Council of European Professional Informatics Societies
(CEPIS)

Governmental Restrictions on Encryption Products Put Security at Risk

(1)

The use of cryptography for identifying data corruption or authenticating people/organisations should be free of restrictions and encouraged by governments.

(2)

All individuals and organisations in the private and public sectors should be able to store and transmit data to others, with confidentiality protection appropriate for their requirements, and should have ready access to the technology to achieve this.

(3)

The opportunity for individuals or organisations in the private and public sectors to benefit from information systems should not be reduced by incommensurable measures considered necessary for the enforcement of law.

(4)

The governments of the world should agree on a policy relating to their access to other people's computerised data, while seeking the best technical advice available in the world on:

(4.1)

whether and which access mechanisms to computerised data are an effective, efficient and adequate way to fight (organised) crime and mount effective prosecution of criminals, and

(4.2)

how to implement the policy whilst minimising the security risks to organisations and individual citizens.

(Evaluation and implementation of the policy will require regular review as the technology evolves).