[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: They're Back: OECD and Crypto, Round II!

To: "Mailingliste FITUG-debate" <debate@fitug.de>
Subject: Fwd: They're Back: OECD and Crypto, Round II!
From: "Gunnar Anzinger" <anzinger@guug.de>
Date: Fri, 30 May 97 16:43:38 +0200
Comment: This message comes from the debate mailing list.
Priority: Normal
Reply-To: "Gunnar Anzinger" <anzinger@guug.de>
Sender: owner-debate@fitug.de
==================BEGIN FORWARDED MESSAGE==================

>From: "K. N. Cukier" <100736.3602@CompuServe.COM>
>To: Fight Censorship <FIGHT-CENSORSHIP@vorlon.mit.edu>
>Subject: They're Back: OECD and Crypto, Round II!
>Message-Id: <970529234842_100736.3602_EHV36-1@CompuServe.COM>
>Date: 29 May 97 19:48:42 EDT


As the 29-member OECD wrapped up their two-day annual ministerial meeting on
Tuesday, point 17 of the final communique that deals with cryptography is
especially noteworthy due to the political machinations involved with drafting
it, as an obtained copy of the confidential draft communique reveals.

In short: the US is driving the OECD to continue working on crypto, but this
time with non-OECD member countries.

The final communique reads:

"17. Information and communication technologies are fundamental driving forces
in globalisation. The information society promises economic and social benefits
for all our citizens, companies and governments. Ministers endorsed the
recommendations of the Global Information Infrastructure/Global Information
Society report. They welcomed the OECD cryptography guidelines as an important
contribution to international co-operation in this area and called on the OECD
to review developments and to launch dialogue with non-members as soon as
possible. The stakes and challenges ahead are enormous. Ministers noted the
great potential of electronic commerce. They asked the OECD to examine carefully
its implications for areas such as taxation, commercial transactions, consumer
protection, privacy and security, so that these issues can be addressed within a
coherent policy framework; ministers further asked for an update report in
1998."

There's quite a few landmines here. The most significant is that the wording:
"and called on the OECD to review developments and to launch dialogue with
non-members as soon as possible" was included on the request of the United
States delegation. That's Uncle Sam (or Aunt Dorothy) speaking. The notations in
the draft communique makes this clear. (The relevant section of the draft
communique appears at the bottom of this message.)

Interestingly, the US didn't get everything it asked for. Their original wording
used "review implementation" rather than the term "developments," which appeared
in the final version. This might be revealing, and an important setback for the
US, since the two are not at all the same thing. The guidelines were meant to
guide, so considering the "implementation" is inappropriate, there was nothing
to actually implement. By substituting a neutral word, OECD countries seem to be
resisting the US's move.

But the communique begs many questions. For instance, what sort of
"developments" will they focus on? Will it be crypto for responsible e-commerce
issues concerning digital certificates, or all the hungry terrorists, child
pornographers, tax evaders and Mafia thugs seeking out the best algorithms?

And what of launching "dialogue with non-members" of the OECD? The most obvious
question is whether this is a bid by the US to use the OECD as the forum to
generate support for an international key recovery infrastructure.

If it is, they'll have a hard time. OECD delegates care about money, privacy,
and sound network security for business; less a willingness to make the job of
spooks and snoops easier. That was the lesson learned in September when
OECD-member countries rejected the US hardline approach. Other, better fora
exists for the US; places where national security can be addressed, such as the
Group of Seven (the OECD is technically prohibited from dealing with the issue).


Additionally, the US usually has a hard time in multilateral fora -- other
nations tend to balk at a lot of US proposals. Recall that as the OECD was
finalizing their crypto report in March, Germany expelled a US diplomat for
trying to buy an official at the Ministry of Economics. US officials tend to
forget such things -- the Germans, and other Europeans, sitting across the table
don't.

That said, the additional language in the communique is worrisome, and ought be
on everyone's radar. It seems likely that the US *is* trying to bring back
crypto to the OECD. One honorable motive might be the role of digital
certificates and cross certification across international borders, used for
electronic commerce and certified e-mail for contracts. More frightening is *if*
the US has the OECD ostensibly discuss e-commerce digital certificate issues
with non-members as a means to bring them to the table, lock the door, and lobby
them for key recovery at the same time. My intuition says this is likely.

