ROI that's difficult to compute

The return on investment (ROI) in new cryptographic technologies is difficult to calculate, which is why security experts typically try to dodge questions about it. In the federal government, for example, statutes and regulations, not ROI, have driven recent spending on encryption and public-key systems.

Although federal officials rarely calculate a financial loss value for government information that is misused, they do consider costs when buying cryptographic technologies.

Like antivirus software prices, cryptographic software prices are based on the number of users whose information needs to be protected, said Jon Callas, PGP Corp.'s chief technology officer. For PGP Universal, the company's new server-based encryption management system, federal agencies can expect to spend between $1 million and $1.5 million for 50,000 users.