The Communiqué of the OECD Council, meeting at Ministerial level in May 1997, welcoming the OECD cryptography policy guidelines (adopted March 1997), called for dialogue with non-Members as soon as possible. This dialogue began with the Workshop, organised by the Committee for Information, Computer and Communications Policy (ICCP) under the auspices of the Emerging Market Economy Forum.
The objective of the Workshop was to use the OECD Guidelines, together with the OECD's Report on Background and Issues of Cryptography Policy, as the basis for deepening understanding of cryptography policy issues in the increasingly globalised information and communications network and the development of electronic commerce. The roles of the government and the private sector (both enterprises and individuals) were considered. Throughout the discussion, the crucial question was how to achieve balance among various interests at stake -- basically: national security/law enforcement; economic and social development; and protection of the rights of the individual.
There were 88 participants. In addition to OECD countries, participants were invited from 12 non-Member economies (Brazil; China; Estonia; Latvia; Lithuania; Hong Kong, China; Malaysia; Russia; Singapore; South Africa; Chinese Taipei and Thailand), the EC and the private sector. Many of the participants were from the business community, including representatives of leading software companies, service providers and technical institutes.
The workshop was chaired by Mr. Magnus Faxén, Ambassador, Ministry of Foreign Affairs of Sweden, and began with an opening statement by Mr. Shigehara, the Deputy Secretary-General. It was organised in three main sessions, with Q&A throughout, followed by a summing-up, a brief presentation of the report by the rapporteur, Mr. Ted Humphreys, and discussion of desirable next steps:
Presentations, by experts from Member countries, of the 8 principles which cryptography policy-makers should consider (Trust in cryptographic methods; Choice of cryptographic methods; Market-driven development of cryptographic methods; Standards for cryptographic methods; Protection of privacy and personal data; Lawful access; Liability and International co-operation);
Presentations of Member and non-Member countries' national cryptography polices;
Introduction of leading-edge cryptography technologies and their perspectives by private sector experts
In addition to the rapporteur's conclusions, the following points can be made:
No major failings in the OECD Guidelines -- they represent what can be done at present; however, the policies and approaches of Member countries still differ in the way in which they balance the various guidelines.
Since the OECD took up the cryptography issue at the end of 1995, there is greater understanding and recognition of the importance of the use of cryptography for authentication as well as for confidentiality, with many countries adopting digital signature laws. In other words, finding policy solutions compatible with the encouragement of electronic commerce applications has high priority. Still, further education and awareness is needed concerning the economic stakes.
There is great caution among governments to discuss international co-operation or alignment of cryptography policies. However, this meeting, intended principally as a dialogue between Members and the non-Members present, demonstrated the need for a fruitful discussion forum in this fast-moving and crucial area.