The US Commerce Department approved an export license Wednesday for an encryption product by V-One Corporation wherein only the owner has access to the keys - a first in the Clinton administration's tightly controlled encryption export policy.
"V-One's key recovery management process puts control of the keys in the customer's hands, providing a commercially acceptable approach while still permitting access by proper legal authorities," William Reinsch, undersecretary of Commerce for export administration, said in a statement.
V-One's SmartGate, software that enables organizations to establish secure communications and transaction channels over public networks like the Internet, uses 56-bit encryption without an option of "third-party" key recovery. This is an exception to the administration's export policy mandating that all exported 56-bit encryption products be accessible to a third party so law enforcement can readily obtain keys to data - a policy criticized by free-market and privacy advocates.
"It appears that the US government has accepted the V-One type of approach as the best compromise they can get," Jim Bidzos, president and CEO of RSA Data Security, said in a statement.
The compromise being that although V-One is getting the go-ahead to send its 56-bit product abroad, more powerful code still cannot be exported.
"Before now our clients had to deal with two versions of our product - the domestic version and the international version. It's a nightmare," James Chen, president and CEO of V-One, told Wired News. V-One has a partnership with MCI, and other clients include banks, Sweden Post, and the National Security Agency.
In January, the Commerce Department approved export licenses to three companies with 56-bit encryption on condition that they provide an option for key recovery. The agency also recently approved 128-bit encryption by Open Market for export with no key escrow, on condition that the product only be used to protect the confidentiality of financial transactions.
