By
Stewart Baker
(sbaker@steptoe.com)
Michael Hintze
(mhintze@steptoe.com)
October 1997
We have received a copy of the policy paper on encryption and digital signatures adopted this week by the European Commission. Entitled "Ensuring Security and Trust in Electronic Communication: Toward A European Framework for Digital Signatures and Encryption," the paper takes a viewpoint on encryption that is in sharp contrast to that of the United States and some EU members such as France and the U.K.
e paper goes on at great length about the benefits of encryption - e.g. it enables electronic commerce by providing security over open networks, it protects the confidentiality of private communications, it protects the privacy of personal data and therefore can further the goals of the EU Data Privacy Directive, and it contributes the growth of many European technology companies which, in turn, creates jobs.
The paper is highly skeptical of any controls on the export, import, sale or use of encryption products. The paper states that encryption controls, in addition to interfering with free trade and a harmonized internal market, could "prevent law-abiding companies and citizens from protecting themselves against criminal attacks. It would not however prevent criminals from using these technologies."
It also expresses doubt about the viability of key recovery as a solution. It notes that key access schemes introduce vulnerabilities into any cryptographic system, can be easily circumvented, and may result in extremely high costs of implementation. It is not entirely surprising that the European Commission has not come down in favor of key recovery or trusted third party encryption. The EC does not have jurisdiction over law enforcement or national security matters. Thus, they are more likely to be concerned primarily with electronic commerce and commercial matters and the protection of privacy. As a result, the proponents of encryption controls are more likely to put forward their positions in other fora. Nonetheless, because of its great power over Member states, this statement of views by the Commission means that proponents of key recovery will have a tougher row to hoe in Europe than in the U.S.
The paper also deals with digital signatures. Here, the paper does a good job of summarizing the issues putting forward reasonable suggestions for EC action. The paper recognizes the need for coordinating the various national approaches to digital signatures and Certification Authorities, so that they can operate and be recognized across national borders.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
For further information please contact L. Benjamin Ederington on Tel: + 202-429-6411, Fax: 202-429-3902 or E-mail: bedering@steptoe.com
EC Paper On Crypto And Digital Signatures
Steptoe LLP
Contributor
In more than 100 years of practice, Steptoe has earned an international reputation for vigorous representation of clients before governmental agencies, successful advocacy in litigation and arbitration, and creative and practical advice in structuring business transactions. Steptoe has more than 500 lawyers and professional staff across the US, Europe and Asia.