The war on terror has created a privacy vs. security debate across the world including in Europe, where one thing investigators look into is a texting app favored by ISIS

The following script is from "Encryption" which aired on March 13, 2016. Lesley Stahl is the correspondent. Shachar Bar-On, producer.

The argument over encryption between Apple and the FBI reminds us that the world is facing a far more tech-savvy terror threat. While not that long ago al Qaeda often handled its communications by going back to the Stone Age relying on mules and couriers, the Islamic State, or ISIS, proved it can be done with just a push of a button using everyday tools of 21st century teenagers: the latest smartphones and messaging apps.

The encryption debate centers around an iPhone found in San Bernardino, where 14 men and women were killed in a terror attack last December. But before that, there was the massacre in Paris. We went there to meet the city's chief prosecutor who is confronting some of the same issues.

Paris, France

CBS News

Francois Molins: The terrorists are able to communicate with total impunity.

Francois Molins is the head prosecutor of Paris -- he's investigated all the big acts of terrorism here, including Charlie Hebdo, the kosher supermarket, and now the November 13 attacks where 130 people were killed, more than 350 wounded.

Lesley Stahl: Do you have phones in terrorist attacks that you have not been able to get into because of encryption?

Francois Molins: Oui oui. With all these encryption software programs, we can't penetrate into certain conversations and we're dealing with this gigantic black hole, a dark zone where there are just so many dangerous things going on.

Play Video

Rob Wainwright, the head of Europol, saysISIS has developed "an external command force" to carry Special Forces-style attacks on the West

It's not just phones. One of the things he's looking into is a texting app favored by ISIS called Telegram which, like the new Apple iPhone -- offers advanced encryption.

Lesley Stahl: How often have you run in, in all your investigations, into Telegram?

Francois Molins: Yes, very often. Telegram, we can't penetrate, we can't get into it.

Pavel Durov is the inventor of Telegram. He's a young man without a country. He's Russian born but wanders the world now, in exile. He created Telegram so he could communicate in complete secrecy. It has taken off, used by over 100 million people.

Lesley Stahl with Telegram inventor Pavel Durov

CBS News

Lesley Stahl: But it's also used by terrorists now. Is this a concern for you?

Pavel Durov: Oh definitely. And in our 100 million users, probably this illegal activity we're discussing are only a fraction of a fraction of a fraction of the potential usage. And still we're trying to, you know, prevent it.

Telegram has become a go-to site for ISIS. They use it to widely disseminate propaganda like this video of the Paris attackers training in Syria. But ISIS fighters can also use Telegram to send private messages to each other to covertly plan and coordinate attacks.

Lesley Stahl: Is there something on your site on Telegram that allows any messages, emails, to just disappear, vanish?

Pavel Durov: Yes. So in private messages we have this secret chat feature which provides you with a self-destruct timer.

Lesley Stahl: Self-destruct timer.

Pavel Durov: You could set a specific amount of time, like a few seconds, or a minute or a week, after which the message would disappear.

Durov's obsession with secrecy and security stems from his own personal history. Long before Telegram he was known as the Mark Zuckerberg of Russia because he built a popular equivalent of Facebook. But in 2011, when anti-Putin marchers filled Moscow's streets, the Kremlin demanded he take down the organizers' sites.

Play Video

Pavel Durov, the founder and CEO of Telegram, tells 60 Minutes that Snowden's revelations "shattered" his view of the West

Pavel Durov: And I refused to do that publicly. And the next day I had armed policemen at my doorstep...

Lesley Stahl: Wonder why.

Pavel Durov: ...and tried to break into my apartment.

There was continual pressure on him to hand over users' personal data culminating in 2014 when, under Kremlin duress, Durov was ousted from his own company.

Lesley Stahl: How long did you stay in Russia after that?

Pavel Durov: Not a single day.

Lesley Stahl: Oh, then you fled.

Pavel Durov: I certainly feel that I am not welcome at that country anymore.

That's when he created Telegram and encrypted it, he says, so activists could be assured that no government could ever access their personal data. He managed to leave Russia with a reported $300 million which he uses to singled-handedly fund Telegram, costing him, he says, over a million dollars a month.

Lesley Stahl: This was something that you created to allow democracy to flourish, to allow dissidents in Russia and in other countries to communicate with each other. And then all of a sudden you find out that this terrorist group uses your site for completely different reasons.

