[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] DN: SPEECH/99/122 by Mr Erkki LIIKANEN on Crypto oder: Neue Besen kehren gut?

[Man hoere & staune: Soll das unter Nr. 4 nun ein LINUX-Commitment 
der EU-Kommission sein??                                    --AHH]


---------------------------- CUT -----------------------------------

Speech by Mr Erkki LIIKANEN Member of the European Commission for
Enterprise and Information Society Trust and Security in Electronic
Communications : The European Approach Information Security Solutions
Europe (ISSE 99)Welcome Address Berlin, 4 October 1999  

 DN: SPEECH/99/122     Date: 1999-10-05

     TXT: EN
     PDF: EN
     Word Processed: EN


Speech by Mr Erkki LIIKANEN 

Member of the European Commission for Enterprise and Information

Trust and Security in Electronic Communications : The European 

Information Security Solutions Europe (ISSE 99) Welcome Address 

Berlin, 4 October 1999


Ladies and gentlemen, 





More and more EU-based companies, including a growing number of SMEs,
now think in terms of a Europe-wide market. This means that, at a time
when companies increasingly rely on electronic communications to carry
out their day-to-day business, incompatible national solutions in the
field of cryptography create impediments that lessen the benefits of
the Internal Market. Not to mention the problems creates for the
cryptographic industry itself, whether it concerns, for instance:  

suppliers of encryption products engaged in intra-Community trade;  

or service providers that have to provide their clients with 
certificates that are legally valid throughout the Union.  

The Commission has addressed these issues in a pragmatic way, 
establishing a distinction between authentication and 
confidentiality, even though they both rely on the same cryptographic

For authentication, we have tabled a draft Directive on electronic
signatures which will secure the Internal Market for certificates and
certification services. The aim is to have the European rules
transposed into the national legislation of the 15 EU Member States by
the end of the year 2000  

Things get more sensitive when it comes to confidentiality. The 
scrambling of electronic communications has raised some
legitimate public security concerns. Hence some reflections on how to
ensure lawful access to encrypted data. 

Most of the proposed schemes have proved impracticable, a view the
Commission has expressed in a policy paper in October 1997. This has
been confirmed by the findings of EU-funded research projects in the
field of cryptography.  

Member States are now increasingly sharing this view. The French
government in particular has pledged to lift all restrictions to the
use and supply of encryption products.  

Notwithstanding these developments, the Commission, under the 
Amsterdam Treaty, will work with Member States to ensure that, in a
liberalised domestic environment, public safety will be fully

What would then remain are export controls: 

For external trade, encryption products are controlled in accordance
with the Wassenaar Arrangement.  

But there are also controls on shipments of encryption products 
within the Internal Market. We would like these intra-Community 
controls to be strictly limited. Indeed, create to burdens for 
European companies industry red tape, delays, uncertainty, etc. which
put them at a competitive disadvantage.  

We hope Member States will soon come to an agreement on the new Dual
Use Regulation, which aims to lift almost all controls on intra-
Community shipments of encryption products.  


Finally, I would like to focus on two other crucial issues. The first
issue concerns the European cryptographic industry. It is a strong
industry, it has state-of-the-art technology, and it has therefore the
potential to impose itself on world markets. It would certainly highly
benefit from improved regulatory conditions, but there is another
major obstacle to its expansion.  

Currently, the desktop computing market is dominated by a few 
systems. This wouldn't be a problem in itself if those weren't 
proprietary systems. Building security solutions for systems when one
has no access to the source code is certainly a major challenge. In
fact, it means that there is a whole range of security products which
European industry cannot supply.  

The solution to this problem certainly lies in non-proprietary and
open source systems. This is the key to unlocking the potential of the
desktop computing security market. This would also clearly be in the
end users' interest. Not only would users enjoy a wider choice of
security solutions, but they would also have a greater safety

How can governments, and in particular the Commission, contribute to
promoting non-proprietary systems? 

One way is to raise awareness about them and their benefits  

Another could be to ensure that public tenders for computer equipment
no longer specify particular systems.  

This issue is also closely linked to technology developments. 
Ultimately, the market will chose the more appropriate technological
solutions. That is another area were we can help, notably under the
Fifth Framework Programme, through our Information Society Technology

Let me share with you my views on a second issue. I said earlier that
the explosion of the cryptography market is pending a widespread take-
up of the Internet by the wider public and SMEs. Awareness is one
requirement, to which I hope ISSE will contribute. The other is trust!

In many other sectors of the economy, consumer trust is achieved
through quality labels, for instance for foodstuff, toys or electric
appliances. These can be industry-led or based on government rules;
they can be attributed nationally or at European level.  

If security devices are to enter every home, they would certainly
benefit from labels demonstrating that they are in conformity with
quality requirements. This would greatly enhance consumer trust and
confidence by allowing consumers to immediately identify safe
information security products and services.  


Ladies and gentlemen, 

What I wanted to do today is to demonstrate that the Commission is
fully committed to the development of Internet security. I also wanted
to show that, whether you are suppliers or users, we are trying hard
to understand your needs. Finally, I wanted to get a few messages
across and point at a few directions which we must further
investigate. Let me wrap them up in a few words:  

1. Security is the key to securing users trust and confidence, and
thus to ensuring the further take-up of the Internet. This can only be
achieved if security features are incorporated in Internet services
and if users have sufficient safety guarantees.  

2. Securing the Internal Market is crucial to the further development
of the European security market, and thus of the European
cryptographic industry. This requires an evolution of mentalities:
Regulation in this field transcends national borders. Let's "think

3. European governments and the Commission now have a converging view
on confidentiality. We see this in Council, in Member State policies
and in the constructive discussions we have. We must take this debate
further and focus of the potential of encryption to protect public
security rather than mainly seeing it as a threat to public order.  

4. Finally, the promotion of open source systems in conjunction with
technology development is certainly one important step towards
unlocking the potential of the desktop security market for the
European cryptographic industry.  

I wish you all a great conference.  

---------------------------- CUT -----------------------------------