Ten of the 13 companies applied with the U.S. Department of Commerce last week for licenses to export encryption products using the so-called "operator action" technologies. The operator-action alternative to key recovery, or "house key" encryption, uses what is called a "private doorbell" to enable law enforcement agencies to gain access to encrypted information.

House key or key recovery encryption requires users to provide "keys" to encrypted data to law enforcement agencies, which then can unlock the coded data if the need arises. That method is under heavy fire from privacy rights activists and also has impeded exportation of U.S. encryption products to some countries that object to the use of keys. Under the "private doorbell" method, data transmitted over a network is secure and private until law enforcement agencies serve the network operator with a warrant or court order to unlock the information.

The initiative is being led by networking giant Cisco (CSCO) Systems, and has support from Ascend Communications, Bay Networks, 3Com (COMS), Hewlett-Packard (HWP), Intel (INTC), Microsoft (MSFT), Netscape, Network Associates (NETA), Novell (NOVL), RedCreek Communications, Secure Computing (SCUR) and Sun (SUNW). The companies issued a joint statement today regarding what they refer to as "operator-action technologies." Cisco also has produced a white paper on the subject.

A 1996 executive order from U.S. President Bill Clinton established guidelines for exportation of key management infrastructure encryption products, which was followed by an amendment from the Commerce Department's Bureau of Export Administration. The amendment covered key escrow or key recovery products. Since then, debate over exportation of encryption products has focused on key management technologies, but the Cisco paper notes that a less widely known aspect of the department's rule allows that "other recoverable encryption products" may be licensed for exportation.

The companies contend that operator-action technologies, which allow a network operator to provide information to law enforcement agencies that present warrants or court orders, fit that bill. While the alternative isn't perfect, it goes a long way toward appeasing both those who operate electronic-commerce sites and consumers who want to be certain their private information is encrypted as it travels over data networks, according to the companies involved in the operator-action initiative.

"Some customers also have indicated that operator control of encryption flows is a useful feature for network diagnostics and reporting, and for allowing the efficient transmission of nonsensitive data," the Cisco paper said. "Customers in regulated industries, such as banking and securities, also may need to monitor their employees' communications from time to time. Most customers also desire the ability to respond to a court order without exposing all of their data across the Internet or the public switched telephone network."

Law enforcement agencies, notably the Federal Bureau of Investigation, have pushed for strong regulation on U.S. exports of encryption products and for technologies that enable law enforcement to access encrypted data. They argue that terrorists and other miscreants will use encryption to avoid detection, plotting crimes via Internet communications. Moreover, strong encryption is needed to keep criminals from accessing private information such as credit card numbers traveling over data networks during e-commerce transactions, according to law enforcement agencies.

According to the companies and the Cisco white paper, the proposed alternative technologies will satisfy those concerns.

"This doesn't solve all the problems," said Dan Scheinmann, vice president of public affairs for Cisco, in a teleconference Monday. "Not everyone can have everything. But it's a good first step."

The technology will allow network administrators to encrypt documents when they are dispatched by a router, and then unencrypt them when they reach a destination router, which makes the solution viable for corporate users on a network. But the operator-action model does not provide a solution for individual users trying to encrypt from a desktop or laptop, using routers owned by an outside ISP.

"Someone who's part of an enterprise at their desktop, or on their own network, this solution isn't for them," said Kelly Blough, director of government affairs for Network Associates. But the company would lose business and market share to foreign competition if it waited to release a more comprehensive solution, Blough said.