[C5] The newly-established Group of Experts on Security. Privacy and Intellectual Propertv Protection in the Global Information Infrastructure, which met for the first tune on 9 February 1996 in Canberra Australia approved the United States´ proposal for the OECD to draft guidelines on cryptography policy At the 29th Session of the ICCP Committee on 27-29 March 1996, the Ad hoc Group of Experts on Cryptography Policy Guidelines was established.

[C6] The Communique that was issued following the 21-22 May 1996 Meeting of the OECD Council at the Ministerial Level specifically mentioned cryptography policy in its Guidelines for the Work of the Organisation:

• 15. To facilitate the implementation of their commitments, bearing in mind the requirement to fit new work within a constrained budget, by concentrating on core priorities, Ministers request the OECD to:
• (iv) --deepen its work on a comprehensive policy framework to facilitate further development of the Global Information Infrastructure and related products and services, including the development of cryptography policy guidelines which would enhance security and protect intellectual property rights in this area, and analyse the economic and social impacts;

[C7] With the issues gaining public prominence, the guidelines drafting process officially began with the First Meeting of the Ad hoc Group of Experts held in Washington DC on 8 May 1996 A second Business-Government Forum on Global Cryptography Policy held on 7 May 1996 gave Members of the Ad hoc Group another opportunity to discuss the issues with business representatives The work continued through the summer with two more meetings of the group on 26-27 June and 26-27 September 1996 More than 100 delegates from governments, industry, and advocacy groups have attended these meetings.

Other Work Related to Cryptography Policy at the International Level

[C8] The continuing development of the GII/GIS and supporting technologies, including cryptographic products, has focused the attention of the international community on cryptography policy. Because decisions regarding cryptography policy will have a profound effect upon the safety, security, privacy, and economic well-being of the citizens of the global information society, the international community has discussed and has begun to implement cryptography policy in a number of fore.

[C9] Data protection and privacy laws have been implemented in a number of countries and in the European Union in recent years. European Commission Directive 95/46/EC, for example, requires the implementation of appropriate technical and organisational measures to protect personal data against accidental loss, alteration, or unauthorised disclosure or access, in particular where data is transmitted over a network. These laws raise specific concerns in the cryptography policy debate. because cryptography is an important means to protect the confidentiality of data. In some countries, data protection commissions or inspectorates might require that encryption - cryptography used to maintain the confidentiality of data -- be used when sensitive personal data is transmitted over networks.

[C10] The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies rules are applicable to the export of cryptography products. These rules are implemented in national regulations. The European Union DualUse directive is also applicable to the export of cryptography products. In addition. individual states have imposed other specific controls. which an: subject to continuing debate. on such exports.