Export ban puts damper on agency efforts

The administration's encryption export ban is hampering federal agencies' efforts to build a secure electronic infrastructure, according to some agency officials and vendors.

Most, if not all, federal agencies have identified the need for strong encryption to carry out future service to the citizen programs, electronic commerce, international communications and correspondence among agencies.

However, secure communication technology has not evolved to where many different solutions and products can interoperate.

Critics said the encryption ban has limited U.S. software producers' involvement in the encryption market. Their absence has stymied the development of interoperable solutions for encrypted communication.

The federal government is managing several pilot programs to test the viability of secure communications for service-to-the-citizen initiatives. But these pilots use proprietary solutions with nothing in place to ensure interoperability.

Critics of the ban said lifting the ban would encourage the encryption industry to invest money in developing more open standards and creating commercial key escrow services. The result would be a range of solutions, usable by government, commercial and private customers.

"In my opinion, in order to make an electronic security infrastructure a truly useful tool, you need to get the businesses in there. I don't think the government has enough to drive it," said George Usher, an encryption specialist with the Federal Security Infrastructure Program (FSIP), formerly known as the Security Infrastructure Program Management Office. "If U.S. vendors can sell their products abroad, they're more likely to invest good chunks of money in it." Usher said he was not speaking for the FSIP.

Support for lifting the export ban coalesced on Capitol Hill recently, when a bipartisan group of senators and representatives introduced the Encryption Communications Privacy Act in order to overturn the administration's ban on exports of encryption products using a maximum key length of 40 bits.

The bill would allow U.S. companies to export strong encryption products of any key bit-length and sell it to non-U.S. customers.

The bill would also prohibit the U.S. government from requiring encryption companies to keep a set of decryption keys in escrow for law enforcement to use in the case of a court-ordered wiretap.

"I think it's going to receive widespread bipartisan support," said Rep. Bob Goodlatte (R-Va.), one of the bill's sponsors. Thirteen Republicans and 11 Democrats are sponsoring the bill in the House, but law enforcement agencies are likely to oppose it.