7. LIABILITY

[71 ] WHETHER ESTABLISHED BY CONTRACT OR LEGISLATION, THE LIABILITY OF INDIVIDUALS AND ENTITIES THAT [OFFER CRYPTOGRAPHIC SERVICES OR] HOLD OR ACCESS CRYPTOGRAPHIC KEYS SHOULD BE CLEARLY STATED [DEFINED].

[72] Subject to government legislation designed to protect public interests, [including consumer protection,] private parties are free [users should be freed] to establish, by prior agreement, the liability of individuals and entities who hold or have access to cryptographic keys. The liability of any individual or entity [,including a government entity, [of any party] that holds cryptographic keys on behalf of another, or which gains access to cryptographic keys of another should be made clear, by contract and, where appropriate, by [either] national legislation or international agreement. The liability of users for misuse of their own keys should also be made clear [explicit]. A keyholder [or any third party that has legitimate contact with keys] should [can] not be held liable for providing cryptographic keys or plaintext of encrypted data in accordance with lawful process [access] [request]. The party that obtains lawful access should be liable for misuse of cryptographic keys that it has obtained.

8. INTERNATIONAL CO-OPERATION

[73] GOVERNMENTS SHOULD CO-OPERATE TO HARMONISE CRYPTOGRAPHY POLICIES. AS PART OF THIS EFFORT, GOVERNMENTS SHOULD REMOVE, OR AVOID) CREATING IN THE NAME OF CRYPTOGRAPHY POLICY, UNJUSTIFIED OBSTACLES TO TRADE.

[74] In order to promote the broad international acceptance of cryptography and enable [attain] the full potential of the national and global information and communications networks, cryptography policies adopted by a country should harmonise as much as possible with similar policies of other countries. To that end, these Guidelines should be used for national policy formulation and in preparing national regulations on cryptography. [Aspects of cryptography policy which should be harmonised at the international level include regulation and certification of keyholders or key management systems, mutual recognition of digital signatures, conditions of lawful access, requirements for privacy protection, and government controls or regulations placed on cryptographic methods, including their import, export and use.]

[75] [In order to avoid creating artificial obstacles to international trade, member countries should avoid developing laws, policies and practices which create unjustified obstacles to global electronic commerce. [Member countries should avoid unnecessary hindrances to international availability of high quality cryptographic products.] No government should impede the free pow of encrypted data through its national boundaries [merely on the basis of cryptography policy].]