Code Words

It just got a little easier for American computer companies to sell secret codes. A July 17 agreement between the Bush administration and the Software Publishers Association loosens export controls on a burgeoning technology: cryptography, the ciphering (encryption) and deciphering (decryption) of messages in code.

Cryptography already has thousands of uses, from four-digit personal identification numbers for automatic teller machines to complicated strings of code that financial institutions use to transmit money over telephone lines. And the Software Publishers Association estimates that annual sales of encryption software could top $5 billion within five years.

Before the July agreement, the National Security Agency used 40-year-old regulations, which defined cryptography as a weapon, to effectively prohibit any American company from exporting hardware or software that used cryptography. Under those regulations, the NSA has prohibited the export of antivirus software and commonly available computer programs. Since American firms get more than half their sales from foreign customers, the NSA's controls shut a state-of-the-art industry out of profitable markets.

After last year's Soviet collapse, U.S. allies revoked their own bans on cryptography exports. But the NSA, citing national security concerns, continued to review (and routinely deny) export requests from American firms.

After Rep. Mel Levine (D–Calif.) introduced legislation that would have allowed the export of any commercially available encryption programs, the NSA agreed to a compromise. It approved two encryption codes licensed by RSA Data Security, a Redwood City, California, firm. Any company that wants to export other codes still has to get permission from the NSA. Industry officials can also meet with the NSA twice a year to request more-liberal export policies.