[91] The process through which lawful access is obtained should be recorded, so that disclosure of cryptographic keys or data can be audited in accordance with national law.

[92] The conditions of lawful access should be stated clearly, published, and apparent to all users, keyholders and providers of cryptographic methods.

[93] Lawful access to cryptographic keys, or the plaintext of encrypted data, across national borders may be achieved through international agreements and co-operation.

SECRETARIAT NOTE: This paragraph is sensitive but important. The wording has been changed from that which appeared in the 15 July draft, to simplify and soften the statement. One delegation said that this paragraph is contrary to its position because lawful access must only be achieved through national means. This paragraph is meant to address the possibility that communications across national borders might require an international approach to obtain lawful access, and it suggests, but doesn't require, that international agreements and co-operation might be a way to achieve that. This paragraph also does not require that countries allow keys to be stored in other countries.

A suggestion for alternative wording is:

“National governments may endeavour to ensure by means of international agreements and cooperation that the supply of cryptographic keys or plaintext of encrypted data can be legally achieved across national borders”.

Another suggestion is that the following text could be added:

[*] “Preference should be given to development and use of technical solutions that permit national key management infrastructures while allowing international communications”.

SECRETARIAT NOTE: Former paragraphs [72] and [73] have been deleted at the suggestion of several delegations. Part of the substance of these former paragraphs is included in the current draft under the Integration Section.

[94] Governments which impose a system for legally authorised government access to cryptographic keys or plaintext of encrypted data for purposes of public safety, law enforcement and national security should also support cryptographic methods that strongly protect privacy and confidentiality of data.

[95] When developing policies on cryptographic methods that provide for lawful access, governments should weigh carefully the risks of fraud, the expense of any supporting infrastructure, and other costs, against the benefits, including benefits for public safety, law enforcement and national security.

SECRETARIAT NOTE: This paragraph is new to the current draft It was proposed to introduce the concept of “risk assessment” in government policymaking on lawful access.

[96] Lawful access to cryptographic keys should recognise the distinction between keys which can be used to protect confidentiality, and keys which can be used for authentication purposes only. [A cryptographic key that can be used for authentication purposes only should not be made available without the consent of the individual or entity in lawful possession of that key.]

SECRETARIAT NOTE: This paragraph is new to the current draft. It was proposed to make the distinction between cryptographic keys for confidentiality and cryptographic keys for authentication/integrity purposes. Both sentences may not be necessary.

[97] This Principle should not be interpreted as asking governments to enact legislation that would allow lawful access to encrypted data.