Europeans slam U.S. crypto policy

No nation or region should dictate cryptographic regulations, two Europeans tell the RSA Data Security conference.

2 min read
SAN FRANCISCO--No nation or region should dictate cryptographic regulations, two Europeans told the RSA Data Security conference today, implicitly criticizing the United States for its largely go-it-alone approach.

"We are dealing with a global issue. It is nothing that one country or one region should decide," said Detief Eckhert, an official with the European Commission, an executive body for the 15-nation European Union. "Communications is global, and we need worldwide agreements. Why not try to get together for a little more consistency?"

Germany's Ulrich Sandl, from the Ministry of Foreign Affairs, went farther while insisting that he did not want to criticize U.S. policy.

"We don't plan to restrict use of U.S. products [with key recovery included] in Germany, but they may not be in accordance with German law," Sandl said, citing data communications privacy statutes.

"Should foreign law enforcement and other foreign agencies have access to German users? The answer is no," Sandl added. "We do not want to ban key recovery, because key recovery can be a useful technical solution for data in enterprises."

Eckhert said the European Union's approach is for less regulation, more industry self-regulation, and more trust in market forces.

"We have in mind to look at market-driven solutions," he said.

Deborah Hurley, a Harvard professor who follows encryption issues, said advocates of key escrow, key recovery, and similar systems are "shoveling sand against the tide."

"The U.S government representatives say that the rest of the world is going to do key escrow or key recovery or trusted third-party systems--in the next five minutes," she said. However, she noted, only the United States and France are now pursuing such systems, since British Prime Minister Tony Blair changed his country's approach.

Eckhert said Europeans have acknowledge the potential of the cryptographic industries to create jobs--a major thrust of European policy-makers.

Eckhert also insisted that no regulation of encryption is in the pipeline for the European Union, although new rules on privacy in communications are coming soon.

One attendee asked Takashi Mano of Japan whether his nation might change its strong guarantees of privacy, built into Japan's constitution by the occupying U.S. forces after World War II.

"It is very difficult in Japan to change the constitution, so it is very unlikely to be changed," said Mano, who stressed that he does not represent the government, but rather a private organization, the IPA Information Technology Security Center.