Pavel Durov: Yeah, we were horrified.

Lesley Stahl: There's an irony there.

Pavel Durov: There is. But you know there's little you can do because if you allow this tool to be used for good, there will always be some people who would misuse it.

Just hours after the terrorists hit Paris on the night of November 13, ISIS used Telegram to take credit for the attacks. It was a wake-up call for European authorities.

Rob Wainwright: It's the first time ever in Europe that we had terrorists rampaging through our streets. First time we had terrorists wearing suicide belts in heavily populated, public areas.

As head of Europol, Rob Wainwright gathers and analyzes information from over 600 law enforcement agencies. He has set up a new counter terrorism center to better coordinate all the intelligence.

Lesley Stahl: How much is encryption a problem generally in these investigations?

Rob Wainwright: In most of them. I mean, across the tens of thousands of investigations that Europol is supporting every year on terrorism and serious crime, at least three quarters of them have encryption at the heart of the challenge that law enforcement face.

Lesley Stahl: Now, what about the November 13th attack specifically?

Rob Wainwright: From what we see, encryption also played a role in that part and that's something that we we're digging into much deeper at the moment.

Lesley Stahl: Why is it still a mystery?

Rob Wainwright: It's not-- not so much of a mystery. It's not that I can share all the details about a very sensitive investigation in public.

We know that the ringleader of the attack, 28-year-old Abdelhamid Abaaoud, was a wanted fugitive who goaded authorities by bragging in this online ISIS magazine how easily he eluded them shuttling between Europe and Syria. He liked taking selfies of his exploits, often posting them online. In this gruesome video, he and his friends tie bodies to the back of a truck, Abaaoud in the driver's seat:

[Abdelhamid Abaaoud (translator): We used to tow jet skis - now we tow the infidels fighting us.]

Lesley Stahl: What is astonishing is that you knew who he was. He was on everybody's radar screen.

Francois Molins (translator): You're right. Abaaoud-- he has been one of the major targets for France and Belgium counterterrorism for many months.

Before Paris, Abaaoud was suspected of guiding European jihadis in attacks in France and Belgium, but the attempts were all foiled. In one of them an iPhone belonging to one of the jihadis was confiscated but it was not useful in finding Abaaoud, because it was encrypted.

Lesley Stahl: We've been told, and I want to confirm it, that the encrypted phone may have prevented you from getting information about the Paris attacks.

Francois Molins (translator): That's a theory that really needs to be looked into, but to do so, we really need to be able to get into that phone. You know, I say, all these smart phones make justice blind because they deprive us of a lot of information that could contribute to our investigations.

Abaaoud was on site in Paris on the night of November 13, coordinating three different teams over his phone: one group, at a soccer stadium, exploded their suicide vests outside. Abaaoud and two others went on a killing spree at bars and cafes... while a third team stormed a rock-concert at the Bataclan theater and started shooting.

Francois Molins (translator): I said to myself: "The thing that we'd been fearing was coming for months, was now happening."

The prosecutor rushed to the scene - first to the cafes where Abaaoud had already sprayed the sites with an assault rifle.

Francois Molins (translator): We know that he participated in the commando attacks at the cafes. Afterwards we see him in a video in the Paris subway. And we do believe that he went maybe just in front of the Bataclan.

The prosecutor also went from the cafes to the Bataclan. What he didn't know was that Abaaoud was outside the theater at the same time, amid throngs of police, standing there in his orange sneakers - apparently talking on the phone to the shooters inside. While police didn't spot him there, he was tracked down to an apartment in a Paris suburb five days later, and killed in a hail of gunfire and explosions.

In a stroke of luck police found a Samsung phone one of the attackers had tossed into a garbage can in front of the Bataclan, and it posed no encryption problems.

Francois Molins (translator): We were able to get information from phone communications that enabled us to retrace the terrorists movements: where they were, where they stayed, their itineraries.

Standard text messages were found on the phone including a final one saying, "Here we go. We're starting!" Also found, the app Telegram. It had been downloaded the day of the attack.

Lesley Stahl: But you personally don't know if the attackers actually communicated via Telegram to plot these coordinated attacks, or even if they used it during the attacks?

