Added November 21, 1996:

For notes of meetings behind this press release and excellent critique see Robin Whittle's site at: http://www.ozemail.com.au/~firstpr/crypto/oecd_dr.htm

OECD NEWS RELEASE - Paris, 1st October 1996

OECD Member countries moved ahead last week in drafting Cryptography Policy Guidelines that would provide internationally comparable criteria for encryption of computerised information. Drafting should now be complete by the end of the year for Guidelines which governments would adopt and businesses, individuals and law enforcement officials would apply in safeguarding electronic transactions, communications, and data storage.

The OECD Guidelines identify the issues which countries should take into consideration in formulating cryptography policies at the national and international level. The Guidelines could play an important part in the development of the Global Information Infrastructure (GII) and Global Information Society (GIS) but national policies must be harmonized at the international level to meet the needs of global technologies and applications. Discussions have focused on the rights of users to choose cryptographic methods, the freedom of the market to develop them, interoperability, consequences for the protection of personal data and privacy, lawful access to encrypted data, and reducing the barriers to international trade.

The OECD Guidelines will be non-binding recommendations to Member governments, meaning that they will not be part of international law, nor will they endorse any specific cryptography system.

At the meeting last week, more than 100 representatives from OECD Member countries participated under the chairmanship of Mr. Norman Reaburn of the Attorney-General's Department of Australia. Officials from commerce, industry and foreign ministries, data protection commissioners and others responsible for privacy protection attended, as well as representatives of law enforcement and security agencies and, in many cases, private sector representatives. The BIAC (Business and Industry Advisory Committee to the OECD) has been involved throughout the drafting process, and experts on privacy, data protection and consumer protection were also invited to participate.

The process of drafting of Guidelines for Cryptography Policy began in March, when the OECD formed an Ad hoc Group of Experts composed of government representatives and experts from OECD countries. The group met in Washington DC in May, and a second time in Paris in June. The third meeting took place on 26-27 September in Paris.

The Group will continue discussions the week of the 16 December, with a view to completion this year of a draft of the Guidelines which would be forwarded for approval by the Council of the OECD early in 1997.

For further information please contact the ICCP Committee, or consult the Information, Computer and Communications Policy site.