X

PGP crypto approved for export

The federal government grants an export license to a company it once sued for defying U.S. regulations.

2 min read
The U.S. government has granted an encryption export license to one of the biggest thorns in its side.

Pretty Good Privacy says it has won approval to export strong encryption technology overseas. The license allows PGP to export technology up to 128 bits without a key recovery plan; the government's regular licenses limit exports to 56 bits.

Key recovery means that the cryptographic keys used to decode encrypted information must be available if a law enforcement agency has a court order for access to the data.

PGP's founder, cryptographer Phil Zimmermann, became something of a cause celebre when his technology was posted on the Net in defiance of laws prohibiting international distribution of encryption technology. Zimmermann came close to being charged before the government dropped its case.

To date, the government had only approved 128-bit encryption exports for technology that protects financial transactions. But PGP technology can encrypt any kind of digital communication, including its email product, now called Personal Privacy. The company said that more than half of Fortune 100 companies use its email software.

The export license does not cover foreign offices of U.S. firms in embargoed countries, namely Cuba, Iran, Iraq, Libya, North Korea, Sudan, or Syria.

PGP said it still opposes export controls on encryption products but welcomed the permission as a boon to encryption needs of U.S. firms overseas.

The company still has another old foe to worry about. Encryption software firm RSA Data Security earlier this month filed a lawsuit against PGP over royalties RSA wants to collect. The suit alleges that PGP is using RSA technology licensed to Lemcom before its merger with PGP in 1996. PGP representatives say the dispute should be arbitrated as stated in the contract and that RSA's claims are without merit.