Sybase Inc has been granted permission from the US Department of Commerce to export products outside of existing encryption regulations, prompting hope from the US computer industry that the laws will be relaxed in the future. Sybase will be exporting highly secure 56-bit Data Encryption Standard products based on a key recovery plan that does […]
Sybase Inc has been granted permission from the US Department of Commerce to export products outside of existing encryption regulations, prompting hope from the US computer industry that the laws will be relaxed in the future. Sybase will be exporting highly secure 56-bit Data Encryption Standard products based on a key recovery plan that does not require the use of a third party key recovery agent or require key recovery for encrypted network communications. Existing regulations allow only the exportation of 56-bit DES with a key recovery plan for communications and stored data that orders the use of third-party recovery agents. The Emeryville, California company believes it is the first software company to receive a waiver from the policy, although it isn’t the first to try to get round the regulations. Sun Microsystems Inc denied allegations made earlier in the month that it was trying to skirt the regulations following the exportation of goods from a Russian company of which it owned a 10% stake (CI No 3,166). Netscape Communications Corp got the blessing of the US government to export software above the 40-bit level (CI No 3,152) earlier in the month, coinciding with the establishment of a committee to advise on the effects of the computer encryption policy by the US Commerce Department. Sybase’s product marketing manager in the UK, Richard Harvey said the US government’s decision would enable greater security for software users on the internet. He said: It’s definitely a step towards enabling software companies to develop business driven solutions rather than being straight jacketed down the route of the government. Harvey went on to say that Sybase would be pushing for the right to export 128-bit encryption software in the near future. Three bills seeking to relax the export restrictions are currently pending in the US, and backers hope the Security and Freedom through Encryption Act, the Pro Code Bill and the Encrypted Communications Privacy Act will soon become law. Among the products that Sybase will be exporting under its exemption, are Sybase Adaptive Server 11.5, Sybase SQL Server 11.0 and Jaguar CTS, component transaction server. Sybase’s key recovery mechanism addresses only stored data, use is voluntary and it doesn’t require a third party key recovery agent.