Task Forces

Task Force on Security and Authentication

Co-Chair - Christiaan van der Valk (Trustweaver, Sweden)
Co-Chair - Jacques Beglinger (Beglinger legal office, Switzerland)

This task force aims to articulate business interests in international and regional policy initiatives related to security and authentication.

Goals / objectives:

• Improve network and information security in businesses and for other users by raising awareness and providing practical tools to assist in making security a higher priority for all users;

• Ensure legislation and policy related to information security, electronic signatures and authentication is properly informed with the necessary information to understand evolving and relevant technologies, business processes and business needs, and support increased use of these technologies.

ICC framework for consultation and drafting of Information Compliance obligations
ICC policy statement (.pdf - 6 pages)
June 2006

This task force has worked jointly with the Business and Industry Advisory Committee (BIAC) of the OECD to produce a detailed business companion to the OECD Guidelines for the Security of Information Systems and Networks.

Information security assurance for executives: An international business companion to the 2002 OECD Guidelines for the security of networks and information systems, (.pdf - 40 pages)

The task force is also finalizing an Information Security Toolkit aimed at improving awareness and raising the priority of information security amongst smaller companies and companies in developing countries.

In addition, it has provided practical tools for business users worldwide such as the GUIDEC (General Usage for International Digitally Ensured Commerce) which provides guidelines for ensuring trustworthy digital transactions over the Internet and describes how parties should use digital signatures.

GUIDEC

Trust in open electronic commerce requires a common understanding of mechanisms that are used to guarantee identities and authenticate transactions over electronic networks. The General Usage for International Digitally Ensured Commerce was therefore chosen as the first ECP project, setting out harmonized definitions and rules for the use of electronic authentication techniques. The GUIDEC was posted on the ICC website in November 1997 and was widely referred to as among the first truly global pieces of business self-regulation for electronic commerce. Ira Magaziner, then still special advisor on Internet to the US President, praised the GUIDEC as providing guidance in a market where different definitions among jurisdictions threatened to undermine the utility of digital signatures in cross-border trade.

GUIDEC II

The GeneralUsage for International Digitally Ensured Commerce (version II) was published in October 2001.

The GUIDEC II is intended to provide the context and policy underpinnings of the GUIDEC, with the objective of promoting the world business community's understanding of the issuesrelating to the use of techniques in electronic commerce. The first edition of the GUIDEC aimed to balance different legal traditions and cover both the civil and common-law treatment of the subject, as well as pertinent international principles. By doing so, it presented both business and governments with a comprehensive statement of best practices for a global infrastructure. This second version builds on the foundation created by the previous document, and expands areas of direct relevance to the business community. It includes the potential of additional technologies such as biometrics in establishing trustworthy digital transactions as well as taking cognizance of policy developments such as the United Nations Commission on International Trade Law (UNCITRAL) model laws and the European Union Directives.

The principle objective of the GUIDEC II is to establish a general framework for the authentication of digital messages, based upon existing law and practice in different legal systems. In so doing, the GUIDEC II provides a detailed explanation of principles, particularly as they relate to information system security issues, public key cryptographic techniques and emerging biometric capabilities. It also provides succinct standard practices or recommendations relating to secure authentication and processing of digital information.

Back to EBITT Commission page

For more information please contact:

Ayesha Hassan, Senior Policy Manager
Executive in charge of Information and Communication Technologies (ICT) Policy
Tel: +33 1 49 53 30 13
Fax: +33 1 49 53 28 59
Email: Click here to send an email

Elizabeth Thomas-Raynaud
Tel: +33 1 49 53 28 07
Fax: +33 1 49 53 28 59
Email: Click here to send an email

* * * * *