The New Zealand government may soon have to firm up its policy on encryption.
Members of the Organisation for Economic Cooperation and Development (OECD) have put together a proposed set of guidelines on encryption policy for its members, and these are due for circulation this month.
Unlike most member nations, New Zealand has not really had an explicit policy on encryption, says Colin Jackson, of the Ministry of Commerce’s communications group. The only explicit policy is with regard to export, and this appears to exist simply to keep trading and defence partners happy. “We’ve been keeping close watch [on the OECD talks]” says Jackson. “They don’t seem to involve any great change of direction. The only thing they might require us to do is for the government to be a more explicit as to its policy.”
The country’s lassez faire policy is more by default than for any other reason, and if and when the guidelines are finalised the government would have to either pass regulations under existing statutes or, if this is not possible, pass appropriate legislation.
Jackson stresses that the guidelines would not necessarily require any policy change. That does not mean, though, there will be no change. If, as appears to be the case, legislation or regulation is required, the various government departments affected will all have input, and not all are necessarily happy with the status quo.
The current approach contrasts sharply with most other OECD countries. If countries are rated on what might be called a “paranoia” scale, New Zealand is at the low end with Japan, whose laws not only prevent the government from engaging in any wiretapping at all, but also place no key-length restrictions on encryption export.
At the top end of the scale, possibly reflecting that country’s notoriously active security services, is France, which requires government-approved key recovery and restricts imports to 40-bits. Somewhere in between is the US government, which wants to curb international use of strong encryption.
Across the Tasman, meanwhile, Telstra has had to delay introduction of a new ISDN service, OnRamp, because the government security services said they could not intercept messages sent over it. Telstra’s licence prohibits it introducing any service that the government can’t bug.