U.S. to allow exports of encryption Howard firm's product is key to compromise on 'the big one'

Code power for consumers

Trusted Information expected to reap $8 million annually

March 28, 1997|By Timothy J. Mullaney | Timothy J. Mullaney,SUN STAFF

The federal government has agreed to allow the export of the strongest computer encryption systems on the market, paving the way for consumers to have the sort of code-scrambling capability the government feared would fall into the hands of terrorists.

But only if the software also contains a security feature invented by a Howard County firm.

Trusted Information Systems Inc. of Glenwood said yesterday that it has received approval to export encryption systems with mathematical codes far longer and more complex than those the United States has let leave the country before.

"This is the best crypto you can ever get, and you can ship it around the world," Trusted Chief Executive Stephen T. Walker said. "This is the big one."

But the systems can leave the country only if they have "key recovery" technology, which lets the mathematical key that descrambles the coded computer file be recovered with the cooperation of a private "key escrow" agent who holds a related code. Government agents, with a court's backing, can request that the files be decoded.

The key recovery technology was pioneered by Trusted, which holds key patents that have led to joint ventures with computing giants like Hewlett-Packard, IBM and Microsoft.

Companies such as Trusted have long been stymied by U.S. export law. They have not been able to sell strong encryption solutions within the United States while telling international customers that they could not buy the latest technology. The result has been that encryption has been slow to catch on.

The Clinton administration had signaled last fall that it would allow export of 128-bit encryption systems if they incorporated key recovery. Yesterday's announcement made it official.

Trusted Information executives have claimed that a 128-bit encryption code is "hundreds of millions of times harder" for intruders to crack than the 40-bit encryption built into popular Web browsers such as Netscape Navigator. Until last fall, 40-bit encryption was the strongest the U.S. would allow companies to export.

"It's good for American business" to relax the rules, said Dorothy Denning, a Georgetown University computer science professor who has been part of the battle over encryption exports between the administration, which in 1993 proposed to allow such exports only if the descrambling key codes were registered with federal agencies, and libertarians who oppose any limits on encryption.

The computer industry has mostly sided with the opposition, which has roots in the academic computing world as well as the hacker community. It argued that unless strong encryption could be built into everyday software like World Wide Web browsers, spreadsheets and word processing programs, business users would choose products from foreign manufacturers who do not face export limits on encryption.

In addition, they argued, Internet-based commerce could not take off until businesses could send trade secrets, legally privileged documents and other confidential information over the Internet without fear that it might be intercepted.

Walker said yesterday's announcement means that ordinary software for the consumer market will soon have the features the Clinton administration has feared would let drug dealers and airplane bombers plan their misadventures with impunity, with law enforcement officials unable to wiretap their transmissions.

"We expect to be able to sell [key-recovery technology] in large quantities as part of mass-market software packages," Walker said.

Trusted's export approval hardly ends the debate over encryption exports. Libertarians are trying to get the compromise that paved the way for export approval overturned in Congress, and both Republican and Democratic senators have argued that the "key escrow" rules give government officials too much control.

They think the software industry should be able to export strong encryption without the government's mandating that anyone have a "spare key" to descramble the files -- even if a private company, rather than a government agency, is the one that holds the spare key.

"As we move into a digital world, we want to give people the equivalent of strong deadbolt locks," said Matt Raymond, a spokesman for Sen. Conrad Burns, a Montana Republican.

Lance Hoffman, a computer scientist at George Washington University, said the administration appears to be backing away from last fall's compromise over encryption policy.

He and Denning said the White House is seeking congressional support for a bill that would let government officials get access to descrambling codes from escrow agents with only a written request, rather than the court order typically required for approval of a wiretap request.

"The rules are up in the air still, even though [key recovery] works beautifully technically," Hoffman said. "Is anyone going to buy it knowing that there is a string attached, when no one knows what the string is?"

Walker said many corporations want to buy key-recovery systems even if they are free to encrypt their computer files without one. He said he is comfortable with analysts' projections that Trusted will sell $8 million worth of key-recovery related products and services annually by next year.

Pub Date: 3/28/97

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.