2-4-97. Reuters: Global group fails to endorse Clinton encryption plan Washington: An influential economic research group is preparing guidelines on computer encryption for its member countries but will duck some of the most contentious issues involved, according to a draft obtained by Reuters. The Clinton administration, seeking to rally support for its controversial policy on exporting encryption products -- which encode and decode e-mail and other computerized messages -- failed to win an endorsement from the Organisation for Economic Cooperation and Development (OECD), although the group did discuss the administration's approach. On perhaps the most difficult issue, the draft guidelines do not favour or oppose a requirement in the U.S. policy that data-scrambling encryption programmes provide a way for law enforcement officials to obtain keys to crack the codes when necessary. After indicating that governments should carefully weigh the costs and benefits of imposing so-called key recovery, the draft report said, "this principle should not be interpreted as implying that governments should, or should not, initiate legislation that would allow lawful access." On all the controversial areas in the draft, "the member countries of the OECD have strongly held views but they don't always coincide," John Dryden, head of the group's Information, Computer and Communications Policy division, said in a telephone interview from Paris. Some countries see widespread use of encryption as a way to protect the privacy of computer users and businesses, thereby encouraging global commerce, Dryden said. But others see encryption as possibly thwarting law enforcement's efforts to catch riminals and global terrorists, he said. The guidelines suggest encryption users should have access to products that meet their needs. Government controls should be "no more than are essential to the discharge of government responsibilities." Instead of reconciling the different views, the draft guidelines lay out competing interests and approaches. "It's not in itself a cryptography policy and it's not an attempt to draft a model national law that we're encouraging people to adopt," Dryden said. Cryptography refers to products and systems used in encryption. The guidelines also suggest encryption standards and usage should be "determined by the market in an open and competitive environment." "There's a strong view that the private sector should have the possibility to use information networks to the best of their potential in order to create growth and jobs," Dryden said. U.S. officials who have seen the preliminary draft praised the guidelines. "They're an important and helpful step forward," Undersecretary of Commerce William Reinsch said. "They're helpful because they put down on paper the proper foundation for getting into this," he added. Reinsch said most countries will follow the U.S. lead and require so-called key recovery features for law enforcement. Under the Clinton policy, domestic use of encryption is not regulated but the strongest coding products cannot be exported unless they include key recovery. U.S. companies that have opposed the Clinton policy, contending it stifles their ability to compete with unfettered foreign firms, drew little solace from the draft guidelines. "This is not helpful," said Netscape Communications Corp.'s public policy counsel, Peter Harter. Netscape and other companies preferred stronger language endorsing free-market policies, he said. The draft guidelines, approved by a group of government and private-sector experts at a meeting at the end of January, still must be approved by a top-level OECD officials from the group's 29 member countries, including the United States. -----