[anonymously quoted EC policy proposal]
A particular business might qualify for a CONFIDENTIALITY LICENSE depending on its internal procedures and activities. A general (minimum) level of confidentiality could be provided to all users.
THE HORROR!
*this* is Orwellian. *this* is how to outlaw cryptography.
we need some ECypherpunk infiltrators ASAP!
I would be interested in knowing which EC document is being referred to. You may perhaps be interested to know that the 14JUL93 Draft 3.6 of the "Green Book on the Security of Information Systems" (from CEC DGXIIIB) addresses the issue that "strong information privacy may also be used to escape investigation by law enforcement". It identifies some related requirements: "an effective, internationally agreed, economic, ethical, and usable solution to meet business, administration, and personal needs including mechanisms for authorised interception and reporting the incidents and crimes adjusted to the conditions of the Internal Market, and to include the necessary equipment and software, but also an infrastructure of Trusted Third Parties. This will discourage "home made" or other solutions." As its name suggests, the Green Book isn't an agreed policy, but is an intermediate step in the process of constructing and Action Plan for EC information security. As such, the current text might be interpreted as a recommendation for EC adoption of a Clipper-style solution, but this is by no means the only (or even the best) way to meet these requirements. Personally I would favour a framework which encouraged strong cryptography, and assumed that criminals will tend to ignore the law, so therefore didn't burden the law-abiding 99% with pointless constraints. This would require an adjustment to the current Green Book requirements, which I, at least, will be suggesting.