EUROBIT - ITI - JEIDA                 GII Tripartite Preparatory Meeting in Brussels                           on January 26/27, 1995                       GLOBAL INFORMATION INFRASTRUCTURE                                       (GII)           EUROBIT,  ITI and JEIDA present this document to assist prepa-           ration of the G-7 summit on the Global Information Society.           The  three associations recommend that for the GII to be  suc-           cessfully developed, governments and the private sector should           work  together and follow the recommendations in the following           six areas:           -    Interoperability           -    Privacy and Trust in an Information Society           -    Intellectual Property Rights           -    Universal Access           -    Access to R&D and New Applications           -    Market Access           Brussels, 27 January 1995           European Association of Manufacturers of Business Machines and           Information Technology Industry (EUROBIT)           Information Technology Industry Council (ITI)           Japan Electronic Industry Development Association (JEIDA)           INTRODUCTION           The creation of a Global Information Infrastructure (GII) will           transform   our  world  into  a  Global  Information  Society.           Throughout  Europe,  Japan,  the  United States and the  other           areas of the world, including the developing countries, as the           GII continues to evolve there will be increased jobs,  produc-           tivity and competitiveness.  As information technology becomes           ever  more widely available and accessible,  a better standard           of living will be realized.           The  information  technology (IT) industry believes  that  the           private  sector - the providers of the information  technology           products and services - will drive the development of the GII.           The  IT  industry  also believes that governments  around  the           world can most effectively advance this development by primar-           ily  working toward increasing access to markets for  critical           GII products and services.           The IT industry fully supports GII policies that adhere to the           following principles: private sector leadership driven by com-           petition;  global interoperability; privacy and data security;           achievable international access;  intellectual property rights           protection; international cooperation in research and develop-           ment  (R&D) and in new applications and open access to govern-           ment-funded  R&D  programs;  removal of barriers to trade  and           investment;  and  support for GII projects in developing coun-           tries.           Global policies guided by these principles will stimulate com-           petition and investment, and ultimately provide a wide variety           of  products  and services to users of the information  infra-           structure world-wide.           The  Global  Information Infrastructure (GII) is more  than  a           complex  network of networks,  connecting national information           infrastructure  and other regional and international networks;           it is a structure integrating six elements:           *    the  communications infrastructure (telephone,  cable and                wireless systems, etc.;           *    the  computers  and appliances that process  information,                and allow people to physically interface with it;           *    the  software and applications that enable people to  use                information;           *    content  or  information  (whether  audio,  video,  text,                images);           *    the people and companies who develop,  manufacture,  sell                and service the networks; and           *    the  people  and organizations who will make use  of  the                GII.           Because  the  GII  will encompass more  than  the  traditional           telecommunications  (or transport) element of the  infrastruc-           ture,  the  public policy agenda will be much broader than the           traditional telecommunications agenda that governments histor-           ically have pursued. New issues of trade, investment and tech-           nology for the computer, software and semiconductor industries           must be addressed.           The private sector and the competitive marketplace must be the           driving  force for the implementation for  GII.  Additionally,           governments  should  encourage the use of the GII through  the           adoption  of legislative and procedural requirements appropri-           ate  to the age of the information society.  Support should be           given for GII in developing countries.           The  critical  public policy _object_ive of fostering  an  open,           competitive marketplace at all levels (national,  regional and           international)  is  the conditio sine qua non of its  success.           Above  all else,  what governments can do to advance GII is to           work toward increasing open access to all global markets.           The  IT industry believes that this _object_ive can be met,  and           the GII successfully developed, if governments and the private           sector  adhere  to  the recommendations on the  following  six           major issues:           1.   Interoperability           2.   Privacy and trust in an information society           3.   Intellectual property rights           4.   Universal access           5.   Access to R&D and new applications           6.   Market access           The  IT industry is prepared to lead the private sector inter-           national  efforts  and work with public policy  makers  within           their  respective member countries to further these principles           and goals in a timely and efficient manner. ........           2.   