Interagency panel backs away from proprietary security policy

In a move seen as inevitable, the Clinton administration has dropped its demands for a proprietary federal encryption policy and has proposed allowing agencies greater latitude in choosing off-the-shelf solutions from industry.

The proposal was made by an interagency working group co-chaired by the National Security Council and the Office of Management and Budget. Called "Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure," the proposal also suggests that agencies should be able to use a wider range of commercial encryption software than they can today.

"Government can no longer monopolize the state-of-the-art cryptography," according to the proposal. "It is unrealistic to believe that government can produce solutions which keep ahead of today's rapidly changing information technology."

Previously, the administration supported a plan whereby the U.S. government would keep a record of all private encryption keys for law enforcement purposes and would mandate the encryption software to be used. But under the new policy, users could choose their encryption software and keep a set of keys in escrow with a trusted third party rather than the government.

The administration's proposal recommends that the government collaborate with industry to develop a new Federal Information Processing Standard specifying which algorithms and protocols for encryption, key exchange and digital signature functions agencies can use.

The current FIPS is considered out-of-step with industry trends.

"It does look like...there's a real commitment" to allow agencies to use a wider range of encryption products, said one industry source, who asked not to be named. "Once it's set in stone that there is a FIPS, [agencies] won't have to keep waiting and waiting, trying to figure out what they will implement."

Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.