Förderverein Informationstechnik und Gesellschaft

DN: SPEECH/99/122 by Mr Erkki LIIKANEN on Crypto oder: Neue Besen kehren gut?

[Man hoere & staune: Soll das unter Nr. 4 nun ein LINUX-Commitment der EU-Kommission sein?? --AHH]|0|RAPID&lg=EN

Speech by Mr Erkki LIIKANEN Member of the European Commission for Enterprise and Information Society Trust and Security in Electronic Communications : The European Approach Information Security Solutions Europe (ISSE 99)Welcome Address Berlin, 4 October 1999

DN: SPEECH/99/122 Date: 1999-10-05

TXT: EN PDF: EN Word Processed: EN


Speech by Mr Erkki LIIKANEN

Member of the European Commission for Enterprise and Information Society

Trust and Security in Electronic Communications : The European Approach

Information Security Solutions Europe (ISSE 99) Welcome Address

Berlin, 4 October 1999


Ladies and gentlemen,





More and more EU-based companies, including a growing number of SMEs, now think in terms of a Europe-wide market. This means that, at a time when companies increasingly rely on electronic communications to carry out their day-to-day business, incompatible national solutions in the field of cryptography create impediments that lessen the benefits of the Internal Market. Not to mention the problems creates for the cryptographic industry itself, whether it concerns, for instance:

suppliers of encryption products engaged in intra-Community trade;

or service providers that have to provide their clients with certificates that are legally valid throughout the Union.

The Commission has addressed these issues in a pragmatic way, establishing a distinction between authentication and confidentiality, even though they both rely on the same cryptographic technologies.

For authentication, we have tabled a draft Directive on electronic signatures which will secure the Internal Market for certificates and certification services. The aim is to have the European rules transposed into the national legislation of the 15 EU Member States by the end of the year 2000

Things get more sensitive when it comes to confidentiality. The scrambling of electronic communications has raised some legitimate public security concerns. Hence some reflections on how to ensure lawful access to encrypted data.

Most of the proposed schemes have proved impracticable, a view the Commission has expressed in a policy paper in October 1997. This has been confirmed by the findings of EU-funded research projects in the field of cryptography.

Member States are now increasingly sharing this view. The French government in particular has pledged to lift all restrictions to the use and supply of encryption products.

Notwithstanding these developments, the Commission, under the Amsterdam Treaty, will work with Member States to ensure that, in a liberalised domestic environment, public safety will be fully guaranteed.

What would then remain are export controls:

For external trade, encryption products are controlled in accordance with the Wassenaar Arrangement.

But there are also controls on shipments of encryption products within the Internal Market. We would like these intra-Community controls to be strictly limited. Indeed, create to burdens for European companies industry red tape, delays, uncertainty, etc. which put them at a competitive disadvantage.

We hope Member States will soon come to an agreement on the new Dual Use Regulation, which aims to lift almost all controls on intra- Community shipments of encryption products.


Finally, I would like to focus on two other crucial issues. The first issue concerns the European cryptographic industry. It is a strong industry, it has state-of-the-art technology, and it has therefore the potential to impose itself on world markets. It would certainly highly benefit from improved regulatory conditions, but there is another major obstacle to its expansion.

Currently, the desktop computing market is dominated by a few systems. This wouldn't be a problem in itself if those weren't proprietary systems. Building security solutions for systems when one has no access to the source code is certainly a major challenge. In fact, it means that there is a whole range of security products which European industry cannot supply.

The solution to this problem certainly lies in non-proprietary and open source systems. This is the key to unlocking the potential of the desktop computing security market. This would also clearly be in the end users' interest. Not only would users enjoy a wider choice of security solutions, but they would also have a greater safety guarantee.

How can governments, and in particular the Commission, contribute to promoting non-proprietary systems?

One way is to raise awareness about them and their benefits

Another could be to ensure that public tenders for computer equipment no longer specify particular systems.

This issue is also closely linked to technology developments. Ultimately, the market will chose the more appropriate technological solutions. That is another area were we can help, notably under the Fifth Framework Programme, through our Information Society Technology Programme.

Let me share with you my views on a second issue. I said earlier that the explosion of the cryptography market is pending a widespread take- up of the Internet by the wider public and SMEs. Awareness is one requirement, to which I hope ISSE will contribute. The other is trust!

In many other sectors of the economy, consumer trust is achieved through quality labels, for instance for foodstuff, toys or electric appliances. These can be industry-led or based on government rules; they can be attributed nationally or at European level.

If security devices are to enter every home, they would certainly benefit from labels demonstrating that they are in conformity with quality requirements. This would greatly enhance consumer trust and confidence by allowing consumers to immediately identify safe information security products and services.


Ladies and gentlemen,

What I wanted to do today is to demonstrate that the Commission is fully committed to the development of Internet security. I also wanted to show that, whether you are suppliers or users, we are trying hard to understand your needs. Finally, I wanted to get a few messages across and point at a few directions which we must further investigate. Let me wrap them up in a few words:

1. Security is the key to securing users trust and confidence, and thus to ensuring the further take-up of the Internet. This can only be achieved if security features are incorporated in Internet services and if users have sufficient safety guarantees.

2. Securing the Internal Market is crucial to the further development of the European security market, and thus of the European cryptographic industry. This requires an evolution of mentalities: Regulation in this field transcends national borders. Let's "think European".

3. European governments and the Commission now have a converging view on confidentiality. We see this in Council, in Member State policies and in the constructive discussions we have. We must take this debate further and focus of the potential of encryption to protect public security rather than mainly seeing it as a threat to public order.

4. Finally, the promotion of open source systems in conjunction with technology development is certainly one important step towards unlocking the potential of the desktop security market for the European cryptographic industry.

I wish you all a great conference.