From: John Young <jya@pipeline.com>
Date: Wed, 29 Oct 1997 19:29:42 +0800
To: cypherpunks@toad.com
Subject: EU E-Commerce Report
Message-ID: <1.5.4.32.19971029111842.00b6b4b8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



The EU-based Global Internet Project has published a new 
report on electronic commerce:

   http://jya.com/gip-ecomm.htm  (29K)

An excerpt on crypto policy:

1.No nation's cryptography policy can stand alone.

2. Immediate steps should be taken to solve pressing 
cryptographic needs that directly affect the global Internet.

3. Reliable and international systems for authentication 
and integrity should be established.

4. Governments and industry must respond to legitimate user 
concerns.

5. Users should be permitted to decide whether and the degree 
to which key escrow, trusted third party, or key recovery 
technologies will be desirable in their environments or not.

6. Trade barriers should not be disguised as cryptographic 
regulations.

7. Export controls on encryption should be made multilateral 
in practice and when used, focused narrowly and genuinely on 
national security threats. They should not be used as indirect 
domestic controls.

8. Governments should establish and publish the process by 
which keys will be obtained for government purposes. This 
process should include independent judicial review, time limits 
on access, reasonable notice to the key owner when this would 
not interfere with the purposes of the decryption, and 
opportunities for independent audit of compliance with legal 
process.

9. Liability for misuse of escrowed keys should be the subject 
of international understanding.

10. When key recovery is voluntarily chosen by the user, 
self-retention of key recovery information should be encouraged.