These Guidelines are broad in nature and reflect the diversity of views among Member countries. The Guidelines are primarily aimed at governments, in terms of the policy recommendations herein, but with anticipation that they will be widely read and followed by both the private and public sectors.
The OECD Secretariat has prepared a Report on Background and Issues of Cryptography Policy to explain the context for the Guidelines and the basic issues involved in the cryptography policy debate.
The Guidelines are as follows:
- 1. Trust in Cryptographic Methods. Cryptographic methods should be trustworthy in order to generate confidence in the use of information and communications systems.
- 2. Choice of Cryptographic Methods. Users should have a right to choose any cryptographic method, subject to applicable law.
- 3. Market Driven Development of Cryptographic Method. Cryptographic methods should be developed in response to the needs, demands and responsibilities of individuals, businesses and governments.
- 4. Standards for Cryptographic Methods. Technical standards, criteria and protocols for cryptographic methods should be developed and promulgated at the national and international level.
- 5. Protection of Privacy and Personal Data. The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods.
- 6. Lawful Access. National cryptography policies may allow lawful access to plaintext, or cryptographic keys, of encrypted data. These policies must respect the other principles contained in the guidelines to the greatest extent possible.
- 7. Liability. Whether established by contract or legislation, the liability of individuals and entities that offer cryptographic services or hold or access cryptographic keys should be clearly stated.
- 8. International Cooperation. Governments should cooperate to coordinate cryptography policies. As part of this effort, governments should remove, or avoid creating in the name of cryptography policy, unjustified obstacles to trade.