PRIVACY AND TRUST IN AN INFORMATION SOCIETY           The  extraordinary benefits of the information revolution will           not  be fully realised unless there are well-enforced rules on           privacy and a basis of trust for business relationships.           Without  well-enforced privacy rules,  the Information Society           could  be  perceived as threatening and intrusive,  denying  a           basic  human requirement.  Business must also have  confidence           that its commercial assets and communications cannot be unrea-           sonably threatened or compromised.           For  the Global Information Infrastructure to develop success-           fully  while providing privacy and trust,  we urge  government           action in four areas:           *    Protection of personal data           *    Enabling of electronic commerce           *    Trustworthiness and effectiveness of security countermea-                sures           *    Availability of cryptographic technology           2.1  Protection of personal data           Information technology,  networking,  and the proliferation of           computers have encouraged the extensive gathering and dissemi-           nation of information, including personal information, through           sophisticated data collection techniques,  corporate outsourc-           ing  of data processing,  and the establishment of information           service providers and clearing-houses.           In the mid-1970's, lawmakers in some countries recognized that           information  technology could lead to invasions of privacy and           that this should not be regarded as simply a national concern.           They  realized  that the economic and social  relationship  of           many countries were closer than before, and that the emergence           of a global market led to an increased movement of information           across  borders.  Since  information  is often of  a  personal           nature,  and _base_d on the premise that the needs of the market           should not undermine the legal protection of citizens,  it was           deemed  necessary to regulate the use of personal data through           domestic legislation and the adoption of voluntary codes _base_d           upon  guidelines  prepared  by the Organization  for  Economic           Cooperation  and Development (OECD).  The data protection laws           of  some  countries prohibit or restrict the  transmission  of           personal information to other countries.           Provided  the  necessary  safeguards are  in  place,  however,           restrictions  in  the name of privacy must not be  allowed  to           prevent  legitimate  business to be  conducted  electronically           domestically or across borders.           Because  of  the global nature of the information  infrastruc-           ture, the problem is clearly world-wide. Since different coun-           tries have taken different approaches,  there is a strong need           for harmonisation.           The  OECD  guidelines governing the protection of privacy  and           transborder  flows  of  personal data have  wide  support  and           should form the basis for such harmonisation.           2.2  Enabling of electronic commerce           The  Global  Information Infrastructure will have  many  uses,           including electronic commerce, electronic government, distance           learning  and healthcare networks.  All require an environment           of  privacy and trust.  To enable electronic commerce _base_d on           privacy and trust, certain legal issues need to be addressed.           Businesses  are increasingly using electronic messaging,  net-           worked computers, and information systems for conducting busi-           ness that was once transacted solely on paper or by telephone.           Electronic  commerce is rapid and accurate and can reduce  the           cost  of  doing business.  Electronic mail  and   standardized           electronic  business forms are transforming the way that busi-           ness  is transacted,  and causing firms to restructure  opera-           tions.           In the Global Information Infrastructure, data and information           will flow freely among international trading partners as elec-           tronic  commerce  displaces the traditional forms of  business           transaction.           While  electronic  computer messaging technology  allows  many           business  transactions  to be handled in a paperless  fashion,           the  law  of contract and commerce is still _base_d on  a  paper           system  paradigm.  As a result,  businesses confront new legal           issues  as  they implement electronic trading  systems.  Among           these  are questions regarding contract writing  requirements,           legally binding signatures, and the use of electronic communi-           cations as evidence of a contract.           For  the Global Information Infrastructure to be used for com-           mercial  purposes,  electronic  transactions must be   legally           recognized as valid.  The requirements that must be dealt with           are:           *    Proof of the identity of the originator of a transaction;           *    Proof  of  the right of the originator to commit  to  the                transaction;           *    Proof  that the transaction content is received as  sent,                and has been received by the intended addressee;           *    Resolution  of  disputes between trading  partners,  when                necessary;           *    Assurance that the transaction is well-formed and           *    Prevention  of disclosure of the transaction to  unautho-                rized persons.           2.3  Trustworthiness and effectiveness of security                countermeasures           Network  users  all over the world will  increasingly  require           appropriate security measures especially in order to trust the           future GII environment.           