U.S. Relaxes Encryption Exports
WASHINGTON — In an unusual relaxation of the Clinton administration’s hard line against the export of data-scrambling technology, Hewlett-Packard Co. on Friday was granted a government license to export such technology to five countries.
The Commerce Department said Hewlett-Packard could sell an industrial-strength version of its VerSecure encryption system in Britain, Germany, France, Denmark and Australia. The technology is normally used to keep financial transactions secure over computer links and the Internet. Hewlett-Packard executives said they expect more countries to be added to the list over the next few months.
The approval marks a significant step forward in the computer industry’s efforts to promote online shopping and electronic commerce. Forrester Research and the Yankee Group recently predicted that the value of goods and services traded over the Internet will grow from an estimated $7 billion to $8 billion to as much as $327 billion in 2002.
Stronger encryption technology makes it more difficult for hackers and other unauthorized users to intercept and use credit card numbers, financial data and other information transmitted in cyberspace.
“We think it’s a breakthrough,” said Doug McGowan, director of the Hewlett-Packard VerSecure unit. “I think this will help the entire computer industry grow [the field of] electronic commerce.”
Encryption employs mathematical algorithms to scramble data so that it cannot be read by unauthorized persons. Legitimate users generally have access to a “key” enabling them to unscramble the data. The longer the code, the harder it is to break.
VerSecure’s technology is built around 128-bit algorithms, meaning its encryption codes are 128 binary digits long. Encryption experts say the codes are so strong it would take an unauthorized user years to break them using the most powerful computers on earth.
Hewlett-Packard officials said they are the first U.S. company to be given a license to export encryption products stronger than 40 bits without also offering a so-called key recovery system, or an electronic backdoor for third parties to crack the encryption code if requested to do so by law enforcement.
The Clinton administration has argued that exporting strong encryption could compromise national security and fuel computer crime by giving criminals powerful scrambling technology that could hide their actions from law enforcement officials.
The White House has been backing legislation that would require all encryption technology exported from the U.S. to include a key recovery system to help law enforcement officials track computer criminals.
Computer industry officials and some lawmakers contend that hardware and software developers overseas are free to make and export strong encryption on their own, putting U.S. firms at a competitive disadvantage.