Volume 7 Issue 2

The issues relating to privacy continue to expand. Developments in information technology and the global information infrastructure have rendered the early attempts to formulate protective principles, such as the OECD Guidelines, incomplete or now partly inappropriate. One of the major new challenges for privacy protection is that of cryptography. In this essay the author draws upon experiences in other rapidly transforming areas of policy development to extract the principles which should constitute the framework within which cryptography policy guidelines should be developed. "Ten commandments" are identified: policies and resulting laws must rest upon sound scientific data; there is a need for respect for the limitations of the law in influencing behaviour; policy objectives must take account of divergences in domestic politico-legal cultures and histories; it is necessary to involve consumer groups which will be affected by the policy developments; recognition of the significant role of language and symbols in signaling the intentions of policy-makers is important; a clear understanding and articulation of the social problems which necessitate the policy measures, in order to avoid alarmism, is essential; there is a need to appreciate the context of international law within which policy development must take place, and the consequent need for strategies to be informed by the objectives of fundamental human rights norms, such as the right not to be subjected to arbitrary or unlawful interference with privacy; policymakers also need to retarget and revise policy to adapt to changes including changes in technology; the attention of governments at the highest level must be captured; it must be recognised that although such governments and their relevant agencies must maintain an active role in policy development, that role must be monitored to ensure that such agencies remain disciplined by, and accountable to, affected social groups. The author concludes that the development of cryptography guidelines must not be understood as an exercise in "balancing" the legitimate aims of law enforcement and national security on the one hand, and the protection of privacy and other human rights on the other. Rather, each of these objectives has a legitimate claim on government policy and law, but the interests of national security and law enforcement must be attained within a context of constitutionalism, the rule of law and respect for fundamental human rights