Page 449

The majority view of the assembled nations was that national policies had to balance the needs of corporate users, technology vendors, individuals, law enforcement, and national security. A number of participants appeared to favor a "trusted third-party" approach that would rely on nongovernment entities (the trusted third party) to serve as the generators of cryptographic keys for confidentiality for use by the public as well as escrow agents holding these keys and responding to legally authorized requests for encryption keys for law enforcement purposes.30 However, the needs of national security were not mentioned for the most part. 31,32

30 See, for example, Nigel Jefferies, Chris Mitchell, and Michael Walker, A Proposed Architecture for Trusted Third Party Services, Royal Holloway, University of London, 1995.

31 For additional industry-oriented views on international policies concerning the use of cryptography, see U.S. Council for International Business, Business Requirements for Encryption, New York, October 10, 1994; INFOSEC Business Advisory Group, Commercial Use of Cryptography, statement presented at the ICC-BIAC-OECD Business-Government Forum, Paris, France, December 1995; European Association of Manufacturers of Business Machines and Information Technology Industry (EUROBIT), Information Technology Association of Canada (ITAC), Information Technology Industry Council (ITIC), and Japan Electronic Industry Development Association (JEIDA), Principles of Global Cryptographic Policy, statement presented at the ICC-BIAC-OECD Business-Government Forum, Paris, France, December 19, 1995.  The statements from  the Paris meeting are available on-line at http:// / crypto/#ici.

32 Intelligence needs may conflict directly with needs for business information security. For example, U.S. and foreign companies sometimes form consortia that work cooperatively to make money; national intelligence agencies often funnel information to individual companies to develop competitive advantage. One major reason that U.S. companies operating internationally want to have encrypted communications is to protect themselves against the threat of national intelligence agencies. Thus, they would require that any escrow arrangements at a minimum include audit trails to ensure that their communications were being monitored in accordance with laws governing criminal investigations and the like (in the United States, this might be a court order) to ensure that data from wiretaps were not being funneled to foreign competitors. However, it is very hard to imagine that a foreign intelligence agency would be willing to provide such assurances or to live with such audit restrictions. Ultimately, the trade-off might be the willingness of an international corporation to bargain with the host nation about the ability to have secure communications, using its willingness to invest in the host nation as its ultimate bargaining chip to force the host nation to acquiesce.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement