IP: NZ crypto policy

[Dave Farber <farber () cis upenn edu>]

Jenny Shearer, (Chair, public policy committee,
Internet Society of New Zealand)


Internet Society of New Zealand.
To:
Maurice Williamson
Minister of Communications


 Mr Williamson,


The Internet Society of New Zealand seeks to clarify  aspects of the New
Zealand government  policy on  issues of use of cryptography, and to urge
that the New Zealand Government move to enter international  (ie OECD)
discussions to put forward our position.


We believe that New Zealand should move to contribute to policy development
in this area to protect its own national interest, and to contribute to
maintaining a  free and open global Internet environment for the benefit of
users now and into the next century. Because of New Zealand's stable
democracy, high uptake of Internet services, its relative independence in
policy decisions, and its significant expertise in areas such as computer
science, cryptography, and communications policy, it is possible to present
an optimal environment in terms of cryptography use.


New Zealand has no formal restrictions on the use of cryptography within
the country, and cryptography developers have made major advances in this
field.  New Zealand is a participant in the Wassenaar Arrangement, and it
is a cause for concern how this arrangement has been interpreted by
Government departments. Few export licences have been granted  for current
exports of cryptography products from New Zealand; some of those granted
have been to the United States. The Internet Society regrets this status,
and in fact believes the cryptographic export licencing structure to be
unjustified.  (The Wassenaar Arrangement on Export Controls for
Conventional Arms and Dual-Use Goods and Technologies states that "national
discretion" may be used in its application. There is no requirement for
governments to impose controls on cryptographic items, and indeed many
countries which are signatory to the aggreement have no export controls on
cryptography, or have token controls which are not enforced.)


 We support the Government's initiative in moving to set up a public
service Public Key Encryption registry, which will enable public service
institutions to protect their confidential communications with strong
cryptography. We note that this service will be set up by the Government
Communications Security Bureau, and, given that this organisation is
responsible for Government surveillance, we request an assurance from the
Government that key escrow/key security measures will not be put in
place.The Internet Society intends to investigate the establishment of a
private sector  PKE registry, to provide support for commercial and
individual cryptography use.


The Internet Society believes free use of cryptography is necessary for the
Internet to develop to its full potential in commercial and societal terms,
and that interventions by national governments to impose cryptography
regulation or key escrow/security systems will result in damage to the
global infrastructure. Such interventions are not justified by  concerns
about perceived problems of individual national security. As you will be
aware, the US has transferred encryption items from its Munitions List to
the Commerce Control List, enabling export from the US of 56 -bit
encryption items, with the proviso that a key recovery infrastructure will
be put in place.We suggest that the stated intention of the US to impose a
global standand in this respect is wrong, and that it will not succeed. The
USACM public policy committee has stated in a letter to the US commerce
Department that  the policy will hinder US and international research
efforts. Further;


"Key recovery products have not yet been subject to the vigorous testing
necessary for a proposed standard and there is little understanding of how
such a system would operate and what controls would be needed to ensure
that it remained secure.


.."We believe the Commerce Department should not promulgate regulations
which prohibit US research and development from responding to market
demands and limit the ability of Americans using new on-line services to
protect their privacy."


The US Special Envoy for Cryptography, David Aaron, commented at the RSA
Data Security Conference last month that "everyone involved with the
encryption issue, whatever their views, recognises that international
reaction will determine the success or failure of their particular
approach."


In similar vein, a working document for a September 1996 meeting of the AD
Hoc Group of Experts on Cryptography Policy Guidelines for the OECD warns:


"Efforts by a single national government to regulate the use of
cryptography in ways that are incompatible with other national governments
pose a serious risk that the regulating government's policies will be
ineffective.


"While recognising that a state's sovereign responsibility to protect
public safety and national security may require it to take unilateral
action disparate national policies will also impair the development of the
GII/GIS."


The Internet Society believes that the current New Zealand policy on
cryptography should by reviewed to create a free and open export
capability, and that this policy should be put forward in an international
arena as a rational response to the challenges of cryptography use in a
global marketplace and public forum. We urge the Government to initiate and
support international moves towards cryptography development and use, and
towards discussion on how nations may best address their security concerns
in a context of global commerce, research, and communications networks.


We would  support such a Government review as forward-looking and confident
in the ability of New Zealanders to move forward in a global environment,
while maintaining a strong interest in and co-operation within the state.


Jim Higgins. (chairperson, Internet Society of New Zealand)