Pavel Durov: No, we have no information to prove that.

Lesley Stahl: Is there anything in your mind that says, "Gee, we have to have - to allow law enforcement to get in because what's going on is just unacceptable.

Pavel Durov: You know the interesting thing about encryption is that it cannot be secure just for some people.

Lesley Stahl: ISIS and other terrorist groups, they just push a button on an application like yours, specifically yours, an application... and it's gone around the world, like that.

Pavel Durov: Well again, this is the world of technology and it's impossible to stop them at this point. ISIS could come up with their own messaging solution within a month or so, if they wanted to because the--

Lesley Stahl: You mean create their own Telegram?

Pavel Durov: Exactly.

Since Paris, Durov has been purging ISIS propaganda from Telegram but says, if asked to unlock any private messages, he would tell the authorities that the encryption code makes it mathematically impossible, using a similar argument as Apple.

Lesley Stahl: So you're basically saying that even if you wanted to, your hands are tied.

Pavel Durov: Yes.

Lesley Stahl: You can't do it.

Pavel Durov: We cannot.

Lesley Stahl: So this is one of the great debates of our time. Which is more important? Is it more important to shut down this kind of terrorism or preserve privacy?

Pavel Durov: I'm personally for the privacy side. But one thing that should be clear is that you cannot make just one exception for law enforcement without endangering private communications of hundreds of millions of people because encryption is either secure or not.

Lesley Stahl: The founder of Telegram has told us, he thinks privacy is more important than security issues, and he wouldn't open it up even if you did ask him.

Francois Molins (translator): Fine, that's his personal choice. But I consider that there are limits in all societies. There are limits to freedom and privacy. Freedom doesn't mean you can just do anything and everything you want. And there's a duty of institutions -- police and judicial -- to ensure security. You can't have freedom without security.

2016 CBS Interactive Inc. All Rights Reserved.

Go here to see the original:
The Encryption Debate - CBS News

1. What is an encryption registration? How long does it take to receive a response from BIS for my encryption registration?

2. Who is required to submit an Encryption Registration, classification request or self-classification report?

3. What are my responsibilities for exporting or re-exporting encryption products where I am not the producer?

4. What should I do if I cannot obtain the encryption registration Number (ERN) or the Export Control Classification Number (ECCN) for the item from the producer or manufacturer?

5. Can a third-party applicant submit an encryption registration and self-classification report on my behalf?

6. How do I report exports and reexports of items with encryption?

7. Can I export encryption technology under License Exception ENC?

8. What is non-standard cryptography?

9. How do I complete Supplement No. 5 if I am a law firm or consultant filing on behalf of a producer of encryption items?

10. What if you are not the producer of the item or filing directly on behalf of the producer (e.g., law firm/consultant)?

11. What do I need to submit with an encryption commodity classification request in SNAP-R?

12. Is Supplement No. 6 to Part 742 required for obtaining paragraph 740.17(b)(1) authorization?

13. How do I submit a Supplement No. 8 Self-Classification Report for Encryption Items?

14. When do I file Supplement No. 8 Self-Classification Report for Encryption Items?

15. What is Note 4?

16. I have an item that was reviewed and classified by BIS and made eligible for export under paragraph (b)(3) of License Exception ENC in 2009. The encryption functionality of the item has not changed. This item is now eligible for self-classification under paragraph (b)(1) of License Exception ENC. What are my responsibilities under the new rule?

17. When do I need a deemed export license for encryption technology and source code?

18. Does the EAR definition of "OAM" include using encryption in performing network security monitoring functions?

1. What is an Encryption Registration? How long does it take to receive a response from BIS for my Encryption Registration?

Encryption registration is a prescribed set of information about a manufacturer and/or exporter of certain encryption items that must be submitted to the Bureau of Industry and Security as a condition of the authorization to export such items under License Exception ENC or as mass market items.

Advance encryption registration is required for exports and reexports of items described in paragraphs 740.17(b)(1), (b)(2), and (b)(3) and paragraphs 742.15(b)(1), and (b)(3) of the Export Administration Regulations (EAR). Registration is made through SNAP-R by submitting the questionnaire set forth in Supplement No. 5 to part 742 of the EAR (point of contact/company overview/types of products/ etc.). Registration of a manufacturer authorizes the manufacturer as well as other parties to export and reexport the manufacturers encryption products that the manufacturer has either self-classified or has had the items classified by BIS, pursuant to the provisions referenced above. A condition of the authorization is that the manufacturer must submit an annual self-classification report for relevant encryption items.

