Software makers near pact with NSA on sale of encoding programs

March 24, 1992|By John Markoff | John Markoff,New York Times News Service n

An organization representing the nation's largest publishers of software for desktop computers is close to completing a confidential agreement with the National Security Agency to permit the sale abroad of programs that contain special data-security functions.

Sales of software with the ability to encode information are now tightly controlled by the agency, a State Department unit that licenses the export of weapons.

But U.S. software publishers have been putting pressure on the government to loosen controls on programs that contain such cryptographic features because they are hampering the ability of American companies to compete internationally.

The proposed deal, outlined in an internal memo circulated among some members of the Software Publishers Association, has brought angry opposition from some computer experts and hardware manufacturers, who say that the negotiations should be out in the open and who contend that the compromise being discussed would offer inadequate privacy for computer users.

The memo acknowledged that there were still issues to be resolved between the association and the NSA. And some computer executives say they believe the agency may be dragging its feet and is not seriously considering reaching a final resolution of the issue.

Modern encryption techniques generally involve hiding data by using a formula that employs a numerical "key" to encode and decode the information.

Some of these encryption formulas, including those that may be adopted under the proposed agreement, permit a variable key size. The longer the key, the more difficult it is to break the code, even when using high-speed computers in the code-cracking effort.

Critics of the proposed agreement contend that the industry has agreed to an arbitrarily short key that would permit the NSA to examine documents in which it is interested; the agency employs some of the world's most powerful supercomputers.

Since the early 1950s, the U.S. government has treated commercial cryptographic technology as a weapon because it has feared that codes could be used to hide information from U.S. intelligence agencies, including the NSA, which is responsible for high-tech spying.

The agreement being secretly negotiated by American software makers and the agency would permit companies like Microsoft, Lotus Development, Novell and Wordperfect to build cryptographic routines into programs for sale abroad, so that users could protect their data -- whether in electronic mail, text, spreadsheets or data bases.

Such privacy features are considered increasingly important, as modern desktop computers are connected in large data networks and used in commercial transactions.

The internal memorandum, which was circulated to the Software Publishers Association's governmental affairs committee on March 11, says the NSA has said that two cryptographic programs commercially available from RSA Data Security, a Redwood, City, Calif., software company, are acceptable for inclusion in mass-market software.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.