The Wall Street Journal, Sept 27, 1995 Hewlett Lobbies for Its Encryption Plan That Would Satisfy Tough Export Rules By Don Clark Hewlett-Packard Co. is pushing an unusual plan to protect electronic transactions around the world without running afoul of U.S. export laws. The Palo Alto, Calif., computer maker said it has been lobbying government agencies for more than a year to gain support for its proposal, which uses a data-scrambling technology to protect transactions from tampering or theft of data. Strong encryption technologies ordinarily fall under tough export rules that limit technologies which could impede U.S. wire-tapping capabilities, a source of continuing friction between the government and high-technology companies. H-P, in a plan developed with the French company Gemplus SCA, wants to split the code-making technologies into two pieces that would be approved under different government standards. One device, which could fit in a standard computer, would contain a basic encryption capability that is designed to be broadly exported without the need to seek a separate export license for each foreign user. Would Help Industry That device, dubbed an encryption engine, would be useless without the addition of another tiny piece of hardware that contains a code-making formula set at a specific strength. The second device, called a policy card, would be separately reviewed by the U.S. State Department for each customer. Government agencies, including codebreakers at the National Security Agency, would still have a say over the strength of encryption exports. But customers could build commercial applications around the proposed encryption engine, knowing that it will work with any code-making formula that governments might adopt in the future. Now they run the risk that their work will become obsolete amid policy changes in Washington, D.C., and other countries. State Department officials weren't immediately available for comment. Stewart Baker, a former NSA general counsel who now practices law in Washington, D.C., termed the H-P plan a clever answer to the problem of shifting government policy. "There was a lot of skepticism when H-P first proposed it," said Lynn McNulty, a former encryption specialist at the National Institute of Standards and Technology. "But it looks to me that they are well on the way to the next step." H-P Confident of Approval Doug McGowan, an H-P manager involved with the project, said he expects to receive U.S. approval by next year to begin shipping the encryption engine freely to Western Europe and Canada. "We believe we will receive relaxed export controls," he said. H-P's plan fits some of the NSA's objectives. For one thing, its technology embeds encryption technology in microchips that can't easily be modified by computer hackers or terrorists. H-P's policy cards also could be adapted for a controversial Clinton administration proposal called key escrow, in which mathematical keys to break codes could be stored for later use by law enforcement or intelligence agencies, Mr. McGowan said. The plan complements a parallel H-P effort to develop a new generation of "smart" data cards to let consumers buy goods and services around the world electronically. Gemplus, a huge supplier of credit and debit cards in Europe, is supplying technology to that effort along with Informix Corp., a database software maker in Menlo Park, Calif. Jeff Hudson, an Informix vice president, said the partners' proposed cards could store money and a database worth of personal information, such as medical records. That approach could eliminate the need to connect to multiple companies or agencies to manage such information, since it would be stored on each card, the companies said. [End]