Trusted Information Systems Inc. said yesterday that the U.S. government has agreed to let it export the strongest computer encryption systems that have ever been allowed to leave the United States.
The Commerce Department gave permission for the Glenwood-based computer security company to export encryption systems that have mathematical keys of up to 168 "bits" long, a measure of the strength of the coding and the difficulty it will pose to hackers or government officials trying to crack the code.
A bit is the smallest unit of computer information.
The government approved export of Trusted's Gauntlet Internet Firewall, a software product that allows owners of Internet pages to keep their customers out of unauthorized parts of their networks or let owners of private networks bar outsiders altogether.
Also approved was Trusted's RecoverKey product, which is built into the Gauntlet but can also be adapted to other software programs. RecoverKey lets a computer's owner retrieve encrypted files and unscramble them.
"With Gauntlet, you're going to be able to get the strongest crypto you'll ever want and you'll be able to get it on a routine basis, without going through a lot of State Department bureaucracy," Stephen T. Walker, Trusted chief executive, said.
The encryption codes commonly included in popular Internet browsers like Netscape Navigator are only 40 bits long. That encryption is designed to protect credit card numbers and other sensitive information as it passes over the Internet, but privacy advocates and business have wanted much stronger encryption than 40 bits, which Walker said a determined hacker can crack in a couple of weeks.
"The word on the street is that [the National Security Agency] can crack 56-bit in about ten days at a cost of about $500,000," said Cabe Franklin, a public relations consultant representing Trusted. "One-hundred sixty-eight bits is not three times that, but two to the 112th power times that."
It has always been legal to use the most potent encryption systems within the United States, but the federal government has barred export of codes more complicated than 40 bits.
Officials feared strong encryption would be misused by drug traffickers and terrorists, leaving law enforcement and intelligence authorities without the ability to eavesdrop on conspirators even with a wiretap order from a court.
That fear led the Clinton administration to propose the so-called "Clipper Chip" policy, a plan that prompted one of its most contentious disputes with high-technology industries.
Clipper would have put the weight of the government behind technology that used strong encryption, but it also would have required mathematical keys to decode the encryption be registered with government agencies.
The Clinton administration backed away from the Clipper policy in October, announcing that it would allow export of strong cryptographic systems as long as it included file recovery systems such as RecoverKey.
Under Trusted's technology, the mathematical keys to decoding exported encryption systems are held in most cases by the computer's owner, whether an individual or a business.
Pub Date: 12/17/96