The EU-based Global Internet Project has published a new report on electronic commerce: http://jya.com/gip-ecomm.htm (29K) An excerpt on crypto policy: 1.No nation's cryptography policy can stand alone. 2. Immediate steps should be taken to solve pressing cryptographic needs that directly affect the global Internet. 3. Reliable and international systems for authentication and integrity should be established. 4. Governments and industry must respond to legitimate user concerns. 5. Users should be permitted to decide whether and the degree to which key escrow, trusted third party, or key recovery technologies will be desirable in their environments or not. 6. Trade barriers should not be disguised as cryptographic regulations. 7. Export controls on encryption should be made multilateral in practice and when used, focused narrowly and genuinely on national security threats. They should not be used as indirect domestic controls. 8. Governments should establish and publish the process by which keys will be obtained for government purposes. This process should include independent judicial review, time limits on access, reasonable notice to the key owner when this would not interfere with the purposes of the decryption, and opportunities for independent audit of compliance with legal process. 9. Liability for misuse of escrowed keys should be the subject of international understanding. 10. When key recovery is voluntarily chosen by the user, self-retention of key recovery information should be encouraged.