[64] It is expected that a variety of cryptographic methods may be needed to fulfil different data security requirements.

[65] Users of cryptography should be free to determine the type and level of data security needed, and to select and implement appropriate cryptographic methods [, subject to lawful constraints].

[66] Individuals or entities who own, control, access, use or store data may have a responsibility to protect the confidentiality of such data, and may therefore be responsible for using appropriate cryptographic methods.

SECRETARIAT NOTE: This paragraph has been reworded and the substance of former paragraph [40] has been integrated herein.

[67] Users should be free to adopt a key management system that suits their needs [, subject to lawful constraints which may include provisions for lawful access to plaintext or cryptographic keys].

[68] Government controls on cryptographic methods should be no more than are essential to the discharge of government responsibilities.

SECRETARIAT NOTE: This text is a reworded version of former paragraph [58] which previously appeared under “Demand-Driven Development” The original text of former paragraph [58] follows:

“Cryptographic methods may be subject to government controls compatible with government responsibilities to protect privacy, promote commerce, and provide for public safety, law enforcement and national security”.

[69] (3) DEMAND-DRIVEN DEVELOPMENT OF CRYPTOGRAPHY

SECRETARIAT NOTE: Several delegations maintain that this title should be “MARKET DRIVEN” or “MARKET DEMAND” The current title was selected in response to the concern that some development might not be “market” driven (such as government-sponsored research and development). This concern is also addressed in paragraph [71] below.

[70] CRYPTOGRAPHIC METHODS SHOULD BE FREELY DEVELOPED IN RESPONSE TO THE NEEDS AND DEMANDS OF INDIVIDUALS, BUSINESSES AND GOVERNMENTS.

SECRETARIAT NOTE: This paragraph was popularly supported in the comments from delegations. However, should the main statement of the Principle be changed to include the concept of “marker driven” (see Secretariat note at paragraph [69] above), this text could read:

“Cryptographic methods and products should be freely developed in the marketplace in response to the needs and demands of individuals, businesses and government”.