V-One gets OK to export stronger encryption systems

April 16, 1997|By Timothy J. Mullaney | Timothy J. Mullaney,SUN STAFF

V-One Corp. has received federal approval to export much stronger computer-encryption systems than U.S. officials have allowed out of the country before.

The small Rockville computer-security firm claims the approval is a watershed in the four-year battle over how much control the government should have to limit encryption in order to fight international crime and terrorism.

V-One claims its system is the first one the government has approved for export that does not require system "keys" -- complicated algorithms that unravel the encryption codes -- to be placed on file with a third party, other than the computer's owner.

But V-One's claim was immediately challenged by computer-privacy advocates and by a key supplier and a key competitor of V-One.

James Chen, V-One's chief executive, would say little last night about the immediate commercial prospects of the system, which V-One calls Trusted First Party. V-One, which had $6 million in sales last year, went public in October.

The company's news announcement contains a quote from an MCI Communications Corp. executive calling the product "another enhancement in the alliance relationship between V-One and MCI."

But V-One would not confirm or deny whether MCI is actually buying Trusted First Party, which is to be built onto an existing V-One security product.

The Clinton administration, which insisted since 1993 that encryption could only be exported if the keys were registered with a government agency, partially backed down last fall and said it would allow export of strong encryption systems that included "key recovery" technology.

That technology, developed by Glenwood-based Trusted Information Systems Inc., would let a private-sector "trusted third party" hold codes that allow a computer's owner to recover the keys, which are built into the computer file. Trusted introduced that product expecting it to be used mostly by corporations that wanted to monitor how employees use company-owned computers, or when the government got a warrant demanding the key-recovery algorithms.

Finding a system the government will let out of the country is seen as vital to the development of the Internet as a place to do business. Corporations have backed away from moving sensitive information, such as trade secrets and legal files, for fear they can be intercepted if they are encrypted with systems the government has previously let out of the country. Consumers have been reluctant to send their credit card numbers through cyberspace for the same reason.

The industry has contended that U.S. export approval is vital because no one will adopt a standard that can't be used worldwide.

V-One says its approval is the first that allows customers to bypass a third party. But Trusted Information Systems' Chief Executive Stephen T. Walker said that's not true. He said federal officials have given major foreign corporations such as TIS client Royal Dutch Shell permission to hold their own corporate decryption keys.

"Most people buying ours run their own key-recovery centers," Walker said. "If that's what it is, it's not new."

Walker said V-One's solution may also run afoul of TIS patents.

James Bidzos, president of RSA Data Security Inc. in Redwood City, Calif., mostly agreed with Walker. He said his firm, among others, also has received permission to export strong encryption products that rely on offshore corporations to hold their own keys.

"It's not without precedent," Bidzos said. "We've done things like this too. They [V-One] asked me for a quote and I gave them one."

Chen said V-One's system works differently from Trusted's, because none of the codes that encrypt and decrypt computer files will be made a part of the files, as they are in Trusted's system.

Instead, V-One's technology will allow the codes to be deduced from information that is stored separately. He said that is more secure.

Shari Steele, an attorney for the Electronic Frontier Foundation, which has opposed all of the government's efforts to limit encryption exports, said V-One's move doesn't appear to change much.

"From a libertarian perspective, it stinks," she said.

She said individual computer users, rather than the government or even corporate computer owners, should control the keys to encrypted files.

Pub Date: 4/16/97

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.