[71] It is widely recognised that the development and provision of cryptographic methods should be determined by the market in an open and competitive enviroment. Since cryptographic methods can be developed by the scientific or research community in a public sector capacity, government-sponsored cryptography may also participate in the marketplace.

[72] The development of the voluntary international technical standards, criteria and protocols underlying cryptographic methods should also be market driven.

SECRETARIAT NOTE: Delegates questioned whether to use the wording “standards” or “technical criteria and protocols”. Throughout the document the term “technical standards. criteria and protocols” has been used.

[73] A market driven approach to the development and use of cryptographic methods will ensure that solutions keep pace with changing technology, the demands of users and evolving threats to data security.

[74] Governments should encourage and cooperate in the development of cryptographic methods that protect and promote privacy, security of data and systems, commerce, public safety, law enforcement and national security.

SECRETARIAT NOTE: Delegates questioned whether to use the wording “law enforcement” as part of the phrase “public safety and national security”. Where applicable, throughout the document the term “public safety, law enforcement and national security” has been used.

[75] (4) INTEROPERABILITY OF CRYPTOGRAPHIC METHODS

SECRETARIAT NOTE: Some delegations questioned why this Principle is limited to standards for “interoperability” and does not include other standards and technical criteria. The following alternative text for the main statement of this Principle has been suggested which substantially modifies the overall concept:

“STANDARDS FOR CRYPTOGRAPHIC METHODS: Industry-led, market driven standards for cryptographic methods (including interoperability) should be developed by internationally recognised standard-making bodies operating on the basis of consensus and voluntary membership from government research and the private sector. These standards should be promulgated at the national and international level. Existing national standards should be made consistent with these standards”.

There was a specific intention when redrafting this Principle in the 15 July draft. Considerable discussion of the former “Standards for Cryptographic Methods” Principle at the June meeting related to the issue of interoperability. The working document for the second day of the meeting rephrased the Principle as follows:

“Standards for the inter operability of cryptographic methods should be developed by the recognised standard-making bodies involving representation from government and industry. National standards should be consistent with international standards and should be public in nature”.

When the explanatory text for the former Principle was reviewed, the Secretariat noted that most paragraphs already dealt specifically with “interoperability” and not mom general “standards”. In the 15 July draft, the Principle was renamed “Interoperability” and the above text was reworded, but the same concepts were expressed in the explanatory text of the new Principle. Two paragraphs from the former Principle which did not deal with “interoperability” specifically, were moved to more appropriate places under the “Demand-Driven Development” and “International Co-operation” Principles.

While the limitations of the “Interoperability” Principle are acknowledged this may be the best solution to respond to the discussion from the June meeting.