UK wants US encryption exported now

UK Internet encryption experts speak with one voice when it comes to US procrastination over export: this can't go on.

Why in the land of the free and where big business is the only king would you stop a key enabling technology of electronic commerce?

"The first problem is there is a deep suspicion in corporate circles as to the reason behind these export regulations," says Paul Robinson, editor of Secure Computing, a specialist UK-based magazine.

"We know why they were put in place but a lot of the reasoning is not applicable. There is no Cold War and the argument about drug traffickers is over - these people can get easy access to encryption anyway. The problem is at the corporate level where you can't take a maverick approach to the laws of companies in countries you're working with. It isn't just a problem for us in the UK and Europe. Anyone operating in the global marketplace is hamstrung by this."

A similar tune is played by Peter Cox, European managing director of London-based Internet SmartWare, which claims to have been the first UK company authorised to use 56-bit DES encryption, and includes financial, manufacturing and communications companies on its client roster.

"It's a ridiculous situation," says Cox. "It's slowing down the introduction of electronic commerce systems and hurting everybody. The government has no right to read your post - why should electronic commerce be different?"

Cox says that having 56-bit encryption has helped but says his company is crying out for the rights to longer 128-bit keys: "We want electronic commerce to be on the same footing as everything else. At the moment we're ahead of the game and able to show a clear roadmap but if we don't get [128-bit] soon we'll start losing business."

While both Robinson and Cox are frustrated with the slow progress of encryption export, they remain relatively sanguine that common sense will prevail.

"There has already been a significant relaxing; we're climbing up the encryption ladder," says Secure Computing's Robinson. "Exactly where it will go nobody knows, but my own feeling is it will continue to relax because of the pressure of US organisations. The encryption laws hark back to the Bush administration and a political world which is very different to the current one. The UK is way behind the US in electronic commerce anyway so we haven't been particularly hurt. If we had stayed at 40-bit you might have seen an independent European move but now I think the pressure will make sure US encryption is exported."

Cox agrees. "The UK will follow whatever the US does. I think it will relax. There's so much pressure from financial and software companies in the US to use cryptography and from companies like us who sell the stuff. We've just got some noise to work through."