38
business security systems and risk assessments and risk management can
be judged.
5.3.4
Cryptography is an important component of secure information and
communications systems and is an effective tool for ensuring both the
confidentiality and the integrity of data. However, the widespread use of
cryptography can raise several concerns. While cryptography has many
legitimate and necessary uses and its use is promoted by privacy
advocates, it can also facilitate illegal activity and affect public safety
and national security. Governments, including the Government of
Botswana, therefore face a challenge in balancing the various interests in
developing policies and legislation to deal with the use and promotion of
cryptography.
5.3.5
The OECD has set out Guidelines for Cryptology Policy33 that are
intended to promote the use of cryptology and foster confidence in
information and communications infrastructures, networks, and systems.
At the same time, there is no intention that cryptography will unduly
jeopardise public safety and law enforcement. The balancing of interests
is recognised through such principles as the right to secrecy of
communications (Principle 5) while noting that national cryptography
policies may allow for lawful access to plaintext, or cryptographic keys,
of encrypted data (Principle 6). In addition, governments should
cooperate to coordinate cryptography policies and avoid creating
barriers to trade in the name of cryptography policy (Principle 8). Users
should have a choice of cryptographic methods, which should be
developed in response to market needs. The liability of individuals or
entities that offer cryptographic services or hold or access cryptographic
keys should be clearly stated.
5.3.6
Partly in response to the OECD work and the EC initiatives and partly in
response to the development of a mature global electronic environment,
a number of countries are developing policies and legislation dealing
with cryptography and on-line privacy.34 A fully developed policy
environment for Maitlamo should deal with the issue and provide
appropriate policy guidance. Cryptography issues that specifically relate
to digital signatures will be discussed, below.
33
www.usdoj.gov/criminal/cybercrime/oeguide.htm. Adopted by the Council of the OECD on
27 March 1997. See also, OECD Guidelines for Cryptography Policy: Report on Background
and Issues of Cryptography Policy; www.usdoj.gov/criminal/cybercrime/oeback.htm.
34
For example, Canadian Task Force on Electronic Commerce, A Cryptography Policy
Framework for Electronic Commerce: Building Canada’s Information Economy and Society;