As Congress, the Clinton administration, the computer industry and privacy advocates battle to define the future of American software encryption policy, one of the nation's largest crypto-companies, RSA Data Security has quietly sealed a licensing deal with one of largest companies in the world, Japanese telecommunications giant Nippon Telegraph and Telephone.
Despite current U.S. laws that forbid the export of encryption codes longer than 40 bits or 512 bits, depending on the type of encryption, RSA was able to circumvent the regulations by using a Japanese subsidiary, Nihon RSA, to develop the technology that NTT plans on using to build chipsets for all types of communications devices.
"NTT will be making a particularly robust chipset," said RSA director of technology marketing Kurt Stammberger. "It's strictly a business relationship between NTT and RSA. We set up a Japanese subsidiary and specifically did not have any technology transfer from the U.S. to Japan. We hired Japanese engineers and cryptographers to do all the work."
And that, Stammberger says, breaks no existing laws. It doesn't even set a precedent, according to David Banisar, policy analyst at the Electronic Privacy Information Center.
"NTT just went forward and did it--they didn't even need RSA technology, but they wanted the name and logo [on their chips]," Banisar said. "Hundreds of software companies have done it. There's even some hardware out there, but the money it takes to start up a hardware product line" is prohibitive.
Money, however, is something NTT has plenty of, and Banisar echoes the warnings of the computer industry and bipartisan members of Congress that the resulting foreign-made encrypted hardware products--from telco equipment to computers to hybrid Internet appliances--could crush U.S. competition on the world market if U.S. companies aren't allowed to export strong encryption technology.
RSA would not disclose the terms of the licensing deal, which allows NTT to use a lower-level "symmetric" algorithm called One RSA and a more powerful "asymmetric" algorithm called DES, but it will certainly give RSA a slice of NTT's revenue from the chipsets. And with NTT's scope, the slice could turn out to be a very large one.
The Clinton administration, meanwhile, is considering shifting the authority to grant licenses for encrypted software from the State Department to the Commerce Department, according to today's Wall Street Journal. The shift is also one of the tenets of the Pro-CODE Senate bill sponsored by Conrad Burns (R-Montana). He and other senators, including Patrick Leahy (D-Vermont) and Alan Simpson (R-Wyoming), want the government to ease encryption export controls and drop its plan to escrow "skeleton" software decryption keys that would allow law enforcement officials quick access to any encoded software program or electronic transmission.
The report cited an administration official, who said the shift would speed up the process by which software vendors are granted export licenses but would not constitute a change in the administration's overall policy toward encryption.
Nevertheless, such a shift could signal a move away from the National Security Agency's grip on export license approval and a growing awareness in White House circles that U.S companies are losing ground.