U.S. Allowing Export of More-Secure Data Encryption Systems

Trusted Information Systems has managed to extend the limit on data encryption systems eligible for export.

Even as the United States and other governments struggle to set common policies on international use of information security technology, the Glenwood, Md., firm has won federal approval to export products based on encryption keys that are up to 128 bits in length.

The United States historically limited exports to 40-bit keys, which are far less secure than other encryption systems on the market but have the advantage for law-enforcement and national-security purposes of being easily broken. In a concession to technology advocates last year, the government raised the limit to 56 bits-if the exporters committed to a key recovery system that would allow for after-the-fact investigations.

Trusted Information Systems, with its RecoverKey system, was the first to get general export approval for such advanced encryption techniques as Triple DES (for data encryption standard) and 128-bit RC2 and RC4 (these abbreviations refer to the mathematical algorithms used in scrambling data) with a key recovery component.

The Maryland-based company also offers 56-bit DES encryption with or without key recovery.

"Unlike others who can export 56-bit DES for a short period based on their future plans, we are getting unconditional approvals for exponentially stronger encryption based on a key recovery system that is already operational," said Homayoon Tajalli, executive vice president and general manager, cryptographic products.