Internet

448-bit encryption approved

A Tennessee firm wins U.S. approval to export its new software with encryption far stronger than most current export licenses.

On the eve of an encryption meeting between the FBI and major technology companies, a tiny Tennessee firm has won U.S. approval to export its new software that contains encryption of up to 448 bits, far stronger than most current crypto export licenses.

Computer Sentry Software said the Commerce Department has approved, with virtually no conditions, its CyberAngel EXR software for export.

CyberAngel, a desktop encryption software for networked computers, includes the ability for an employer to recover data encrypted by a user. Law enforcement could similarly get access to encrypted data with a court order.

But unlike encryption products, CyberAngel's key to unlock one user's data is unique to that individual, W. Dyrk Halstead, Computer Sentry's CEO, said. Thus, giving the government the key for one user's data does not allow investigators to look at anyone else's data.

"There is no back door, no universal key, no key on file with the government. We can provide [a back-up key] so it is computer-specific," Halstead said. The product associates a user's password with an encryption key, giving either a company or Computer Sentry, which runs a service that tracks use of PCs it has registered.

Although Halstead insists the timing of the announcement is not connected to tomorrow's crypto conference, federal officials may use it to bolster their position.

"The department has found a win-win solution for the government and the U.S. software industry with Computer Sentry Software's encryption product," William Reinsch, undersecretary of the Commerce Department's bureau of export administration, said in a statement.

"The Commerce Department is dedicated to working with software companies like CSS to sustain and improve the United States' global competitive position for encryption products," Reinsch's statement said.

Tomorrow's meeting will bring Justice Department officials, FBI director Louis Freeh, (a staunch advocate of tight controls on encryption exports to give law enforcement a way to see encrypted data with a court order), and industry executives together. Companies expected to attend include America Online, AT&T, Netscape Communications, Microsoft, MCI Communications, Novell, and Sun Microsystems, among others.

Sen. Dianne Feinstein (D-California) and Sen. Jon Kyl (R-Arizona) reportedly arranged the meeting . Last fall, they backed the FBI's request for mandatory key-recovery systems in domestic encryption products, a move that angered Silicon Valley and privacy groups.

Hopes have dimmed for a legislative solution this year to the encryption debate, but groups like Americans for Computer Privacy (ACP), which includes industries that use encrypted software, have been in discussions with White House officials to negotiate a compromise.

"My feeling is that the current export policies are not going to undergo any material change any time soon," Halstead said. Computer Sentry developed the capability to recover just one user's data for its product and that export approval, while important for overseas sales, came as an added bonus. Approval by the Commerce Department took about three months, he added.

To use Computer Sentry's system, a user must provide the right password on the proper machine at the correct time when signing on to use either the computer or the encrypted data on its hard drive. Otherwise an alert is sent to whomever is monitoring the machine to warn of an unauthorized effort to access the machine or data.

CyberAngel EXR offers three encryption algorithms: 448-bit "Blowfish," 128-bit EMD-2 and 56-bit DES, the U.S. government's Data Encryption Standard.

The product is available from Computer Sentry's Web site, InfoWar's site, and from Fry's Electronics.