3. MARKET DRIVEN DEVELOPMENT OF CRYPTOGRAPHY

[61 ] CRYPTOGRAPHIC METHODS SHOULD BE [FREELY] DEVELOPED [IN THE MARCETPLACE] IN RESPONSE TO THE NEEDS AND DEMANDS OF INDIVIDUALS, BUSINESSES AND GOVERNMENTS.

[62] The development and provisions of cryptographic methods should be determined by the market in an open and competitive environment, which may include government sponsored cryptographic methods. Such an approach would [will] best [is likely to] ensure that solutions keep pace with changing technology, the demands of users and evolving threats to information systems security. The development of [the voluntary] international technical standards, criteria and protocols related to cryptographic methods should also be market driven. ⁽⁹⁾ Governments should encourage and co-operate with business and the research community in the development of cryptographic methods [that protect and promote privacy, the security of data and information systems. commerce, public safety, law enforcement and national security, [without unduly restricting the marketplace or global trade].]

4. STANDARDS FOR [INTEROPERABILITY OF] CRYPTOGRAPHIC METHODS

[63] TECHNICAL STANDARDS, CRITERIA AND PROTOCOLS FOR CRYPTOGRAPHIC METHODS SHOULD BE DEVELOPED AND PROMULGATED AT THE NATIONAL AND INTERNATIONAL LEVEL [TO ACHIEVE GLOBAL INTEROPERABILITY].

[64] Recognised standards [-making] bodies, governments and business [as well as experts from the public sector and research community,] should share information and collaborate to develop and promulgate interoperable technical standards, criteria and protocols for cryptographic methods. [Relevant] national standards for cryptographic methods, if any, should be consistent with international standards to facilitate global interoperability. Mechanisms to evaluate conformity to technical standards, criteria and protocols for interoperability [and portability] of cryptographic methods should be developed.

5. PROTECTION OF PRIVACY AND PERSONAL DATA

[65] THE FUNDAMENTAL RIGHTS OF INDIVIDUALS TO PRIVACY, INCLUDING SECRECY OF COMMUNICATIONS AND PROTECTION OF PERSONAL DATA, SHOULD BE RESPECTED IN NATIONAL CRYPTOGRAPHIC POLICIES [AND IN THE IMPLEMENTATION AND USE OF CRYPTOGRAPHIC METHODS].

[66] While governments should implement policies that promote authentication, integrity and nonrepudiation in electronic exchanges, [policies that promote the use of cryptography to ensure the integrity of data in electronic transactions, including authentication and non-repudiation mechanisms,], however, the privacy consequences of these cryptographic functions should be clearly understood, and strong privacy safeguards should be established [to avoid risks to personal privacy.] The use of personal identification mechanisms in concert with cryptographic systems may be regulated by national data protection legislation and in accordance with [domestic and international] human rights [law]. [The OECD Guidelines for the Protection of Personal Data provide general guidance concerning, the collection and management of personal information, which should he applied in concert with relevant national law when implementing; cryptographic methods, particularly in establishing procedures for certification authorities and key managment systems.]