How long does it take to receive a response from BIS for my encryption registration?

Once you have properly registered with BIS, the SNAP-R system will automatically issue an Encryption Registration Number (ERN), e.g., R123456, upon submission of a request. BIS estimates that the entire registration procedure should take no more than 30 minutes.

2. Who is required to submit an encryption registration, classification request or self-classification report?

Any party who exports certain U.S.-origin encryption products may be required to submit an encryption registration, classification request and/or self-classification report; however, if a manufacturer has registered and has self-classified relevant items and/or had items classified by BIS, and has made the classifications available to other parties such as resellers and other exporters/reexporters, such other parties are not required to register, to submit a classification request, or to submit an annual self-classification report.

3. What are my responsibilities for exporting or re-exporting encryption products where I am not the product manufacturer?

Exporters or reexporters that are not producers of the encryption item can rely on the Encryption Registration Number (ERN), self-classification report or CCATS that is published by the producer when exporting or reexporting the registered and/or classified encryption item. Separate encryption registration, commodity classification request or self-classification report to BIS is NOT required.

Please continue to the next question if the information is not available from the producer or manufacturer.

4. What should I do if I cannot obtain the Encryption Registration Number (ERN) or the Export Control Classification Number (ECCN) for the item from the producer or manufacturer?

If you are not the producer and are unable to obtain the producers information or if the producer has not submitted an encryption registration, self-classification report or commodity classification for his/her products to BIS, then you must register with BIS. The registration process will require you to submit a properly completed Supplement No. 5 to part 742 and subsequent Supplement No. 8 Self Classification Report for the products. You will receive an ERN for the registered products or CCATSs as appropriate. BIS recognizes that non-producers who need to submit for encryption registration may not have all of the information necessary to complete Supplement No. 5 to part 742. Therefore, special instructions have been included in Supplement No. 5 to account for this situation.

For items described in Part 740.17(b)(2) and (b)(3) or Part 742.15(b)(3) that require the classification by BIS, the non-producer is required to submit as much of the technical information required in Supplement No. 6 to part 742 - Technical Questionnaire for Encryption Items as possible.

5. Can a third-party applicant submit an encryption registration and self-classification report on my behalf?

Yes, special instructions for this purpose are provided in paragraph (r) of Supplement No. 2 to part 748 of the EAR for this purpose. The information in block 14 (applicant) of the encryption registration screen and the information in Supplement No. 5 to part 742 must pertain to the company that seeks authorization to export and reexport encryption items that are within the scope of this rule. An agent for the exporter, such as a law firm, should not list his/her name in block 14. The agent however may submit the encryption registration and list himself/herself in block 15 (other party authorized to receive license) of the encryption registration screen in SNAP-R.

6. How do I report exports and reexports of items with encryption?

All reports (i.e., the semi-annual sales report and the annual self-classification report) must be submitted to both BIS and the ENC Encryption Request Coordinator.

An annual self-classification report is required for producers of encryption items described by paragraphs 740.17(b)(1) and 742.15(b)(1) of the EAR. The information required and instruction for this report is provided in Supplement No. 8 to Part 742-Self-Classification Report for Encryption Items. Reports are submitted to BIS and the Encryption Request Coordinator in February of each year for items exported or reexported during the previous calendar year (i.e., January 1 through December 31) pursuant to the encryption registration and applicable sections740.17(b)(1) or 742.15(b)(1) of the EAR. Annual self-classification reports are to be submitted to This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it..

Semi-annual sales reporting is required for exports to all destinations other than Canada, and for reexports from Canada for items described under paragraphs (b)(2) and (b)(3)(iii) of section 740.17. Paragraph 740.17(e)(1(iii) contains certain exclusions from this reporting requirement. Paragraphs 740.17(e)(1)(i) and (e)(1)(ii) contains the information required and instructions for submitted the semi-annual sales reports. The first report is due no later than August 1 for sales occurring between January 1 and June 30 of the year, and the second report is due no later than February of the following year for sales occurring between July 1 and December 31 of the year. Semi-annual sales reports continue to be submitted to: This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it..