In  order  to  combat  the problems of  hackers  and  computer           viruses, international efforts should be made for establishing           _frame_work of information exchange and co-ordinated measures.           2.4  Availability of cryptographic technology           We want governments to recognise that their explicit   support           for  the Global Information Infrastructure necessarily entails           implicit  support for the general use of  cryptographic  tech-           nology.  Without  pervasive cryptographic technology there can           be  no basis for privacy or trust,   and the main benefits  of           the  new  industrial  revolution cannot be  realised.  If  the           Information Society is to develop,  public policy must reflect           the fact that this technology  will be used everywhere.  Cryp-           tography is essential both to the confidentiality of  informa-           tion  and to information integrity,  including  proof of  cor-           rectness and electronic signatures.           The  issue for governments is that modern encryption  technol-           ogy  is effectively uncrackable.  There is a genuine need  for           law  enforcement agencies,  legally and under  warrant,  to be           able  to intercept communications.  Defence intelligence  also           depends on an ability to read enemy  signals.  If interception           yields  only incomprehensible encrypted data,  there is a real           impact  on governments'  ability to fight crime and to  defend           citizens.   For  that  reason,  national  governments  subject           encryption technology to strict controls. Most nations control           export  of such technology.  Some countries control import and           use   as well.  We are concerned that,  far from the  controls           being relaxed,  current trends are towards tightening them up.           If  that is the case,  then the new industrial revolution will           not  deliver its promised benefits.  While some  cryptographic           tools  are  readily available to virtually any  individual  or           enterprise that wants them,  legal restrictions on the export,           import  and  use  of such tools will  impact  only  lawabiding           users.           We  do of course recognise the legitimate needs of    national           authorities  to  enforce the rule of law,  and  to    maintain           national  security,  but individuals and businesses have needs           too - the need for privacy, and the need to operate on a basis           of  trust  - and unless those  needs are met  the  Information           Society may not happen.           We  believe that cryptographic mechanisms for use by    public           services  (for  purposes  other than defence  and  diplomacy),           individuals,  small and medium-sized enterprises and multi-na-           tional corporations must:           *    Be  _base_d  on the needs of users and providers as  deter-                mined by the open market;           *    Provide  a level of privacy and trust sufficient to  pro-                tect unclassified information;           *    Be  published and unclassified,  so that their effective-                ness can be open to public scrutiny; and           *    If patented,  be available under fair and reasonable con-                ditions on a non-discriminatory basis.           2.5  Recommendations           Regarding the protection of personal data:           *    that the OECD guidelines governing the protection of pri-                vacy  and transborder flows of personal data be used as a                common  world-wide basis for private and government codes                of  conduct  on  personal data protection in  the  Global                Information Infrastructure.           Regarding the enabling of electronic commerce:           *    that world-wide agreement be reached on the legal aspects                of  electronic  transactions  in the  Global  Information                Infrastructure,  and  on the use of electronic signatures                for the resolution of disputes.           Regarding  the  trustworthiness and security  countermeasures,           that  suppliers and users,  including governments,  must agree           on:           *    Cost-effective  methods for establishing the trust-  wor-                thiness  of products and systems and the effectiveness of                security countermeasures;           *    Security  guidelines  for  the design  and  operation  of                secure systems; and           *    The  establishment  of  a global  system  of  information                exchange about security problems and countermeasures.           Regarding the availability of cryptographic technology:           *    That  governments,  industry and users must agree on  the                cryptographic  techniques to be used in the Global Infor-                mation  Infrastructure  and on a procedure for  verifying                that products conform to the techniques so agreed;           *    That  the  agreed techniques and the agreed  verification                procedures must be made public;           *    That  the agreed techniques must be _base_d on private sec-                tor led, voluntary consensus international standards;           *    That  products implementing the agreed techniques  should                not  be subject to import controls,  restrictions on  use                within the law, or restrictive licensing;           *    That  products implementing the agreed techniques  should                be  exportable to all countries,  except those which  are                subject to UN embargo; and           *    That  users  and suppliers of products  implementing  the                agreed  techniques  should be free to make technical  and                economic choices about modes of implementation and opera-                tion,  including a choice between implementation in hard-                ware or software where relevant. ...........