Forwarded From: someone <user@juno.com>
http://news.bbc.co.uk/hi/english/special_report/1999/03/99/e-conomy/newsid_290000/290964.stm
Friday, March 5, 1999 Published at 17:49 GMT
Deadline to tackle cyber crime
The Industry department wants comments and answers by 1 April
By Internet Correspondent Chris Nuttall
The UK Government has given the IT industry until the end of the month to
come up with a solution to criminals exploiting a boom in the use of the
Internet.
In exchange, it has dropped, for now, controversial plans to give law
enforcement agencies easier access to the keys to unlock coded data sent
over the Net.
Key escrow, as it is known, is omitted from a consultation document
published on Friday for a forthcoming Electronic Commerce Bill.
"Real problems" for law enforcement But the Information Industry minister,
Michael Wills, warned key escrow could still be revived if industry failed
to come up with an alternative.
"The use of strong encryption by criminals and terrorists creates real
problems for law enforcement. We are therefore working with industry to
identify ways of meeting law enforcement requirements while also promoting
the growth of electronic commerce," he said.
A task force has been set up comprised of civil servants and industry
representatives to try to find a solution to concerns that criminals will
increasingly take advantage of encryption to commit serious crimes.
Caspar Bowden of the Foundation for Information Policy Research says the
tight deadline of 1 April for the task force and for comments on the
document is puzzling.
"We know that the United States is making heavy investments in developing
what is sometimes called a Net Centre - facilities for retrieving data by
using penetration and surveillance techniques at the source or destination
computer," he said.
"It could be that this is the type of thing the task force has in mind.
Whether they're being set up to fail, only time will tell."
Blow for law enforcement Friday's announcement was a blow for the law
enforcement agencies. They had asked for a policy of mandatory key escrow
but expected the government to offer at least a voluntary scheme to help
them recover the keys to encrypted data from the licensing bodies known as
Trusted Third Parties (TTPs).
Michael Wills said the Department of Trade and Industry (DTI) and the Home
Office were united that this was the best way forward and law enforcement
concerns were being addressed in the document.
It proposes to create two new offences: one of failure to comply with the
terms of a written notice to produce specified material such as encryption
keys, and secondly, an offence of "tipping off" an individual about the
existence of a warrant authorised by the Secretary of State allowing
lawful access to an encryption key.
Decryption powers to be given to the law enforcement agencies will apply
only where access to the encrypted information is already available under
existing laws suchas the Police and Criminal Evidence Act and the
Interception of Communications Act.
The Home Secretary, Jack Straw,said: "Encryption is already being used by
drug traffickers, terrorists and paedophiles. We must ensure that vital
law enforcement powers keep pace with this new technology."
Global race for e-commerce market The government feels it is in a global
race for the billions of pounds in business being created by an explosion
of trading over the Internet. It estimates electronic commerce will grow
to £350bn worldwide by 2002.
The Trade Secretary, Stephen Byers, in a parliamentary written answer on
Friday, said it was essential Britain was at the forefront of the dramatic
changes in doing business and the government had crucially to build trust.
"The Government has set the ambitious goal of developing the UK as the
world's best environment for electronic trading by 2002," he said.
"I will shortly be appointing an e-envoy to push forward our strategy for
achieving this. An important part of our strategy is the proposed
legistation on electronic commerce, which I intend to present to
parliament later this session."
Industry, civil liberties groups respond Other reaction to the document:
Civil liberties groups: Simon Davies of Privacy International says: "The
consultation paper is deceptive. It purports to embrace a clear-sighted
view of e-commerce based on the principles of trust, but it incorporates
failed US policy"
"The government has created the illusion that it has abandoned the escrow
approach, but nothing in the consultation paper guarantees any commitment
to this approach. The escrow option is left entirely open for the future."
"Export restrictions are foreshadowed in the paper, along with strict
controls on key confidentiality. This exercise is a sham. The consultation
period is impossibly short, and breaches both public confidence and the
government's own guidelines on consultation."
Internet industry: Russ Sellers, director of the Blueberry New Media group
says: "Whilst we welcome the government's attempt to raise awareness and
educate the population about the benefits of e-commerce, we believe that
future legislation needs to lean more in favour of the merchant
particularly in reference to credit card verification
"The Internet is a global medium and, as a result, any development in
encryption needs to be directed towards an international standard. We will
be lobbying the government to prevent powers being given to the police to
break encryption codes. We believe this to be a Big Brother move that will
inhibit e-commerce growth in the UK."
Comments needed on range of issues The consultation paper seeks views on a
number of issues:
* establishing a voluntary licensing system for businesses who provide
services such as electronic signatures and confidentiality in order to
give the oublic a guarantee of high standards of quality and service.
* setting the criteria that applicants for the licences will have to meet.
* obstacles in existing law which insist on the use of paper will be swept
away wherever it makes sense to do so.
* establishing the liability of service providers towards their customers
and others.
* maintaining the effectiveness of existing law enforcement powers in the
face of increasing criminal and terrorist use of encryption and proposals
for lawful access to encryption keys.
* ways of meeting the needs of law enforcement agencies by existing and
forthcoming developments in encryption and communications technologies.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:31:03 1999