AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1997 >> [1997] PrivLawPRpr 10

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Greenleaf, Graham --- "The Crypto Report you are not (yet) supposed to see" [1997] PrivLawPRpr 10; (1997) 3(10) Privacy Law & Policy Reporter 183

The Crypto Report you are not (yet) supposed to see

The following details were available on the AGPS web site until removed on 7 February 1997. The web page stated `Last Updated: 21 Jan 1997' (General Editor).

Review of policy relating to encryption technologies


1. Conclusions and findings

2. Context and approach of the review -- 2.1. The context: Barrett's obiter dictum -- 2.2. The approach -- 2.3. Creative tension or competition

3. The direction and impact of encryption -- 3.1. The direction -- 3.2. On law enforcement and national security -- 3.3. The statistical vacuum -- 3.4. Policy uncertainty -- 3.5. Today's problems for the investigators -- 3.6. The imminent challenge -- 3.7. Towards response strategies

4. The consequence for government -- 4.1. Law enforcement -- 4.2. National security -- 4.3. The cost of alternatives -- 4.4. Decryption capability for law enforcement and national security? -- 4.5. Public key infrastructures -- 4.6. International agreements -- 4.7. Third party systems -- 4.8. The Internet

5. Striking a balance -- 5.1. A matter of proportion -- 5.2. Export controls

6. Coordinating process and investigative capability -- 6.1. Policy primacy and coordination -- 6.2. Maintaining investigative capability -- 6.3. Coordination of operational capacity -- 6.4. A new legislative approach

Annexe A. Terms of reference of the review

Annexe B. Australia Online [extract]

Annexe C. US Administration statement on commercial encryption, 12 July 1996 -- Annexe D. UK Government paper of regulatory intent concerning use of encryption on public networks, 11 June 1996

Annexe E. OECD guidelines governing the protection of privacy and transborder flows of personal data

Annexe F. US Administration statement on encryption issued by the vice-president, 1 October 1996.


The terms of reference of the review are as follows.

The review is to examine whether legislative or other action should be taken to safeguard national security and law enforcement interests in light of the rapid development of the global information infrastructure and the continuing need to safeguard individual privacy. The objective of the review will be to present options for encryption policies and legislation which adequately address national security, law enforcement and privacy needs while taking account of policy options being developed to address commercial needs.

Key factors to be addressed include:

(a) Australia's national security and defence interests;

(b) an assessment of the present state on encryption technologies and prospective developments in encryption technology over the next few years likely to impact on Australia's national security and law enforcement interests;

(c) whether Australia's present laws are adequate to ensure Australia's national security and law enforcement interests in an environment of rapidly emerging technologies;

(d) measures to safeguard individual privacy including an examination of the warranting provisions that may be required to enable law enforcement and national security authorities to gain access to encrypted material, whether in the form of stored data or a message transmitted over a telecommunications network;

(e) an assessment and evidence of the benefits of access by law enforcement and national agencies to encrypted data;

(f) an assessment of the most appropriate means of funding the development, implementation and maintenance of a decrypting capability for existing and emerging technologies;

(g) whether Australia should seek to negotiate agreements with any other country or countries governing access to encrypted data where public keys (under a `commercial key escrow' or `trusted third party' system of encryption) are held outside Australia;

(h) whether legislation is desirable to:

(i) regulate the availability of `commercial key escrow' or `trusted third party' encryption; or

(ii) facilitate the development of `commercial key escrow' or `trusted third party' encryption; and

(i) the impact of overseas initiatives associated with encryption technology, particularly in relation to the extent to which international cooperation and proactive specification of desirable characteristics for encryption products and `commercial key escrow' or `trusted third party' services is desirable and recommendations as to how such international cooperation best be achieved -- the effectiveness of Australia's export controls on encryption technology.

The review is to have regard to the Government's existing encryption policies, the work of the OECD Committee of Experts on Security, Privacy and Intellectual Property Protection in the global information infrastructure on the development of international cryptography guidelines and the work of the Information Policy Task Force on the implementation of open encryption standards which address commercial needs.

Graham Greenleaf, General Editor.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback