Export ban puts damper on agency efforts

The administration's encryption export ban is hampering federal agencies' efforts to build a secure electronic infrastructure, according to some agency officials and vendors.

Most, if not all, federal agencies have identified the need for strong encryption to carry out future service to the citizen programs, electronic commerce, international communications and correspondence among agencies.

However, secure communication technology has not evolved to where many different solutions and products can interoperate.

Critics said the encryption ban has limited U.S. software producers' involvement in the encryption market. Their absence has stymied the development of interoperable solutions for encrypted communication.

The federal government is managing several pilot programs to test the viability of secure communications for service-to-the-citizen initiatives. But these pilots use proprietary solutions with nothing in place to ensure interoperability.

Critics of the ban said lifting the ban would encourage the encryption industry to invest money in developing more open standards and creating commercial key escrow services. The result would be a range of solutions, usable by government, commercial and private customers.

"In my opinion, in order to make an electronic security infrastructure a truly useful tool, you need to get the businesses in there. I don't think the government has enough to drive it," said George Usher, an encryption specialist with the Federal Security Infrastructure Program (FSIP), formerly known as the Security Infrastructure Program Management Office. "If U.S. vendors can sell their products abroad, they're more likely to invest good chunks of money in it." Usher said he was not speaking for the FSIP.

Support for lifting the export ban coalesced on Capitol Hill recently, when a bipartisan group of senators and representatives introduced the Encryption Communications Privacy Act in order to overturn the administration's ban on exports of encryption products using a maximum key length of 40 bits.

The bill would allow U.S. companies to export strong encryption products of any key bit-length and sell it to non-U.S. customers.

The bill would also prohibit the U.S. government from requiring encryption companies to keep a set of decryption keys in escrow for law enforcement to use in the case of a court-ordered wiretap.

"I think it's going to receive widespread bipartisan support," said Rep. Bob Goodlatte (R-Va.), one of the bill's sponsors. Thirteen Republicans and 11 Democrats are sponsoring the bill in the House, but law enforcement agencies are likely to oppose it.


  • Acquisition
    network monitoring (nmedia/Shutterstock.com)

    How companies should prep for CMMC

    Defense contractors should be getting ready for the Defense Department's impending cybersecurity standard expected to be released this month.

  • Workforce
    Volcanic Tablelands Calif BLM Bishop Field Office employee. April 28, 2010

    BLM begins move out of Washington

    The decision to relocate staff could disrupt key relationships with Congress and OMB and set the stage for a dismantling of the agency, say former employees.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.