Fandom

The IT Law Wiki

Guidelines for Cryptography Policy

32,196pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Citation Edit

OECD, Guidelines for Cryptography Policy (Mar. 27, 1997) (full-text).

Overview Edit

These Guidelines are broad in nature and reflect the diversity of views among Member countries. The Guidelines are primarily aimed at governments, in terms of the policy recommendations herein, but with anticipation that they will be widely read and followed by both the private and public sectors.

The OECD Secretariat has prepared a Report on Background and Issues of Cryptography Policy to explain the context for the Guidelines and the basic issues involved in the cryptography policy debate.

The Guidelines are as follows:

1. Trust in Cryptographic Methods. Cryptographic methods should be trustworthy in order to generate confidence in the use of information and communications systems.
2. Choice of Cryptographic Methods. Users should have a right to choose any cryptographic method, subject to applicable law.
3. Market Driven Development of Cryptographic Method. Cryptographic methods should be developed in response to the needs, demands and responsibilities of individuals, businesses and governments.
4. Standards for Cryptographic Methods. Technical standards, criteria and protocols for cryptographic methods should be developed and promulgated at the national and international level.
5. Protection of Privacy and Personal Data. The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods.
6. Lawful Access. National cryptography policies may allow lawful access to plaintext, or cryptographic keys, of encrypted data. These policies must respect the other principles contained in the guidelines to the greatest extent possible.
7. Liability. Whether established by contract or legislation, the liability of individuals and entities that offer cryptographic services or hold or access cryptographic keys should be clearly stated.
8. International Cooperation. Governments should cooperate to coordinate cryptography policies. As part of this effort, governments should remove, or avoid creating in the name of cryptography policy, unjustified obstacles to trade.

Also on Fandom

Random Wiki