From: John Young <jya@pipeline.com>
Date: Wed, 5 Feb 1997 07:26:31 -0800 (PST)
To: cypherpunks@toad.com
Subject: OECD Waffles
Message-ID: <199702051526.HAA28804@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


2-4-97. Reuters:

Global group fails to endorse Clinton encryption plan 

Washington: An influential economic research group is preparing 
guidelines on computer encryption for its member countries but 
will duck some of the most contentious issues involved, according 
to a draft obtained by Reuters.

The Clinton administration, seeking to rally support for its 
controversial policy on exporting encryption products -- which 
encode and decode e-mail and other computerized messages -- failed 
to win an endorsement from the Organisation for Economic Cooperation 
and Development (OECD), although the group did discuss the
administration's approach.

On perhaps the most difficult issue, the draft guidelines do not 
favour or oppose a requirement in the U.S. policy that data-scrambling 
encryption programmes provide a way for law enforcement officials to 
obtain keys to crack the codes when necessary.

After indicating that governments should carefully weigh the costs and 
benefits of imposing so-called key recovery, the draft report said, 
"this principle should not be interpreted as implying that governments 
should, or should not, initiate legislation that would allow lawful 
access."

On all the controversial areas in the draft, "the member countries of 
the OECD have strongly held views but they don't always coincide," 
John Dryden, head of the group's Information, Computer and Communications 
Policy division, said in a telephone interview from Paris.

Some countries see widespread use of encryption as a way to protect the 
privacy of computer users and businesses, thereby encouraging global 
commerce, Dryden said. But others see encryption as possibly thwarting 
law enforcement's efforts to catch riminals and global terrorists, he 
said.

The guidelines suggest encryption users should have access to products 
that meet their needs. Government controls should be "no more than are 
essential to the discharge of government responsibilities."

Instead of reconciling the different views, the draft guidelines lay out 
competing interests and approaches.

"It's not in itself a cryptography policy and it's not an attempt to 
draft a model national law that we're encouraging people to adopt," 
Dryden said. Cryptography refers to products and systems used in 
encryption.

The guidelines also suggest encryption standards and usage should be 
"determined by the market in an open and competitive environment."

"There's a strong view that the private sector should have the 
possibility to use information networks to the best of their potential 
in order to create growth and jobs," Dryden said.

U.S. officials who have seen the preliminary draft praised the guidelines. 
"They're an important and helpful step forward," Undersecretary of 
Commerce William Reinsch said.

"They're helpful because they put down on paper the proper foundation for 
getting into this," he added.

Reinsch said most countries will follow the U.S. lead and require 
so-called key recovery features for law enforcement. Under the Clinton 
policy, domestic use of encryption is not regulated but the strongest 
coding products cannot be exported unless they include key recovery.

U.S. companies that have opposed the Clinton policy, contending it stifles 
their ability to compete with unfettered foreign firms, drew little solace 
from the draft guidelines.

"This is not helpful," said Netscape Communications Corp.'s public policy 
counsel, Peter Harter. Netscape and other companies preferred stronger 
language endorsing free-market policies, he said.

The draft guidelines, approved by a group of government and private-sector 
experts at a meeting at the end of January, still must be approved by a 
top-level OECD officials from the group's 29 member countries, including 
the United States.

-----