The US high-tech industry has come up with another way round the current encryption impasse, whereby companies can only export weak encryption technology and if the wish to use strong encryption the US government will only grant export licenses to software companies employing a backdoor via key recovery so government and law enforcement officials can get at the data. The new proposal isn’t so much technology, more of a protocol and it is only really workable ion networked applications, rather than stored data or encrypted email messages. The group of 13 companies, led by Cisco Systems Inc, has suggested that the government be allowed access to data in much the same way that is currently able to put a wiretap on phones that it suspects are being used for illegal dealings. The so-called operator action model involves routers, firewalls and other gateposts on networks including the ability to access data before it is encrypted, much like the telephone switches of local carriers are the access points used by government wiretappers. The proposal does not involve altering any existing encryption products as the data is not actually encrypted when it is accessed. And the accessing could be done by existing network administrators. The group has offered to restrict sales to certain foreign governments and militaries to comply with US Department of Commerce regulations. Along with Cisco, nine other companies have applied for export approval: Ascend, Bay Networks, 3Com, Hewlett-Packard, Network Associates, Novell, Red Creek Communications, Secure Computing, and Sun Microsystems. There is no indication of how long export approval might take. Intel, Microsoft and Netscape have added their support, but have not, as yet applied for export licenses for operator action-based products. HP says that as leased lines that are normally used for networked application become more expensive, this proposal enables the use of regular public lines and the internet.
