Date: Mon, 7 Jun 1999 07:56:03 -0400
From: Dietrich Cerny <100022.723@compuserve.com>
Subject: Germany Frees Crypto
To: ukcrypto <ukcrypto@maillist.ox.ac.uk>
Hi,
The following text is the official translation of the "Eckpunkte der deutschen Cryptopolitik" and their justification.
Regards
Dietrich Cerny
__________
Bonn, June 2, 1999
Introduction
Up to the early Nineties, programs and chips for the secure encryption of messages were a relatively insignificant niche segment of the computer industry. However, this niche segment has since gained substantial importance for the economic and social development of the information society as a whole. After all, "information" as a production factor is increasingly becoming a coveted raw material. More effective protection of this raw material can decide on the success or failure of businesses and thus on employment opportunities in the information age. Today, this protection can only be effectively guaranteed by using powerful cryptographic procedures. In any event, the efficiency of this technology is today greater then ever before.
The encryption controversy in Germany
The encryption controversy revolves around the question as to whether and to what extent the use of cryptographic procedures should be restricted by law. This question has been the subject of controversial debate in many democratic industrial nations in recent years. In Germany, too, there has been an intensive discussion involving the Federal Ministries with their differing standpoints, the economy and numerous groups in society.
In October 1997, the Federal Cabinet adopted the "Progress Report of the Federal Government - Info 2000: Germany's Way to an Information Society", which contained a passage on encryption policy:
"It was agreed within the Federal Government to forgo the introduction in this legislative term of a statutory regulation concerning the putting into circulation and utilisation of encryption products and procedures, meaning that the unrestricted freedom of the user as regards the selection and use of encryption systems will remain unchanged. The Federal Government will continue to closely monitor further developments in the field of cryptography, particularly in the context of European and international cooperation, and will initiate further measures for the implementation of its goals, if necessary".
However, the Federal Government has not yet adopted a binding and unequivocal standpoint.
Cryptography and business interests
The markets for encryption products are today displaying high growth rates, primarily because of the dynamic development of digital business transactions. In addition to the traditional protection of confidentiality, important fields of application for cryptographic systems today include, for example, copyright protection, digital signatures and digital money. Beyond this, cryptography is a cross-sectional technology which is indispensable for the system architecture and development of complex electronic commerce applications. Consequently, far larger markets are indirectly affected, e.g. those of telecommunication, on-line banking or telemedicine.
Security standards of a kind that were mainly still the reserve of major companies and government agencies a few years ago, because of the high costs, have now also become affordable for medium-sized enterprises and private households. Nevertheless, encryption products are currently still not used to the necessary extent in Germany. This is often due to a lack of the necessary IT security-consciousness, even though unauthorised spying, manipulation or destruction of data can cause substantial economic damage.
German manufacturers of encryption products have good prospects for keeping pace in the international competition for new markets, provided that the framework conditions necessary in this context are guaranteed. In view of the strategic importance of this sector, many leading industrial nations are making a major effort to strengthen its economic and technical efficiency in their own country.
Cryptography and security interests
The use of cryptographic procedures is extremely important for efficient technical crime prevention. This applies both to guaranteeing the authenticity and integrity of data traffic and to protecting confidentiality.
On the other hand, this protection of confidentiality can favour criminals. For example, it can be expected that the growing user-friendliness of encryption products will result in their increasing spread in criminal circles. This can pose problems for the criminal prosecution authorities. Surveillance measures lawfully ordered by a judge must remain effective, even if the target person protects the information in question by means of a cryptographic procedure.
To date, the abuse of encryption technologies in Germany has not caused any serious problems in the process of criminal prosecution. However, this fact cannot be used to make a forecast for the future. Consequently, there is a need to actively assess the impact of this technology in relation to the interests of the criminal prosecution and security authorities in Germany in an attempt to identify undesirable developments in such good time that they can be effectively counteracted - on the basis of alternative strategies, if necessary.
Based on the national debate to date and on international developments, the Federal Government herewith adopts the following key elements for its encryption policy:
1. The Federal Government has no intention of restricting the free availability of encryption products in Germany. It regards the use of secure encryption as a decisive prerequisite for data protection for the public, for the development of electronic business transactions and for the protection of company secrets. The Federal Government will thus actively support the spread of secure encryption in Germany. This particularly includes the promotion of security-consciousness among the public, in the economy and in the administration.
2. It is the aim of the Federal Government to strengthen the confidence of users in the security of encryption. It will therefore take steps to establish a framework of confidence for secure encryption, specifically by improving the verifiability of the security functions of encryption products and recommending the use of tested products.
3. For reasons relating to the security of the state, the economy and society, the Federal Government considers it indispensable that German manufacturers be capable of developing and manufacturing secure and powerful encryption products. It will take steps to improve the international competitiveness of this sector.
4. The spread of powerful encryption procedures must not undermine the statutory telecommunications surveillance authority of the criminal prosecution and security authorities. The responsible Federal Ministries will therefore continue to monitor developments closely and report on this subject after two years. Independently of this, the Federal Government will support the improvement of the technical competencies of the criminal prosecution and security authorities within the framework of its capabilities.
5. The Federal Government attaches great importance to international cooperation in the field of encryption policy. It advocates open standards and interoperable systems developed in the market and will support the strengthening of multilateral and bilateral cooperation.
