[42] “Encryption” means the transformation of data to produce unintelligible data (encrypted data) by using a cryptographic method.

[43] “Encrypted data” means data which has been transformed into unintelligible form by cryptographic methods.

SECRETARIAT NOTE: This definition may not be necessary given the definition of “encryption”.

[44] “Integrity of data” means the property that data has not been modified or destroyed in an unauthorised manner.

SECRETARIAT NOTE: The word defined here has changed from “data integrity” to “integrity of data” to be consistent with the use of the term throughout these Guidelines.

[45] “Lawful access” means the ability to access cryptographic keys or plaintext of encrypted data granted to thirdparty individuals or entities, including government entities, in accordance with law.

SECRETARIAT NOTE: The text of this definition has been modified considerably from its previous form in the 15 July draft. First. the concepts of “lawful access to encrypted data ' and “access [which] may include the ability to monitor or make electronic copies...” have been removed These concepts deal with interception of communications, the legality of which is governed by other law and does not fall under the scope of these Guidelines.

Second, the wording “third-party” has been added to this definition. The Principle of “Lawful Access” deals only with the concept of “third-party” lawful access; the concept of “access by the user of the key” is outside the scope of that Principle.

Finally, the words “international or national” as concerning “law” have been removed from the definition. The current definition reflects the encompassing concept of “in accordance with law” and this concept is further developed in the explanatory text of the “Lawful Access” Principle.

[47] “Keyholder” means the individual or entity lawfully in possession of cryptographic keys of which that individual or entity may or may not be the user.

[48] “Non-repudiation” means a mechanism for preventing an individual or entity from denying having performed a particular action related to data.

[49] “Plaintext” means intelligible data, the semantic content of which is available.

[50] “User” means those individuals or entities which employ cryptographic methods, unless indicated otherwise by context.

SECRETARIAT NOTE: This definition is included for the first time in this draft, in response to changes in the text of certain Principles which require this term to be defined.