[84] Only necessary transactional information should be gathered, and it must be destroyed when no longer needed to perform the function.

SECRETARIAT NOTE: A delegation questioned whether the above paragraph deals uniquely with cryptography policy.

[85] The use of personal identification mechanisms in concert with cryptographic systems may be limited by national data protection legislation and in accordance with domestic and international human rights law.

[86] The OECD Guidelines for the Protection of Personal Data provide general guidance concerning the collection and management of personal information, which should be applied in concert with relevant national law when implementing cryptographic methods, particulary in establishing procedures for certification authorities and key management systems.

SECRETARIAT NOTE: This paragraph may be covered by paragraph [19] above.

[87] (6) LAWFUL ACCESS

[88] CRYPTOGRAPHIC METHODS, WHICH CAN BE DESIGNED TO ALLOW USERS TO RECOVER ENCRYPTED DATA, SHOULD ALSO ALLOW FOR TIMELY LAWFUL ACCESS TO PLAINTEXT OF ENCRYPTED DATA OR, IF APPROPRIATE, TO CRYPTOGRAPHIC KEYS, SO THAT PUBLIC SAFETY, NATIONAL SECURITY AND OTHER INTERESTS CAN BE PROTECTED.

SECRETARIAT NOTE: The title and character of this Principle was changed in the July draft from “Law Enforcement Access” or “Government Access” to “Lawful Access”. This was done to accommodate the possibility for access to plaintext or keys which might be requested by a party other than law enforcement or government under authorisation by lawful process. One scenario which demonstrates this concept is the death of the user, where another party might seek to obtain lawful access to encrypted data. Then is a public interest to be protected in such cases, which is an appropriate concern of governments (the audience of these Guidelines). This Principle should deliver a consistent message of lawful, rather than only government, access.

The following alternative text has been suggested for the main statement of this principle:

“CRYPTOGRAPHIC POLICIES SHOULD ALLOW FOR TIMELY LAWFUL ACCESS TO PLAINTEXT OF ENCRYPTED DATA OR, IF APPROPRIATE. TO CRYPTOGRAPHIC KEYS”.

[89] Where access to the plaintext of encrypted data or to a cryptographic key is requested under lawful process, the individual or entity requesting access must have a legal right to possession of the plaintext, and once obtained the data should only be used for lawful purposes.

SECRETARIAT NOTE: This paragraph has been reworded since the 15 July draft because the prior wording could have been understood to prohibit lawful use of the data for a purpose which is not the exact purpose for which the data was obtained (such as a law enforcement investigation of drug trafficking where decrypted data is obtained and the data also reveals that the drug dealer plans to commit murder).

[90] Where access to the plaintext of encrypted data is lawfully requested, such access should be granted within time limits appropriate to the circumstances.

SECRETARIAT NOTE: This paragraph provides some explanation of the concept of “timely” expressed in the main statement of the Principle: however, this paragraph is problematic because it may raise many issues and resolve none There are four distinct events: access to encrypted data. access to keys, decryption of encrypted data (whether through the use of keys or otherwise), and access to plaintextÑit is not clear what event must be timely.