3 June 1999. Thanks to Peter Haefner for translation.
Federal Ministry of the Interior
Federal Ministry of Economic Affairs and Technology
Bonn, June 2, 1999
The Federal Cabinet in its session of June 2 agreed on the German position on the use of cryptographical methods in e-commerce in the form of Cornerstones of German Encryption Policy.
The government followed the necessity to take position in this nationally and internationally vital question important for business and e-commerce. Security problems are on the rise with growing traffic on the net. Experts are estimating the losses caused by espionage, manipulation, or damaging of data by billions. Data security is becoming a serious issue with global competition and because of that is affecting jobs in respective businesses.
Improved protection of German users on the net by means of better encryption methods is the main concern of this decision. It states clearly that cryptographic methods and products are furthermore permitted to be developed, produced, and used without any restrictions. The yet low awareness towards this issue shall be raised by this decision. The initiative Security On The Net by ministries of economic affairs and interior is meant to serve the same purpose <http://www.sicherheit-im-internet.de>
Another main aim of the German federal government is to strengthen productivity and international competitiveness of the German suppliers in encryption business which are likely to intensify their efforts with regards to a growing demand. The further opening of the European single market is serving the same purpose: Germany together with its European partners abolished supervision of encryption mass products exported within the EU by revising the EU-dual-use-decree. Simplification of export supervision procedure are under examination by the Bundesausfuhramt (federal export agency?)
With the use of cryptography on the raise improper use cant be ruled out. Therefore the involved ministries will be watching further development thoroughly and deliver a report after 2 years. Efforts to improve the technical equipment of law enforcement agencies are underway.
With this well-balanced position the federal government met the requirements for Germany being a secure and productive site in the information age.
Hard- and software for message encoding remained until the beginning of the nineties a negligible niche market. However this niche market is now of considerable importance to the economic and social development in the information age. The input information is developing more and more into a much demanded raw material. Effectively protecting this asset could can be crucial to corporate success and thus determine on prospective employment. This protection today can be effectively ensured only by use of strong encryption tools.
The controversy on encryption is about whether or not and to which extent cryptography should be restricted by law. This point has been discussed recently in many democratic industrial countries in a controversial way. An intensive argument took place in Germany too, with several ministries, industry, and numerous social groups participating.
In October 1997 the federal cabinet passed the Federal report: Info 2000: Germany's way into the information age, containing a passage on cryptography:
The Federal Government agrees on waiving to regulate by law the trade and use of cryptographic products and methods. Thus the unrestricted freedom of users with choosing and use of encryption systems remains not affected. The Federal Government will watch further development in the field of cryptography thoroughly particularly within a European and international context. Further measures to reach its goals will be taken if necessary.
So far the Federal Government has not taken stand definitely and unequivocally.
Due to the dynamic development of digital business dealings the markets for encryption products note high growth rates. Besides the traditional protection of confidence by now encryption systems are mainly used e.g. for digital copyright protection, digital signatures, and digital cash. Beyond this cryptography is a cross-section-technology indispensable for architecture and development of complex e-commerce applications. Indirectly much bigger markets are concerned like e.g. telecommunication, online-banking, or tele-medicine.
Its true that present-day security standards, few years ago affordable only to large-scale enterprises and administration, are now within means of medium-sized and small enterprises as well as private households. But still in Germany cryptography is not used in the required degree. The necessary security awareness is lacking frequently even though considerable losses can be caused by espionage, manipulation, or destruction of data. German crypto manufacturers would have a good chance of keeping up with international competition, if appropriate conditions are ensured. In view of the strategic meaning of the cryptographic sector many important industrial states spare no effort in order to strengthen their economical and technical capacities.
Cryptographic methods are of outstanding importance for efficient technical crime protection. That applies to ensuring of authenticity and integrity in data traffic as well as protection of confidence.
On the other hand protection of confidence is in favor of perpetrators: With cryptographic applications becoming more user-friendly spreading into criminal circles has to be expected. This could cause serious problems for law enforcement. Lawful surveillance ordered by a court has to remain effective even if the target guards concerned information with a cryptographic system.
Up to now abuse of encryption constitutes no serious problem for law enforcement. However there cant be derived a forecast from this. It is necessary to actively examine possible consequences with regard to the specific needs of law enforcement and national security to early identify any undesirable development and take effective action against them based on alternative strategies.
With the recent national discussion as well as the international development as foundations the Federal Government agrees on the following cornerstones of encryption policy:
1. The Federal Government is not intended to restrict the general availability of cryptographic products in Germany. It recognizes the crucial importance of secure encryption for data protection, development of electronic business dealings, and protection of corporate secrets. Therefore the Federal Government will actively support spreading of secure encryption in Germany. This is meant to particularly promote awareness on security issues among business, administration, and private people.
2. The Federal Government aims at strengthening users to trust in cryptographic security. It will take measures to establish a trust framework for secure cryptography, particularly by improving the ability to check cryptographic products on security and recommending of qualified products.
3. The Federal Government considers the capability of German manufacturers to develop and manufacture secure and powerful cryptographic products as crucial to security of nation, business, and society. It will take actions to improve the international competitiveness in this field.
4. The legal authority of law enforcement and security agencies to keep telecommunication under surveillance shall not be eroded by dissemination of strong methods for encryption. Therefore the competent ministries will be watching further development thoroughly and report after 2 years. Irrespective of that the Federal Government will support improving technical competence of law enforcement within the bounds of its possibilities.
5. The Federal Government sets a great store by international cooperation in the field of encryption. It stands up for market-developed open standards as well as interoperable systems and will speak up for strengthening of multi- and bilateral cooperation.