But in claiming to steal a lead over some of its business intelligence rivals that require customers to purchase and install separate encryption products, the company has unwittingly reignited the debate over the international transfer of encryption technologies.
Encryption is a technology that prevents non-authorized parties from reading or changing data by translating it into secret code that can only be unscrambled using a unique key or password.
The level of protection is governed by the encryption algorithm – based on the number of bits used to encrypt data. Standard encryption is typically 56-bit. 128-bit encryption is the highest encryption level currently available and is often referred to as strong encryption and is considered unbreakable.
In addition to the RSA support, Business Objects has also added support for Kerberos network authentication protocols that were developed by the Project Athena team at MIT.
Business Objects claims its embedded RSA 128-bit support gives it a significant jump over rival Cognos Inc, which it says provides lower encryption levels as standard and only offers strong encryption as a chargeable add-on.
Rene Bonvanie, chief marketing officer at Business Objects, stoked the fire by saying in a press statement, With our 128-bit encryption as the standard level in XI, our platform is 4.7 sextillion times more secure than Cognos which only provides 56-bit encryption out of the box.
Cognos officials quickly refuted the claim saying that it has offered robust 128-bit encryption in products like ReportNet for some time, but acknowledge it is shipped an add-on capability rather than part of a shrink-wrapped product.
We offer 56-bit symmetric encryption as a standard while the strong encryption option costs $7k as a separate, one-time purchase, a Cognos spokesman in Ottawa, Canada told ComputerWire yesterday.
We’ve offered strong encryption as an option for more than 20 months now and we’re just letting customers decide if they want it. So in fact its Business Objects that’s playing catch up, he added.
James Thomas, director of product marketing at Business Objects, confirmed with ComputerWire that Business Object previously offered only 56-bit support out of the box and had largely left customers to their own devices if they wanted to implement a more sophisticated level of security.
This has now changed. RSA 128-bit is now the new standard that’s embedded in all services across the XI platform.
While stressing there was no technical barrier to bundling in 128-encrytion into its products right now, Cognos’ spokesman points out that since Cognos’ software is manufactured and shipped in Canada it is subject to local government regulations.
Canadian government mandates require that any strong encryption technology be shipped as a separate product. That’s why we’ve put a separate SKU on it.
Thomas however doesn’t completely buy Cognos’ argument, saying We’re talking about encryption within an application platform…not communicating outside of the system, for example through the Internet and external Web services applications, which most regulations are concerned with.
We don’t force customers to use our encryption outside of our system…they can use other technologies like SSL [Secure Sockets Layer] if they wish, Thomas said.
Thomas believes that Business Objects is not in violation of any US or French regulations – the company maintains dual headquarters in Paris, France and San Jose, California.
Indeed US regulations on how much encryption strength can be shrink-wrapped into products and sold across borders if far from concrete. Generally the US has a tendency to treat strong encryption technology in the same was as it treats munitions exports. Hence software firms have to tread carefully when selling the technology outside of the US without ending up behind bars.
Since 2000, however, encryption export restrictions have been relaxed in both the US and France after their respective governments sat up and took notice of the damaging effects the legislation was having on their economies by forcing local vendors to go offshore for encryption requirements.
France replaced the regulations with more funding for police efforts to counter encryption threats while the US now allows the technology to be exported to non-government entities and commercial government-owned entities (expect those that product munitions) except in countries it deems high-risk. These include Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan and Syria.served.
