The US Commerce Department will allow a coalition of 10 technology firms to export strong data-scrambling products with a technology that also gives authorities access to scrambled communications.
One observer said the technology at the heart of Monday's announcement is a red herring, but a spokesman for one of the technology companies was enthusiastic.
"This decision represents a tremendous effort on the part of government and industry to modernize our export policy on encryption," said Dave House, president of Northerly Networks. "[It] will allow us to increase our exports of products containing strong encryption, which is good for the US economy and good for US jobs."
The coalition -- which also includes Cisco Systems, Bay Networks, 3Com, and Network Associates -- built its newly vetted security products atop a new key recovery system known as "private doorbell." The group, known as the Alliance for Network Security, first introduced the technology in July.
Key recovery systems grant law enforcement officials access to scrambled communications when they ask for it, with a court order, as part of an investigation. The Commerce Department requires such back doors for all strong crypto products that are exported.
The private doorbell is designed to provide access to plain text information at the router level, before data is encrypted.
But the idea may not be anything new at all, according to cryptographer Bruce Schneier.
"This is a reasonably clever policy hack," said Schneier, who is president of Counterpane Systems. "By definition, you have access to plaintext in routers ... so without making any changes, [the coalition] managed to get in under letter of ruling."
Schneier said private doorbell makes no modifications to the routers and does not involve any special key-collection features or additional key-management infrastructure. By definition, encrypting routers have an unencrypted side and an encrypted side. Thus, the private doorbell is not a new technology at all.
"The FBI gets what it asked for, and it already can produce a warrant and wiretap an Internet service provider," said Schneier.
With private doorbell, if a user chose to send an encrypted message, he could still use PGP or another desktop encryption product to scramble the message.
The message would then be encrypted twice -- once at the desktop and once again by the router. So, while law enforcement could decrypt the encryption at the router, it would still have to find a way to descramble the PGP cipher -- an impossible task, even with the help of considerable computing power.
Private doorbell supporters argued that client-side encryption products are not their problem, said Schneier.
Schneier is the creator of the TwoFish encryption plan that the National Institute for Standards and Technology is considering as the basis for the US government's next standard crypto algorithm.
In July, the Alliance for Network Security asked the Commerce Department for the approval of export licenses on products with the private doorbells.
The coalition includes Cisco Systems (CSCO), Ascend Communications (ASND), Bay Networks, 3Com (COMS), Hewlett-Packard, (HWP), Network Associates, Novell (NOVL), Red Creek Communications, Secure Computing (SCUR), and Sun Microsystems (SUNW).
Other prominent members of the Alliance, including Microsoft, Intel, and Netscape, were left out of Monday's announcement.
