The explosive growth in Internet commerce and other Internet applications has resulted in a heightened demand for strong encryption to secure stored and transmitted data over the Internet. Encryption is a technology that codes and decodes information using a specific mathematical algorithm, so that the encrypted data is incomprehensible to those who are not authorized to see it. The ability to secure information using a variety of strong encryption technologies is vital to the continued growth of the global digital economy.
Current US policy, which was revised in September 1998, permits the export of 56-bit DES products and eliminates requirements for key recovery. Some industries, including insurance and medical, can export products above 56-bit.
The former US export prohibition on encryption products over 40-bit cost otherwise competitive U.S. companies significant global market share and dampened the growth of the US security business.
Cisco advocates a non-cryptographic alternative to key-recovery called "Clear Zone." It is a dynamically created and managed access point that allows the operator of an encrypting device to comply with a legal warrant without giving away a key or weakening overall security. Clear Zone functionality exists in most firewalls, VPN devices and encrypting routers.
Cisco is working to educate government officials and other policy makers concerning the deployment of encryption in data networks and the need to deploy robust encryption to ensure the security of data networks. Cisco is also a member of the Americans for Computer Privacy (ACP), a lobbying organization that is working to pass legislation to liberalize export controls on encryption for American companies.
Thirteen high-tech companies, including Cisco, issued a news release on July 13th endorsing a 'private doorbell' solution to the network encryption stalemate called 'operator action.'
Nine of the 13 companies filed proposals with the U.S. Department of Commerce asking for permission to sell strong encryption products abroad that use operator action technologies.
Under the operator action model, information traveling over a data network remains secure and private unless a network operator is served with a legal warrant or court order.
A Computer Systems Policy Project study estimates that current restrictions on encryption technology will cost 200,000 high-skill, high-wage jobs by the year 2000.
The Department of Commerce announced that foreign competitors from more than 20 countries are selling hundreds of strong (128-bit and above) encryption products.
Click here for Alliance for Network Security (ANS)
To Download Clear Zone paper [.doc, 366 KB]