Just days after a U.S. graduate student cracked the most powerful computer encryption system allowed out of the country, the Commerce Department announced it would allow three companies to export an even stronger system. Until this year, computer encryption programs, which scramble information and render it unreadable without a password or software "key," were classified as munitions and stronger programs could not be exported. But under a controversial new Clinton administration policy that took effect Jan. 1, companies may receive permission to export stronger programs. "I'm happy that we've been able to do this within the first month without rancor or difficulty," Under Secretary of Commerce for Export Administration William Reinsch told Reuters in a telephone interview. To export stronger programs immediately, companies must agree to incorporate features within two years allowing the government to decode encrypted messages by recovering the software keys, however. The administration's policy has been widely criticized as not relaxing the export limits enough and some companies feared the requirement for a two-year plan would substantially delay export approvals. The quick approvals should quell some of the criticism and encourage more applicants, Reinsch said. "As a result of this, you will have more companies taking it seriously and we will expect more plans over the next couple of months," he said. Encryption was once the realm of spies and generals. But with the explosion of online commerce on the Internet, encryption has become a vital tool for protecting everything from a business' email message to a consumer's credit card number sent over the net. The amount of protection afforded by encryption is largely a function of the length of the software key measured in bits, the smallest unit of computer data. Companies said products with just 40-bit long keys, the old limit, were too easy to crack. The approvals came just days after Ian Goldberg, a graduate student at the University of California, cracked a message encoded with a software key 40-bits long. The government did not name the companies given permission to export stronger, 56-bit programs, but Glenwood, Md.,-based Trusted Information Systems acknowledged that it was one of the three.