Translation and Commentary by Christopher Kuner
Translation copyright 1999 Christopher Kuner. Reproduction is permitted, provided that this translator's note, including the above copyright notice, is retained in its entirety.
Commentary: The following is a translation of a statement approved by the Federal Cabinet of the German government on June 2, 1999, which is the first statement of government crypto policy that has been agreed upon among all the relevant ministries (including the Ministries of Economic Affairs and of the Interior, which until now have had very different positions on the restriction of cryptography). The statement is significant for its strong position against restrictions on the circulation and use of cryptography, which continues existing policy but is important as the first explicit such government statement; it thus continues the trend in Europe against the restriction of cryptography (following liberalization in France and the UK). The possible industrial aspects of the policy (such as improving the competitiveness of the German crypto sector, and the strengthening of voluntary government accreditation of crypto products) are also significant.
Principles of German Crypto Policy
Bonn, June 2 1999
Programs and chips for the secure encryption of messages were until the early 1990s a relatively unimportant niche area of the computer industry, which however is today of considerable importance for the economic and social development of the information society as a whole, since the production factor "information" is in such demand. The effective protection of this resource can determine the success or failure of enterprises (and thus of employment) in the information age, and only by the use of strong cryptographic procedures can this protection be effectively ensured. In any event, the performance of this technology is greater today than at any time.
The crypto controversy in Germany
The crypto controversy concerns the question of whether and to what extent the use of cryptographic procedures should be legally restricted, and has been controversial in many democratic industrial countries. In Germany too an intensive discussion has been conducted between various parts of the federal government (with differing positions), private industry, as well as numerous social groups.
In October 1997 the Federal Cabinet approved the "Progress Report of the Federal Government Info 2000: Germany’s Way into the Information Society", which contained a passage on crypto policy:
"Agreement has been reached within the federal government not to legally regulate the introduction into circulation and the use of crypto products and procedures during this legislative session, so that the unrestricted freedom of users to choose and use encryption systems remains unaffected. The federal government will follow closely further developments in the area of cryptography, particularly in the context of European and international cooperation, and will take further steps to implement its goals if necessary."
Up to now the federal government has, however, not yet reached any binding and clear position.
Cryptography and economic interests
In particular because of the dynamic development of electronic commerce, markets for encryption products today also show high rates of growth. Important application areas for cryptographic systems today include, for example (in addition to the traditional protection of confidentiality), the protection of copyright, digital signatures, and digital money. Moreover, cryptography is a technology which crosses applications and which is indispensable for the system architecture and development of complex e-commerce applications. It thus directly concerns much larger markets, e.g., telecommunications, online banking, or telemedicine.
While security standards that just a few years ago because of high costs were largely restricted to large enterprises and government entities are today also accessible for small enterprises and private households, encryption products in Germany are currently not being used in Germany to an appropriate extent. In many cases the necessary awareness of IT security is lacking, although considerable economic damages can be caused by unauthorized surveillance, manipulation, or destruction of data.
Germany crypto manufacturers have good chances to hold their own in international competition for new markets, if the necessary conditions are ensured. In view of the strategic importance of this area, many important industrial countries are taking considerable efforts to strengthen their domestic economic and technical capacity.
Cryptography and security interests
The use of cryptographic procedures is of extraordinary importance for the efficient technical prevention of crime. This applies both to ensuring the authenticity and integrity of data flows, and the protection of confidentiality.
On the other hand, such protection of confidentiality can also benefit criminals. It can thus be expected that the distribution of encryption products in criminal groups will increase as the user-friendliness of such products increases, which can present problems for criminal prosecution authorities. Surveillance measures which are legally-ordered by courts must maintain their effectiveness, even if the suspect protects the relevant information with a cryptographic procedure.
Up to now the misuse of encryption has not presented a serious problem for criminal prosecution in Germany; at the same time, this does not provide a basis for predicting the future. It is therefore necessary to pursue an active policy of evaluating the effects of technology in Germany in relation to the needs of the criminal prosecution and security authorities, in order to recognize problems that can be effectively countered (possibly by use of alternative strategies) as early as possible.
On the basis of the national discussion up to now as well as international developments, the Federal Government has decided upon the following principles of its crypto policy:
- The federal government does not intend to restrict the free availability of encryption products in Germany. It regards the use of secure encryption as a decisive precondition for protecting citizens’ data, for the development of e-commerce, and for the protection of confidential business information. The federal government will therefore actively support the spread of secure encryption in Germany. This includes in particular promotion of security awareness among citizens, private industry, and public administration.
- The federal government intends to increase user trust in the security of encryption. It will therefore take measures to create a trusted environment for secure encryption, in particular by improving accreditation of the security functions of examined products and recommending their use.
- The federal government considers the ability of German manufacturers to develop and create secure and effective encryption products indispensable for the security of the state, of the economy, and of society. It will take measures to strengthen the international competitiveness of this sector.
- Legal powers of the criminal prosecution and security authorities for the monitoring of telecommunications should not be neglected as strong encryption procedures spread. The responsible federal ministries will therefore continue to monitor developments closely and will report on them in two years’ time. In addition, the federal government will, to the extent that it can, support an improvement of the technical capabilities of the criminal prosecution and security authorities.
- The federal government greatly values international cooperation in the area of crypto policy and supports open standards developed by the market as well as interoperable systems, and will support the strengthening of multilateral and bilateral cooperation.