[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Horns@t-online.de: OECD-Paper "Reglementierung der Kryptographie"]

-----Forwarded message from "Axel H. Horns" <Horns@t-online.de>-----

Return-Path: <owner-krypto@odb.rhein-main.de>
Organization: Private Site
To: krypto@rhein-main.de
Date: Thu, 13 Mar 1997 23:42:09 +0100


                It turned out to be a copy -- stamped
                "Restricted" -- of the crypto-policy
                guidelines from the influential
                Organisation for Economic
                Co-operation and Development. The
                United States has demanded that the
                Paris-based OECD endorse key
                escrow, or government access to the
                secret keys used to encode files and
                communications. Would the OECD be
                swayed by arguments from the
                Department of Justice, or would it stand
                firm on privacy principles? Nobody
                knew. The guidelines had been secret --
                until now. 

                     The document revealed that the feds
                didn't get what they wanted. "The
                fundamental rights of individuals to
                privacy, including secrecy of
                communications and protection of
                personal data, should be respected in
                national cryptographic policies," it said. 

                     Instead of prescribing crypto-laws
                and regulations, the draft guidelines left
                the hairy details up to individual
                countries: "National cryptographic
                policies may allow lawful access to
                plaintext, or cryptographic keys, of
                encrypted data... Governments should
                cooperate to coordinate cryptography

                     I went looking for Marc Rotenberg,
                the head of the Electronic Privacy
                Information Center, who won EFF's
                Pioneer Award last night. (Julf
                Helsingius, former operator of
                anon.penet.fi, won the other award.)
                "The U.S. failed at the OECD,"
                Rotenberg told me. "They failed to get
                international support for key escrow." 

                     The OECD guidelines, which will be
                published on March 27, come at a time
                when countries are engaging in a sort of
                joint head-scratching over what kind of
                crypto-laws to pass. Should they attract
                international firms and investors with
                deregulatory laws, or will that approach
                hinder wiretapping and domestic
                surveillance? France and Russia ban
                unapproved encryption, and the U.S.
                tightly controls exports. But what should
                Germany, the U.K., Canada and every
                other country do? "Most countries have
                not fully developed their policies yet," a
                Canadian representative to the OECD

                     The U.S. is hoping to change this.
                "The international domain is key,"
                Associate Deputy Attorney General
                Michael Vatis said yesterday. "All
                governments are concerned about the
                impact of unbreakable encryption on
                national security." Vatis, however, also
                is concerned about legislation recently
                reintroduced in the U.S. Congress that
                would lift export controls on crypto -- an
                idea that's anathema to the Department
                of Justice. 

                     The bills, which are scheduled for
                hearings next week, grew out of a
                growing consensus that U.S. rules are
                fatally flawed. American businesses
                have contended for years that overseas
                competitors aren't hindered by
                restrictive laws and are free to sell
                strong encryption around the globe.
                Executives have told Congress that
                current regulations cost U.S. industry
                millions. They point to RSA Data
                Security's decision to license its patents
                to NTT, a Japanese firm. They warn that
                European or Asian software makers
                may drive U.S. firms off the encryption
                playing field forever. 

                     President Clinton responded by
                appointing a crypto-ambassador to
                lobby foreign governments to comply
                with U.S. rules and move toward a
                global framework requiring key escrow.
                If successful, the move would nullify the
                industry's argument; after all, foreign
                firms would be equally hobbled. 

                     Yet is crypto really necessary? David
                Brin, science fiction author and arrogant,
                irascible futurist, spent an hour railing
                against cypherpunks, privacy advocates
                and conventional Net wisdom in a
                luncheon address called "The Case
                Against Privacy." 

                    "Accountability has always been a
                greater friend of freedom than privacy,"
                he said. "Why do we instinctively reach
                for solutions that reduce the flow of

                     Netizens, he argued, should embrace
                technologies that provide more
                information, not less. Imagine miniature
                cameras on street corners -- eliminating
                privacy, but ensuring safety. Says Brin:
                "Rest assured, the cameras are

-----End of forwarded message-----

Thomas Roessler  74a353cc0b19  We did it.  http://home.pages.de/~roessler/