The National Security Agency may have broken new ground by allowing foreign sales of a complex encryption program for business users, software exporters say.
The system for transmitting coded messages between personal computers over phone lines is the product of Delta Tech Inc. of Silver Spring.
Stephen D. Bryen, the company's president, said export jurisdiction over the company's "Secom" encryption package has moved from the State Department's munitions control list to the Commerce Department, a prelude to licensing for export.
Some industry experts view the move as significant, because it may be the first time the agency has cleared such a complicated encryption system for foreign sale.
"It sounds more complex than anything else I've heard of," said David Peyton, senior director of government relations with the Information Technology Association of America, a computer industry trade group. "It may represent a new high in what NSA is willing to let go."
Software groups have been locked in a long-running battle with the National Security Agency over export curbs on encryption devices, including some of the simplest coding features of over-the-counter business software packages. The result is that popular programs have remained stuck on the munitions list rather than being subject to common Commerce Department licensing procedures.
Critics of the National Security Agency have charged that the limits mean many business travelers are technically breaking the law by carrying their laptop computers overseas.
The controls are hurting U.S. market share, rather than stemming the spread of the technology to hostile nations, they say. Programs using the government's own Data Encryption Standard have even turned up for sale in Moscow.
"I think that NSA has been generally quite unrealistic about what's out there on the European market," said Eric L. Hirschhorn, a former Commerce Department official, now a lawyer at the Washington firm of Winston & Strawn, who represents computer exporting associations.
Legislation sponsored by Rep. Mel Levine, a California Democrat, would shift all "mass market" software from the munitions list to the Commerce Department, although President Bush has threatened to veto the measure. The National Security Agency is said to be negotiating with the software publishers on a compromise.
The Secom program would apparently squeeze within the bounds of the compromise but make coded business messages much tougher to break. The National Security Agency declined to discuss the program, citing the proprietary nature of product information.
According to Delta Tech, the system would work by creating a coded "key" for communications, using a total of 56 bits of data.
The sending computer would first generate a "key shadow" of 28 bits by a random number selection that would then be subject to a mathematical operation.
The receiving computer would create a complementary key shadow by the same process without prearrangement, establishing a "handshake" before transmission of the actual key and encoded data. Both the random number and the computation would have to be known to duplicate the key, said (( Mr. Bryen, a former deputy undersecretary in the Defense Department. A new key would be created each time.
The program, expected to sell for about $100, uses a new algorithm that closely resembles Data Encryption Standard but has been cleared by the NSA, he said.