[Home] [Databases] [WorldLII] [Search] [Feedback] New Zealand Law Commission

[Database Search] [Name Search] [Previous] [Next] [Download] [Help]

• Export Of Encryption Products

10 Security and encryption

156 CRYPTOGRAPHY IS THE SCIENCE of transforming data into an unreadable form, in order to keep it secure when it is being transmitted or stored. Cryptography can also be used

• to prevent data from being modified; or
• to prevent data from being used without authority.

It can also authenticate or confirm the origin of an electronically generated message. Cryptography is an essential element of the public key framework used for digital signatures. We discussed encryption in ECom 1 in the context of digital signature technology.²⁵⁴

157 In the context of electronic commerce, cryptography can be a valuable tool for ensuring that business communications are kept confidential and secure. Once data is encrypted its contents can only be read by persons who have access to the secret key necessary to decrypt it. Thus, the need for sensitive commercial communications to be kept confidential and the desire to keep personal information secure can be met through the use of cryptography.

158 An issue arises as to the right of law enforcement and intelligence and security agencies to gain access to the key or code required to decrypt messages. This issue is of no little complexity as it raises the fundamental questions about the balance to be struck between rights of privacy and business confidentiality (on the one hand) and the public interest in investigating and detecting crime and threats to national security (on the other hand).²⁵⁵

159 Since our first report was published, the Government has established an interdepartmental National Cryptography Policy Committee to make recommendations for consideration by Government. The Committee is taking into account the OECD Guidelines for Cryptography Policy,²⁵⁶ which establish a broad framework, to be reviewed every five years, and which are based on principles of trust, choice, private sector leadership, industry standards, privacy, lawful access, accountability and international cooperation.

160 We are advised that the National Cryptography Policy Committee may recommend that New Zealand take an approach consistent with that of our major trading partners. The National Cryptography Policy Committee plans to publish a consultation document following initial consideration of issues by Cabinet. Public submissions will be sought.

161 The National Cryptography Policy Committee may make recommendations to Government on whether, and if so in what circumstances, law enforcement and intelligence and security agencies should be able to obtain the key required to decrypt private messages, once it has obtained submissions from the public in response to the policy document it proposes to publish. We note that the difficulty in compelling a person to disclose the means of decryption, or the plain text of the document itself, will need to be given considerable thought; as will the question of an appropriate sanction in the event that disclosure is not made. In that regard, the disclosure of something held in one’s head is somewhat different in kind to the provision of DNA samples under the Criminal Investigations (Blood Samples) Act 1995.²⁵⁷ Ultimately, any view formed on this issue will need to recognise that a private key may be held in the memory of a human being, rather than located in an electronic or paper based record.

EXPORT OF ENCRYPTION PRODUCTS

162 While the manufacture, use and import of strong encryption is not regulated in New Zealand, there are some controls over the export of these products. These reflect New Zealand’s obligations under the Wassenaar Arrangement, which is an agreement between 33 countries²⁵⁸ setting guidelines for the cross-border flow of dual purpose goods and technologies of strategic significance.²⁵⁹ The relevant cryptography portion of the Arrangement is valid until December 2000 and is contained in Category 5 Part 2. The availability of strong encryption in this country is arguably enhanced by our belonging to the Arrangement, as other exporting countries will be more likely to trust New Zealand importers as end-users.²⁶⁰

163 Part IV of the Second Schedule to the Customs Export Prohibition Order 1996 provides that certain conventional weapons, and other goods with dual applications including military use, are not to be exported from New Zealand. A list of these exports can be obtained from the Ministry of Foreign Affairs and Trade (MFAT). Currently anyone wanting to export strong encryption software must apply for a licence for each export from MFAT. While these licences are normally granted within 48 hours of application,²⁶¹ this policy has been criticised for being cumbersome and stifling commercial dealings in this area.²⁶²

164 We make no specific comments on this issue as the National Cryptography Policy Committee will refer to the question of export of encryption products in its public discussion paper. Submissions can be made to the Chairman, National Cryptography Policy Committee, Domestic and External Security Secretariat, Department of Prime Minister and Cabinet, Executive Wing, Parliament Buildings, Wellington.