What do other OECD countries feel about this? Read the communique closely:
Immediately after the language on crypto, the OECD calls for more work, by
saying more is needed -- "stakes and challenges." But then it qualifies what the
body's interest in the subject is: "the great potential of electronic commerce."
Thus, it appears the OECD sees its future work as having a limited role in terms
of the commercial aspects of crypto. 

Cut from the final version was a wordy addition by France, to "strengthen ...
protection of enterprises and consumers, as well as network security." Why this
was dropped is unclear to me, but I suspect that nobody really understood what
France was aiming for by adding it, and delegations wanted to keep the final
communique as short and generic as possible. 

The final sentence might be chilling regarding crypto solely, but it seems from
the way it was put together --  based on the draft communique -- that it was
originally intended to refer to broader GII/GIS issues. The word "its" is
ambiguous. I'd guess that the ambiguity is partially intentional, and that the
sentence suits everyone's interest because all delegations can read into it what
they wish, be it GII/GIS, crypto, or e-commerce. For example, what is meant by
"security" -- is it system security, or national security? Hmmm.... And does
addressing the issues "within a coherent policy framework" mean that all crypto
issue will be linked together, and as such, trusted third party systems intended
for public keys can also serve to escrow users' private keys?

What seems sure to follow, however, is that the OECD will report next year on
GII/GIS issues (as they would anyway) but that crypto will be an important part
of it.

Indeed, careful readers of The Economist will note that in the issue dated May
17-23, on page 11, the OECD placed a job advertisement seeking two economists,
one to work on GII, network, and e-commerce issues, the other to examine
technology policy as it applies to companies. It is interesting in light of the
major budget cutting the OECD is going through (and get this: journalists
covering the meeting had to pay for their international phone calls! Stunning!).

Regarding "dialogue with non-members," on general level it refers to the latest
buzz-word at the OECD. It is a way the body can broaden its work, and also
maintain the involvement of Russia and (potentially new members in) Eastern
Europe and Asia. In point 33 of the final communique, on "co-opertation with
non-members," the OECD gets schizophrenic: they call for "increasing focus on
the core activities" but then wax about "preserving the capacity for flexible
and differentiated co-operation." While this is a generic point applicable to
all the OECD activities, obviously crypto neatly falls into it. 

Result: Get set for Round II of cipher-spooks on the Seine.

-- K. N. Cukier
   Paris, France

----
The section of the draft communique (to be point 17 in the final version),
discussed by national delegations, reads:

"Information and communication technologies are fundamental driving forces in
globalisation. The information society promises economic and social benefits for
all our citizens, companies and governments. Ministers endorsed the
recommendations of the Global Information Infrastructure/Global Information
Society report. They welcomed the OECD cryptography guidelines as an important
contribution to international co-operation in this area [and called on the OECD
to review implementation and to launch dialogue with non-members as soon as
possible. -- ADD US] The stakes and challenges ahead are enormous. Ministers
noted the great potential of electronic commerce. They asked the OECD [to
examine carefully its implications for taxation and to study the means to
strengthen where possible the protection of enterprises and consumers, as well
as network security, so that these issues can be addressed within a coherent
policy framework -- ADD FRANCE] [to examine carefully [all -- ADD SWITZERLAND]
its implications [for areas such as taxation, [commercial transactions -- ADD
US] consumer protection, privacy, [and] security [and content -- DELETE US], and
to bring forward recommendations -- DELETE SWITZERLAND] [, consulting with the
private sector as needed -- ADD US] and to address them within a coherent policy
framework]. Ministers further asked for an update report in 1998."

###

===================END FORWARDED MESSAGE===================
Prev by Date: Re:Zu: Open Profiling Standard (OPS)
Next by Date: Werbebilder ausblenden im Web?
Prev by thread: WG: Proposed profiling standard aims to protect privacy on Internet
Next by thread: Werbebilder ausblenden im Web?
Index(es):
- Date
- Thread