View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
September 16, 1998


By CBR Staff Writer

As a result of an interagency effort, US government export controls on encryption products are to be eased. Under new proposals issued yesterday, international subsidiaries of US companies, insurance firms, health and medical businesses and online merchants may now be granted permission by the Department of Commerce for exports of software containing the 56-bit Data Encryption Standard (DES) to countries with NATO membership. Until now such organizations have been forced to use weaker 40- bit encryption. Unfortunately for them, 56-bit encryption isn’t all that much more secure. In July, San Francisco’s Electronic Frontier Foundation (EFF) cracked a DES-encrypted message in 56 hours with purpose-built hardware. It was no great trick, either. The EFF undertook the task more as proof of concept and a slap in the face to the FBI than because the project held any particular technical challenge (CI No 3,455). The government is now working on replacing DES with an Advanced Encryption Standard (AES). This announcement essentially tells American multinationals and their overseas customers that while 56-bit encryption is not good enough for the US government, it’s good enough for them. To no one’s particular surprise, the US’s position on exporting encryption has provided a windfall for software vendors based outside the US like Dublin, Ireland’s Baltimore Technologies, which is quite happy to sell its 128-bit encryption to customers anywhere in the world. Some no doubt will say today’s liberalization is inadequate, and some may say we have gone too far, said US secretary of commerce William Daley. He was right on the first count, at least. Phil Zimmerman, the author of Pretty Good Privacy (PGP), told Wired: This is a day late and a dollar short. Daley added, however, that he was confident that progress would continue. Last night eleven high-tech companies, including Cisco Systems Inc, 3 Com Corp, Hewlett-Packard Co, Intel Corp, Netscape Communications Corp, Novell Inc and Sun Microsystems Inc issued a statement applauding the move. While today’s announcement does not constitute government approval on the pending proposals, we look forward to a prompt decision.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.