryption
France is the only Western European country which does not allow
a free use of encryption on its territory.
In spite of the recent decrees (dated March 15 and March 25, 1998),
obstacles still remain to achieving full implementation and free usage
of encryption in France.
The March 25, 1998 decree gives the limits to encryption
based on the maximum key length of 40 bits.
Encryption algorithms based on higher bitlength (such as 56 bits)
are subject to a contract (declaration) with a Trusted Third Party (TTP).
A Trusted Third Party is a security authority, or its agent,
trusted by other entities with respect to security-related activities.
In fact, a TTP may act as a Key Escrow Agency (KEA)
whose key-escrow scheme has been approved.
Users who escrow, i.e. deposit their keys with the KEA
are able to freely use the cryptography scheme with these keys.
On the other hand, the French KEA is required to hand over keys
to law enforcement under certain conditions, such as suspicion of lawbreaking.
Documentation and Encryption
1. Encrypting Email Messages
French users are allowed to secure their email messages using encryption software,
provided the key to this encryption tool does not exceed 40 bits.
Unfortunately, research has proven that 40-bit encryption
can be (more or less) easily decrypted.
Consequently, if you want to exchange encrypted data with your French counterpart,
please bear in mind your colleague might be reluctant to do so.
He or she might want to get more information about the encryption software you are using
and may ask: Is it a low encryption software?
In case of strong encryption algorithm, has the key been escrowed with a TTP?
These precautions will apply both when using digital signatures and encrypting whole files.
In addition, the recent liberalization of the French law (March 1998) means
French users have not yet had time to get familiar with encryption tools.
Be patient with them!
2. Documenting Encryption Hardware and Software
This should be the big issue for technical communicators and/or localizers.
Usually, documenting encryption products implies writing for a global audience,
without considering the very specific country regulations.
Technical communicators writing for a French audience will add value to their job
by inserting a note drawing the user's attention to the restrictions:
- Example #1 : "En application de la législation en vigueur en France,
l'utilisation de cette fonction est soumise à certaines restrictions". (*)
- Example #2 : "Ce produit étant soumis à la réglementation française,
il ne sera commercialisé qu'après accord des autorités compétentes" (**)
Further, the technical communicator should be aware
that the documentation is written in French,
but the restrictions apply exclusively to the French territory,
not to French- speaking countries.
This means the restrictions do not apply to French software/hardware
released in other French speaking countries,
such as Switzerland, Belgium, Luxemburg and Canada.
Conclusion
Being aware of the specific applications in various countries
will help technical communicators or localizers add value to their documenting activity.
It will also increase the integration of technical authors into developers' teams.
____
(*) In accordance with current French law,
the use of this function is subject to certain restrictions.
(**) This product being subject to French law,
it can't be released onto the market without approval from the relevant authorities
Bibliography :
- comprehensive information on cryptography techniques
and links to world-wide legislation:
http://pgp.rasip.fer.hr/index.html
- Digital Signatures to Power E-commerce, Rainer Mauth (BYTE, January 1998)
- French Law on encryption: http://194.51.213.11/lij/decret98206.html
[link broken as of 13 Jan 00 - AvO]
© TC Forum 1998-2001 - http://www.tc-forum.org - file last updated 13 Jan 00
"transline Deutschland - Übersetzungsdienst für technische Übersetzung"
Web design by "Alexander von Obert"
Readability/Usability/Quality
