E-commerce software maker Open
has received a special government license to export 128-bit encryption in its products.
The company's announcement comes on the same
day that a broad range of business and public-interest organizations have sent a letter to President Clinton to protest the government's new encryption export policy.
Open Market is the fourth company to receive an encryption export license
since the Clinton administration's new export rules took effect January 1.
But it is the first to receive clearance to ship such a high key length.
Key length determines the difficulty in cracking the encrypted data; for
each bit in length, cracking the code becomes twice as hard.
Because the encryption in question is strictly for securing financial data,
the company qualifies for a special license, according to the company's
security consultant Ellen McDermott. Under the terms of the license, Open
Market does not have to implement a key recovery or escrow system that
would allow law enforcement officials armed with a court order to access
"Our getting the license has nothing to do with escrow," said McDermott,
who helps design and develop Open Market's products. "But it's an expensive
loophole to exercise."
The letter sent today to President Clinton protesting the administration's
encryption policy was signed by 16 organizations, including the U.S. Chamber of Commerce, the Center for Democracy and Technology, the Business Software Alliance, and the National Association of Manufacturers.
"As representatives of a broad range of business and public interest
groups, we wanted to convey to you directly our profound disappointment
with the current policy which is essentially being forced upon us," the
letter reads. "Your Administration's encryption policy fails to accommodate
the competitiveness concerns of the sellers of encryption products, the
security concerns of the buyers of such products, or important privacy
The letter is not a direct response to Open Market's license, but it
counters the impression that the technology industry is slowly accepting
the new regulations.
"By promoting the fact that businesses are signing up, [the government]
implies that the business community is embracing this, and that's not
what's happening," said Mark Lewis, communications director for the
Computer & Communications Industry Association, whose president also signed
To receive export approval, Open Market had to sit down and prove to
government officials that the product could not be used to encrypt anything
but specific financial numbers. Such a system would hide sensitive
financial data but still allow investigators to piece together the entire
puzzle of suspicious activity, according to McDermott.
Other companies receiving 56-bit clearance since January 1 are Digital Equipment, Cylink, and Trusted Information Systems. Two more
companies are under consideration, according to Commerce Department undersecretary Bill
Reinsch, who oversees the department's Bureau of Export Administration.