[76] TECHNICAL STANDARDS, CRITERIA AND PROTOCOLS FOR THE INTEROPERABILITY OF CRYPTOGRAPHIC METHODS SHOULD BE DEVELOPED AND PROMULGATED AT THE NATIONAL AND INTERNATIONAL LEVEL.

[77] National standards for cryptographic methods should be consistent with international standards to facilitate global interoperability.

[78] Recognised standards-making bodies, governments and business should share information and collaborate to develop and promulgate interoperable technical standards, criteria and protocols for cryptographic methods.

SECRETARIAT NOTE: Former paragraph [63) has been deleted at the suggestion of several delegations because it relates to compulsory licensing, an issue better left to other international organisations.

[79] Mechanisms to evaluate conformity to technical standards, criteria and protocols for interoperability should be developed.

[80] (5) PROTECTION OF PRIVACY AND PERSONAL DATA

SECRETARIAT NOTE: Considerable discussion at the June meeting focused on whether a Principle on privacy is necessary. The following delegation proposal has been submitted to comprise such an additional Principle. As this is the first time this text appears in the Draft Guidelines, it is expected that it will be subject to a thorough review: delegations are invited to comment on whether this Principle on privacy is appropriate and to make suggestions for improvements of the proposed language.

[81] THE FUNDAMENTAL RIGHTS OF INDIVIDUALS TO PRIVACY AND TO THE PROTECTION AND CONFIDENTIALITY OF THEIR DATA, INCLUDING THEIR TRANSACTIONAL DATA, SHOULD BE TAKEN INTO ACCOUNT IN DEVELOPMENT, IMPLEMENTATION AND POLICYMAKING REGARDING CRYPTOGRAPHIC METHODS AND THE INFRASTRUCTURES UPON WHICH THEY DEPEND.

[82] The functions of authentication and non-repudiation which cryptography makes possible provide a powerful tool for tracking [surveillance] of all manner of transactions. While attractive for fraud prevention for business records, and for establishing a knowledge base about customer behaviour and preferences this new capability [alters the balance of power between the individual and the state, and between the individual and the marketplace, and] could be misused.

SECRETARIAT NOTE: A delegation questioned whether the above phrase Òalters the balance of power between ... and the marketplaceÓ misstates the balance-of-power argument by giving a one-sided view: it does not address that the use of cryptography also shifts some powers from the state to the individual.

[83] Since many forms of communication for which there is a high expectation of privacy are migrating to networks, there is a need for data confidentiality in order to maintain the ability of the citizen to conduct a personal life in private The requirements of government agencies to conduct investigations, access communications, and gather plaintext evidence must be balanced against the rights of the citizenry to private communications Where practicable, and consistent with these requirements, provision should be made for anonymous transactions.

SECRETARIAT NOTE: A delegation questioned whether the above paragraph, particulary the second sentence which deals with conducting investigations, accessing communications. and gathering plaintext evidence, goes beyond the bounds of cryptography. The concepts expressed in that sentence deal with law enforcement investigation activities, the scope of which is governed by other law and does not fall under these Guidelines.

It was also questioned whether the need for law enforcement investigative activities should be the only qualifier for restricting anonymity: for instance, cases involving civil liability for non-criminal activities may also apply.