After a year of intense negotiations on three continents, the Organization for Economic Cooperation and Development on Thursday announced new international guidelines on encryption that refrain from endorsing the Clinton administration's key escrow approach to data security technologies.
"The key point is that the OECD rejected key escrow and put in place a framework for the voluntary, market-driven development of crypto products," said Marc Rotenberg of the Electronic Privacy Information Center and an adviser to the OECD. "I think it's the beginning of the end for the White House crypto policy."
The Clinton administration had sought to get the OECD to adopt a proposal that would create an international system of trusted third parties that would hold keys to encrypted data. Throughout the negotiations, US representative stressed the need for law enforcement officials to have access to encrypted data to stop fraud, crackers, and terrorists. Although the United States was backed by Great Britain and France, the 29-member OECD was not persuaded to adopt the US proposal giving police broad powers to eavesdrop on electronic communications.
"International consultation and cooperation must drive cryptography policy because of the inherently international nature of information and communications networks and the difficulties of defining and enforcing jurisdictional boundaries in the new global environment," the OECD said in a news release.
The eight-point policy released Thursday is a nonbinding agreement laying a standard framework for developing national encryption policies. Seven of the points - regarding availability of encryption technology and privacy rights - use the emphatic "should," but the provision on law enforcement access only says tentatively that nations "may allow lawful access to plaintext or cryptographic keys of encrypted data," adding that "these policies must respect the other principles contained in the guidelines to the greatest extent possible."
President Clinton appointed a "crypto czar" to promote the administration's policy on encryption worldwide, Ambassador David Aaron, who told data security manufacturers at the annual RSA data security conference in January that "the international encryption market is not going to be wide open."
