Export ban puts damper on agency efforts

The administration's encryption export ban is hampering federal agencies' efforts to build a secure electronic infrastructure, according to some agency officials and vendors.

Most, if not all, federal agencies have identified the need for strong encryption to carry out future service to the citizen programs, electronic commerce, international communications and correspondence among agencies.

However, secure communication technology has not evolved to where many different solutions and products can interoperate.

Critics said the encryption ban has limited U.S. software producers' involvement in the encryption market. Their absence has stymied the development of interoperable solutions for encrypted communication.

The federal government is managing several pilot programs to test the viability of secure communications for service-to-the-citizen initiatives. But these pilots use proprietary solutions with nothing in place to ensure interoperability.

Critics of the ban said lifting the ban would encourage the encryption industry to invest money in developing more open standards and creating commercial key escrow services. The result would be a range of solutions, usable by government, commercial and private customers.

"In my opinion, in order to make an electronic security infrastructure a truly useful tool, you need to get the businesses in there. I don't think the government has enough to drive it," said George Usher, an encryption specialist with the Federal Security Infrastructure Program (FSIP), formerly known as the Security Infrastructure Program Management Office. "If U.S. vendors can sell their products abroad, they're more likely to invest good chunks of money in it." Usher said he was not speaking for the FSIP.

Support for lifting the export ban coalesced on Capitol Hill recently, when a bipartisan group of senators and representatives introduced the Encryption Communications Privacy Act in order to overturn the administration's ban on exports of encryption products using a maximum key length of 40 bits.

The bill would allow U.S. companies to export strong encryption products of any key bit-length and sell it to non-U.S. customers.

The bill would also prohibit the U.S. government from requiring encryption companies to keep a set of decryption keys in escrow for law enforcement to use in the case of a court-ordered wiretap.

"I think it's going to receive widespread bipartisan support," said Rep. Bob Goodlatte (R-Va.), one of the bill's sponsors. Thirteen Republicans and 11 Democrats are sponsoring the bill in the House, but law enforcement agencies are likely to oppose it.

Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.