Internet

Hot week for encryption

The SAFE and Pro-Code bills see heated debate in Congress this week while new crypto products continue to be rolled out.

Encryption is a hot topic both inside and outside the Beltway this week.

The Senate Commerce Committee Wednesday heard testimony for and against the so-called Pro-Code bill, which aims for a second straight year to overthrow federal limits on the export of encryption and encrypted software. The House Judiciary subcommittee on courts and intellectual property held hearings yesterday on Pro-Code's sister bill, the Security and Freedom through Encryption Act, or SAFE.

Like the earlier Pro-Code session, yesterday's SAFE hearings featured testimony from government officials supporting a "key recovery" system that would give law enforcement officials with court orders the ability to intercept and unlock encrypted messages and stored data.

Speaking against the government and in favor of SAFE were representatives of online rights organizations, corporate lawyers, and even Phyllis Schlafly, president of the conservative Eagle Forum. SAFE was reintroduced last month by Rep. Bob Goodlatte (R-Virginia) after an unsuccessful try last year.

"Are we worried about the Justice Department abusing its power to eavesdrop on our computer messages? You bet we are," Schlafly said in her statement. "The FBI abuses are such that, to give the FBI access to our computer messages would be a long, dangerous step toward making America a totalitarian state."

The following speakers were also included in the day's hearings: Commerce Undersecretary William Reinsch, who oversees the Bureau of Export Administration; National Security Agency Deputy Director William Crowell; Bob Litt, deputy assistant attorney general at the Justice Department's Criminal Division; Ira Rubinstein, Microsoft senior corporate attorney; Roberta Katz, general counsel of Netscape Communications; Jerry Berman, executive director of the Center for Democracy and Technology; Marc Rotenberg, director of the Electronic Privacy Information Center, and Phil Karn, a cryptographer for Qualcomm who is contesting the government's encryption export rules in court.

While some lawmakers, industry leaders, and privacy advocates challenge the government rules, which are administered by the Commerce Department, other companies have worked to obtain export licenses:

  • Lincoln, Nebraska-based Transcrypt International TRII has received U.S. government permission to export its Dual Mode Encryptor telephony privacy products using a 56-bit DES encryption algorithm. Information Resource Engineering IREG has also received an export license for its line of network security systems. IRE and Transcrypt follow several other companies that have acquired licenses since the new rules took effect January 1. One of those companies, Cylink, announced this week that it will make available its CyKey key recovery technology to third parties.

  • Instead of conforming to government strictures, Pretty Good Privacy is looking to exploit loopholes to send its encryption abroad, according to a recent report in Interactive Week. PGP is close to signing licensing agreements with European software makers that would let the companies use the PGP name and code without infringement of copyright, according to the report. If that were to happen, PGP could not transfer knowledge or technology outside the United States.

  • California-based C2Net on Monday will release an encryption program called SafePassage that boosts the encryption level of information sent via Web browsers using the SSL security protocol. SafePassage was developed overseas in conjunction with UK Web and thus is not subject to U.S. export law. There is currently no U.S. restriction on imports of encryption technology.

In other product announcements:

  • Sterling Commerce (SE) announced Connect:Conceal, a "key recovery" product that lets users pick from several key management systems. Connect:Conceal helps eliminate the need to attach encrypted session keys to encrypted data, thus reducing the theft of keys, according to the company.

  • France's Schlumberger Electronic Transactions (SLB) said its new SafePak smart card offering will use highly secure, 1,024-bit RSA key technology.