Legal and Regulatory Issues in Cryptography Flashcards
Which UK law primarily governs the interception of communications and the use of cryptographic technology by intelligence services?
A) The Investigatory Powers Act 2016
B) The Data Protection Act 2018
C) The Computer Misuse Act 1990
D) The Telecommunications Act 1984
A) The Investigatory Powers Act 2016
What is the main regulatory body overseeing data protection and privacy in the UK, including aspects involving cryptography?
A) Ofcom
B) The Financial Conduct Authority (FCA)
C) The Information Commissioner’s Office (ICO)
D) The National Cyber Security Centre (NCSC)
C) The Information Commissioner’s Office (ICO)
Under UK law, which of the following is a requirement for businesses handling personal data to ensure data security, including the use of encryption?
A) Data must be stored in the EU
B) Data must be encrypted during transmission and storage
C) Data must be disclosed to the government upon request
D) Data must be stored in plaintext for auditing purposes
B) Data must be encrypted during transmission and storage
Which UK regulation deals with the export of cryptographic technology and software?
A) The Export Control Order 2008
B) The Digital Economy Act 2017
C) The Computer Misuse Act 1990
D) The Freedom of Information Act 2000
A) The Export Control Order 2008
What is a key provision of the UK’s Investigatory Powers Act 2016 concerning cryptography?
A) Mandatory use of government-approved encryption algorithms
B) Requirement for companies to provide decryption capabilities to law enforcement
C) Prohibition of end-to-end encryption
D) Ban on the export of cryptographic software
B) Requirement for companies to provide decryption capabilities to law enforcement
Which organization in the UK provides guidance and best practices on the implementation of cryptographic controls?
A) The British Standards Institution (BSI)
B) The Information Commissioner’s Office (ICO)
C) The National Cyber Security Centre (NCSC)
D) The Financial Conduct Authority (FCA)
C) The National Cyber Security Centre (NCSC)
In the UK, which act would most likely apply if a company failed to adequately protect personal data using encryption?
A) The Freedom of Information Act 2000
B) The Computer Misuse Act 1990
C) The Data Protection Act 2018
D) The Investigatory Powers Act 2016
C) The Data Protection Act 2018
Which of the following best describes the UK’s approach to the export of cryptographic products to countries outside the EU?
A) No restrictions on exports
B) Requires an export license
C) Prohibits all exports of cryptographic products
D) Requires all exports to be reported to the United Nations
B) Requires an export license
True or False: The UK Investigatory Powers Act 2016 allows the government to compel companies to remove encryption on communications data.
True
True or False: The UK is a participant in the Wassenaar Arrangement, which controls the export of cryptographic technologies.
True