Export ban puts damper on agency efforts

The administration's encryption export ban is hampering federal agencies' efforts to build a secure electronic infrastructure, according to some agency officials and vendors.

Most, if not all, federal agencies have identified the need for strong encryption to carry out future service to the citizen programs, electronic commerce, international communications and correspondence among agencies.

However, secure communication technology has not evolved to where many different solutions and products can interoperate.

Critics said the encryption ban has limited U.S. software producers' involvement in the encryption market. Their absence has stymied the development of interoperable solutions for encrypted communication.

The federal government is managing several pilot programs to test the viability of secure communications for service-to-the-citizen initiatives. But these pilots use proprietary solutions with nothing in place to ensure interoperability.

Critics of the ban said lifting the ban would encourage the encryption industry to invest money in developing more open standards and creating commercial key escrow services. The result would be a range of solutions, usable by government, commercial and private customers.

"In my opinion, in order to make an electronic security infrastructure a truly useful tool, you need to get the businesses in there. I don't think the government has enough to drive it," said George Usher, an encryption specialist with the Federal Security Infrastructure Program (FSIP), formerly known as the Security Infrastructure Program Management Office. "If U.S. vendors can sell their products abroad, they're more likely to invest good chunks of money in it." Usher said he was not speaking for the FSIP.

Support for lifting the export ban coalesced on Capitol Hill recently, when a bipartisan group of senators and representatives introduced the Encryption Communications Privacy Act in order to overturn the administration's ban on exports of encryption products using a maximum key length of 40 bits.

The bill would allow U.S. companies to export strong encryption products of any key bit-length and sell it to non-U.S. customers.

The bill would also prohibit the U.S. government from requiring encryption companies to keep a set of decryption keys in escrow for law enforcement to use in the case of a court-ordered wiretap.

"I think it's going to receive widespread bipartisan support," said Rep. Bob Goodlatte (R-Va.), one of the bill's sponsors. Thirteen Republicans and 11 Democrats are sponsoring the bill in the House, but law enforcement agencies are likely to oppose it.

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.