EC proposes PRIVACY LICENSES

[P.V.McMahon at rea0803.wins.icl.co.uk]

> [anonymously quoted EC policy proposal]
> >A particular business might qualify for a CONFIDENTIALITY LICENSE
> >depending on its internal procedures and activities. A general
> >(minimum) level of confidentiality could be provided to all users.
> 
> THE HORROR!
> 
> *this* is Orwellian. *this* is how to outlaw cryptography. 
> 
> we need some ECypherpunk infiltrators ASAP!

I would be interested in knowing which EC document is being referred
to. You may perhaps be interested to know that the 14JUL93 Draft 3.6 of
the "Green Book on the Security of Information Systems" (from CEC DGXIIIB)
addresses the issue that "strong information privacy may also be used to
escape investigation by law enforcement". It identifies some related
requirements: "an effective, internationally agreed, economic, ethical,
and usable solution to meet business, administration, and personal needs
including mechanisms for authorised interception and reporting the
incidents and crimes adjusted to the conditions of the Internal Market,
and to include the necessary equipment and software, but also an 
infrastructure of Trusted Third Parties. This will discourage "home made"
or other solutions."

As its name suggests, the Green Book isn't an agreed policy, but is an
intermediate step in the process of constructing and Action Plan for
EC information security. As such, the current text might be interpreted
as a recommendation for EC adoption of a Clipper-style solution, but
this is by no means the only (or even the best) way to meet these
requirements. Personally I would favour a framework which encouraged
strong cryptography, and assumed that criminals will tend to ignore the
law, so therefore didn't burden the law-abiding 99% with pointless
constraints. This would require an adjustment to the current Green Book
requirements, which I, at least, will be suggesting.