Feds OK 128-bit crypto amid protests

Open Market played by the rules and got the OK, but other industry players are not going along with the government's encryption export policy.

CNET News staff
2 min read
E-commerce software maker Open Market (OMKT) has received a special government license to export 128-bit encryption in its products.

The company's announcement comes on the same day that a broad range of business and public-interest organizations have sent a letter to President Clinton to protest the government's new encryption export policy.

Open Market is the fourth company to receive an encryption export license since the Clinton administration's new export rules took effect January 1. But it is the first to receive clearance to ship such a high key length. Key length determines the difficulty in cracking the encrypted data; for each bit in length, cracking the code becomes twice as hard.

Because the encryption in question is strictly for securing financial data, the company qualifies for a special license, according to the company's security consultant Ellen McDermott. Under the terms of the license, Open Market does not have to implement a key recovery or escrow system that would allow law enforcement officials armed with a court order to access encrypted data.

"Our getting the license has nothing to do with escrow," said McDermott, who helps design and develop Open Market's products. "But it's an expensive loophole to exercise."

The letter sent today to President Clinton protesting the administration's encryption policy was signed by 16 organizations, including the U.S. Chamber of Commerce, the Center for Democracy and Technology, the Business Software Alliance, and the National Association of Manufacturers.

"As representatives of a broad range of business and public interest groups, we wanted to convey to you directly our profound disappointment with the current policy which is essentially being forced upon us," the letter reads. "Your Administration's encryption policy fails to accommodate the competitiveness concerns of the sellers of encryption products, the security concerns of the buyers of such products, or important privacy rights."

The letter is not a direct response to Open Market's license, but it counters the impression that the technology industry is slowly accepting the new regulations.

"By promoting the fact that businesses are signing up, [the government] implies that the business community is embracing this, and that's not what's happening," said Mark Lewis, communications director for the Computer & Communications Industry Association, whose president also signed the letter.

To receive export approval, Open Market had to sit down and prove to government officials that the product could not be used to encrypt anything but specific financial numbers. Such a system would hide sensitive financial data but still allow investigators to piece together the entire puzzle of suspicious activity, according to McDermott.

Other companies receiving 56-bit clearance since January 1 are Digital Equipment, Cylink, and Trusted Information Systems. Two more companies are under consideration, according to Commerce Department undersecretary Bill Reinsch, who oversees the department's Bureau of Export Administration.