7. Can I export encryption technology under License Exception ENC?

Yes, License Exception ENC is available for transfer of encryption technology. Specifically, paragraph 740.17(b)(2)(iv) has been amended to permit exports and reexports of encryption technology as follows:

(A) Technology for "non-standard cryptography". Encryption technology classified under ECCN 5E002 for "non-standard cryptography", to any end-user located or headquartered in a country listed in Supplement No. 3 to this part;

(B) Other technology. Encryption technology classified under ECCN 5E002 except technology for "cryptanalytic items", "non-standard cryptography" or any "open cryptographic interface," to any non-"government end-user" located in a country not listed in Country Group D:1 or E:1 of Supplement No. 1 to part 740 of the EAR.

8. What is non-standard cryptography?

Non-standard cryptography, defined in Part 772 Definition of Terms, means any implementation of cryptography involving the incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body (e.g., IEEE, IETF, ISO, ITU, ETSI, 3GPP, TIA, and GSMA) and have not otherwise been published.

9. How do I complete Supplement No. 5 if I am a law firm or consultant filing on behalf of a producer or exporter of encryption items?

The information in Supplement No. 5 to Part 742must pertain to the registered company, not to the submitter. Specifically, the point of contact information must be for the registered company, not a law firm or consultant filing on behalf of the registered company.

10. What if you are not the producer of the item or filing directly on behalf of the producer (e.g., law firm/consultant)?

You may answer questions 4 and 7 in Supplement No. 5 to part 742as not applicable if your company is not the producer of the encryption item. An answer must be give for all other questions. An explanation is required when you are unsure.

11. What do I need to submit with an encryption commodity classification request in SNAP-R?

Encryption commodity classification determinations should be submitted through SNAP-R. Before entering SNAP-R, you should prepare the following supporting documents:

After accessing SNAP-R, fill-in a commodity classification determination request and upload the supporting documents into SNAP-R.

12. Is Supplement No. 6 to part 742 required for paragraph 740.17(b)(1) authorization?

If you are requesting a classification of an item is described in paragraph 740.17(b)(1) (in other words, the item is not described in either Section 740.17(b)(2) or (b)(3)), a Supplement No. 6questionnaire is not required as a supporting document. Provide sufficient information about the item (e.g., technical data sheet and/or other explanation in a separate letter of explanation) for BIS to determine that the item is described in paragraph 740.17(b)(1). If you are not sure that your product is authorized as 740.17(b)(1) and you want BIS to confirm that it is authorized under 740.17(b)(1), providing answers to the questions set forth in Supplement No. 6 to part 742 with your request should provide BIS with sufficient information to make this determination.

13. How do I submit a Supplement No. 8 Self Classification Report for Encryption Items?

The annual self-classification report must be submitted as an attachment to an e-mail to BIS and the ENC Encryption Request Coordinator. Reports to BIS must be submitted to a newly created e-mail address for these reports (This email address is being protected from spambots. You need JavaScript enabled to view it.). Reports to the ENC Encryption Request Coordinator must be submitted to its existing e-mail address (This email address is being protected from spambots. You need JavaScript enabled to view it.). The information in the report must be provided in tabular or spreadsheet form, as an electronic file in comma separated values format (CSV), only. In lieu of email, submissions of disks and CDs may be mailed to BIS and the ENC Encryption Request Coordinator.

14. When do I file Supplement No. 8 Self-Classification Report for Encryption Items?

An annual self-classification report for applicable encryption commodities, software and components exported or reexported during a calendar year (January 1 through December 31) must be received by BIS and the ENC Encryption Request Coordinator no later than February 1 the following year. If no information has changed since the previous report, an email must be sent stating that nothing has changed since the previous report or a copy of the previously submitted report must be submitted.

15. What is Note 4?

Note 4 to Category 5, Part 2 in the Commerce Control List (Supplement No. 1 to part 774) excludes an item that incorporates or uses cryptography from Category 5, Part 2 controls if the items primary function or set of functions is not information security, computing, communications, storing information, or networking, andif the cryptographic functionality is limited to supporting such primary function or set of functions. The primary function is the obvious, or main, purpose of the item. It is the function which is not there to support other functions. The communications and information storage primary function does not include items that support entertainment, mass commercial broadcasts, digital rights management or medical records management.

