6. LAWFUL ACCESS

[67] NATIONAL CRYPTOGRAPHY POLICIES MAY [CAN] ALLOW LAWFUL ACCESS TO PLAINTEXT OF ENCRYPTED DATA. THESE POLICIES MUST RESPECT THE OTHER PRINCIPLES CONTAINED IN THESE GUIDELINES TO THE GREATEST EXTENT POSSIBLE.

[68] Where access to the plaintext of encrypted data, or to cryptographic keys if appropriate, is requested under lawful process, the individual or entity requesting access must have a legal right to possession of the plaintext, and once obtained the data should [must] only be used for lawful purposes. The process [event] through which lawful access is obtained should be recorded, so that disclosure of cryptographi keys or data can be audited in accordance with national law. Where access is lawfully requested [obtained], such access [lawful access] should be granted within designated time limits appropriate to the circumstances. The [establishment of and changes in the] conditions of lawful access should be stated [notified] clearly, published, and apparent to users. keyholders and providers of cryptographic methods.

[69] When developing policies on cryptographic methods that provide for lawful access, governments should weigh carefully the risks of fraud [misuse], the additional expense of any supporting infrastructure, [the prospects of technical failure,] and other costs, against the perceived benefits, including benefits for [the public interest] public safety, law enforcement and national security. [Governments should promote cryptographic methods with mechanisms that deter criminal abuse and therefore minimise the need for lawful access.] This Principle should not be interpreted as implying that governments enact legislation that would allow lawful access to encrypted data. [Governments should not create lawful access legislation that is more intrusive than other laws about the gathering of evidence.] Lawful access across national borders may [should] be achieved [only] through international agreements and co-operation [between the countries concerned].

[70] Key management systems are a possible solution which can balance the interest of users and law enforcement authorities; these techniques may also be used to recover data, when keys are lost. [Preference should be given to the development and use of technical solutions that permit national key management infrastructures while allowing international communications.] Lawful access to cryptographic keys should [must] recognise the distinction between keys which can be used to protect confidentiality, and keys which can be used for authentication purposes [can be used to ensure data integrity] only. A cryptographic key that can be used for authentication [data integrity] purposes only should not be made available without the [explicit] consent of the individual or entity in lawful possession of that key [entity which it authenticates].