IBM chairman and CEO Lou Gerstner has taken an outspoken stance on encryption exports. He recently called on corporate US to shoulder its share of the burden and bolster its internal security. IDG's Laura DiDio interviewed Gerstner on current US encryption policyIDG: Can you give us some details on IBM's security initiatives in terms of your various products?
Gerstner: We're putting security features into all relevant IBM products such as in Secure Electronic Transactions (SET) and banking transactions, and we're also embedding security in our basic server operating systems. IBM is also working on other broader schemes like key-recovery technology.
What are you doing with regard to security services?
We've built a significant security consulting practice within our Global Services company. They help customers forge strategies to deal with everything from ethical hackers to implementing security policies and procedures. There's no sense in having a great big vault in which the door is open all the time.
What's IBM's stance on the ban on exporting 128-bit key encryption?
I believe the US Government should change its policy from controlling the export of encryption to encouraging the wide use of encryption around the world. I'm in favour of eliminating controls of encryption exports. If government needs to have certain control, I would argue those controls ought to be on location and purpose and not on technology levels.
It's crazy to put restrictions on levels of technology. We grow out of them so quickly that the apparatus of government can't keep up. We're basically going to face the inability to export entry-level workstations in a year. Instead, the government ought to identify places and uses where we don't want technology to go and enforce that.
How do you compare US security initiatives with those of other nations?
They are now full players at the table and come with, in some cases, very different viewpoints, so I think it's going to be more complicated to bring about a global solution.