Examples of items that are excluded from Category 5, Part 2 by Note 4 include, but are not limited to, the following:

16. I have an item that was reviewed and classified by BIS and made eligible for export under paragraph (b)(3) of License Exception ENC in 2009. The encryption functionality of the item has not changed. This item is now eligible for self-classification under paragraph (b)(1) of License Exception ENC. What are my responsibilities under the new rule?

Your item meets the grandfathering provisions set forth in section 740.17(f)(1) of the EAR. You do not need to submit an encryption registration (Supplement No. 5), an annual self-classification report (Supplement No. 8), or semi-annual sales reports for the item.

17. When do I need a deemed export license for encryption technology and source code?

A license may be required in certain circumstances for both deemed exports and deemed reexports. For encryption items, the deemed export rules apply only to deemed exports of technology and to deemed reexports of technology and source code. There are no deemed export rules for transfers of encryption source code to foreign nationals in the United States. This is because of the way that section 734.2 defines exports and reexports for encryption items.

For transfers of encryption technology within the United States, section 740.17(a)(2) of license exception ENC authorizes the export and reexport of encryption technology by a U.S. company and its subsidiaries to foreign nationals who are employees, contractors, or interns of a U.S. company . . . There is no definition of U.S. company in the EAR, however, BIS has interpreted this to apply to any company operating in the United States. This means that deemed export licenses are generally not required for the transfer of encryption technology by a company in the U.S. to its foreign national employees. A deemed export license may be required if, for example, a company operating in the U.S. were to transfer encryption technology to a foreign national who is not an employee, contractor, or intern of a company in the United States. License exception ENC does not authorize deemed exports or reexports to any national of a country listed in Country Group E:1.

For deemed reexports, the end-user would have to be an employee, contractor, or intern of a U.S. Subsidiary for 740.17(a)(2) to apply, or a private sector end-user headquartered in a Supplement 3 country for 740.17(a)(1) to apply. The term contractor in this context means a contract employee (i.e., a human person). License exception ENC does not authorize deemed exports or reexports to any national of a country listed in Country Group E:1.

Also note that as of June 25, 2010, encryption technology (except technology for cryptanalytic items, Open Cryptographic Interface items, and non-standard cryptography) that has been reviewed is eligible for license exception ENC to any non-government end user located outside of Country Group D:1. Also, encryption source code that has been reviewed by BIS and made eligible for license exception ENC under 740.17(b)(2) is eligible for export and reexport to any non-government end-user. Thus encryption technology and source code that have been reviewed are eligible for export and reexport to a broader range of end-users than 740.17(a) allows. Again, section 740.17 does not authorize deemed exports or reexports to any national of a country listed in Country Group E:1.

18. Does the EAR definition of "OAM" include using encryption in performing network security monitoring functions?

No. The definition of "OAM" includes "monitoring or managing the operating condition or performance of an item." BIS does not consider network security monitoring or network forensics functions to be part of monitoring or managing operating condition or performance.

The phrase "monitoring or managing the operating condition or performance of an item" is meant to include all the activities associated with keeping a computer or network-capable device in proper operating condition, including: configuring the item; checking or updating its software; monitoring device error or fault indicators; testing, diagnosing or troubleshooting the item; measuring bandwidth, speed, available storage (e.g. free disk space) and processor / memory / power utilization; logging uptime / downtime; and capturing or measuring quality of service (QoS) indicators and Service Level Agreement-related data.

However, the "OAM" definition does not apply to cryptographic functions performed on the forwarding or data plane, such as: decrypting network traffic to reveal or analyze content (e.g., packet inspection and IP proxy services); encrypting cybersecurity-relevant data (e.g., activity signatures, indicators or event data extracted from monitored network traffic) over the forwarding plane; or securing the re-transmission of captured network activity.

Thus, products that use encryption for such network security monitoring or forensics operations, or to provision these cryptographic services, would not be released by the OAM decontrol notes (l) or (m), or the Note to 5D002.c.

Similarly, the "OAM" decontrol does not apply to security operations directed against data traversing the network, such as capturing, profiling, tracking or mapping potentially malicious network activity, or "hacking back" against such activity.

Back to top

See the original post:
Encryption FAQs - Bureau of Industry and Security