CEPIS Issues Cryptographic Policy Statement

Cipher received the following statement from Kai Rannenberg, Secretary CEPIS LSI Network.

CEPIS: Governmental Restrictions on Encryption Products Put Security at Risk

The Council of European Professional Informatics Societies (CEPIS) - with nearly 200,000 professionals in its 20 member societies, the largest European association of professionals working in information technology (IT) - has agreed on a Cryptography Policy Statement. It gives an analysis of crypto restriction methods and concludes with the following recommendations:

(1) The use of cryptography for identifying data corruption or authenticating people/organisations should be free of restrictions and encouraged by governments.

(2) All individuals and organisations in the private and public sectors should be able to store and transmit data to others, with confidentiality protection appropriate for their requirements, and should have ready access to the technology to achieve this.

(3) The opportunity for individuals or organisations in the private and public sectors to benefit from information systems should not be reduced by incommensurable measures considered necessary for the enforcement of law.

(4) The governments of the world should agree on a policy relating to their access to other people's computerised data, while seeking the best technical advice available in the world on:

(4.1) whether and which access mechanisms to computerised data are an effective, efficient and adequate way to fight (organised) crime and mount effective prosecution of criminals, and

(4.2) how to implement the policy whilst minimising the security risks to organisations and individual citizens.

(Evaluation and implementation of the policy will require regular review as the technology evolves).

The full statement is available in the WWW in ASCII and HTML form. Easiest access is via the web page of the CEPIS "Legal & Security Issues" Network (CEPIS LSI Network), who prepared the statement: http://www.wi.leidenuniv.nl/~verrynst/cepislsi.html. Further there is a press release based on the statement. It can be reached via the CEPIS LSI Network web page, too.

For more information on CEPIS please view http://www.bcs.org.uk/cepis.htm or contact Mrs. Peta Walmisley (E-Mail: cepis@bcs.org.uk, Tel/fax: +44 171 637 5607).

Kai Rannenberg, Secretary CEPIS LSI Network (kara@iig.uni-freiburg.de) PGP key available on request and in http://www.iig.uni-freiburg.de/~kara/