Table of contents
Cryptography is a discipline that embodies principles, means, and methods for the transformation of data in order to hide its information content, establish its authenticity, prevent its undetected modification, prevent its repudiation, and/or prevent its unauthorised use. It is one of the technological means to provide security for data on information and communications systems. Cryptography can be used to protect the confidentiality of data, such as financial or personal data, whether that data is in storage or in transit. Cryptography can also be used to verify the integrity of data by revealing whether data has been altered and identifying the person or device that sent it. These techniques are critical to the development and use of national and global information and communications networks and technologies, as well as the development of electronic commerce.
In recent years OECD Member countries have undertaken to develop and implement policies and laws relating to cryptography; in many countries these are still in the process of being developed. Disparities in policy may create obstacles to the evolution of national and global information and communications networks and hinder the development of international trade. The governments of Member countries have recognised the need for an internationally co-ordinated approach to facilitate the smooth development of an efficient, secure information infrastructure. The OECD is playing a role in this regard by developing consensus about specific policy and regulatory issues relating to information and communications networks and technologies, including cryptography issues.
The OECD has been active for some time in the areas of privacy and data protection and the security of information systems. In early 1996 the OECD initiated a project on cryptography policy by forming the Ad hoc Group of Experts on Cryptography Policy Guidelines ("Ad hoc Group") under the auspices of the Committee for Information, Computer and Communications Policy (ICCP). The Ad hoc Group, under the chairmanship of Mr. Norman Reaburn of the Attorney-General's Department of Australia, was charged with drafting Guidelines for Cryptography Policy ("Guidelines") to identify the issues which should be taken into consideration in the formulation of cryptography policies at the national and international level. The Ad hoc Group had a one year mandate to accomplish this task and it completed its work in December 1996. Thereafter, the Guidelines were adopted as a Recommendation of the Council of the OECD on 27 March 1997.
The Guidelines are broad in nature and reflect the diversity
of views among Member countries. The Secretariat has prepared a Report
on Background and Issues of Cryptography Policy to explain the context
for the Guidelines and the basic issues involved in the cryptography policy
debate. The Report explains the need for international action and summarises
related work carried out so far by the OECD and certain other organisations.
The Report is an information document intended to assist public discussion
of the Guidelines, as opposed to influencing the interpretation of the
Guidelines. While it provides more detail on the breadth of the issues
covered in the Guidelines, the Report does not vary the meaning of the
Guidelines and must not be used as an interpretative guide. The Report
has been drafted by the Secretariat, which has benefited from discussions
with a number of national experts. However, the Report was only discussed
very briefly during the meetings of the Ad hoc Group.
More information on: International Aspects of Computer Crime
The Organization for Economic Cooperation
and Development (OECD) Home Page