MUMBAI, Jan 17: A recent report on the Defence Research and Development Organisation (DRDO) having issued a "red alert" against US network security software has attracted considerable attention on the internet. At least three online newsletters, apart from those covering India-specific issues, have filed reports warning that the United States export policy on encryption could cripple the US software industry. The National Security Agency of the United States limits most exported products to weak 64-bit encryption.Security software prevent unauthorised access to confidential information on computer networks through technique called encryption. Higher levels of encryption provide greater security to the network and secure data while being transmitted.A prominent American publication house, which runs 25 online newsletters on technology-related issues, has said the development might spur a heated debate at the RSA Data Security Conference which attracts over 50 security majors from across the world. Theconference is scheduled to start on Monday. To side-step stringent US trade regulations, RSA recently opened a subsidiary in Australia to sell strong encryption software internationally. The firm is a leader in the security market with products in almost every major internet software.Apart from techweb.com, another website - slashdot.org - which attracts over a million hits each day, featured a link to the DRDO report. The Gartner group, international authority on Information Technology issues, also carried a report on the subject at infosecuritymag.com. The report said India's Central Vigilance Commissioner had warned all Indian banks and financial institutions to stop using any US-made software. "The move follows recommendations earlier this week from the Centre for Artificial Intelligence unit of India's DRDO," the report said. Various internet groups like the Internet Architecture Board (iab.org) and Internet Engineering Steering Group (ietf.org) have opposed restrictions on encryptionsoftware because "it would make the internet vulnerable".Cryptographic export policies have been in the limelight especially after the US announced the Wassenaar Agreement in December last. The agreement limits international trade of encryption products using more than 56-bit keys, and mass-market products with keys more than 64-bits. Germany, Japan and Britain are also signatories to the agreement. In India, A G Prabhu, executive vice-president, ICICI Bank, said banks and financial institutions could always import security software from countries like Australia and Israel which did not impose such restrictions. ICICI Bank, which was the first to implement internet banking in the country, uses 128-bit encryption software sourced from Verisign. "Banks and bona fide financial institutions are allowed import such software from the US. But there are strict procedures for it," Prabhu said.
