Forwarded From: someone <userat_private> http://news.bbc.co.uk/hi/english/special_report/1999/03/99/e-conomy/newsid_290000/290964.stm Friday, March 5, 1999 Published at 17:49 GMT Deadline to tackle cyber crime The Industry department wants comments and answers by 1 April By Internet Correspondent Chris Nuttall The UK Government has given the IT industry until the end of the month to come up with a solution to criminals exploiting a boom in the use of the Internet. In exchange, it has dropped, for now, controversial plans to give law enforcement agencies easier access to the keys to unlock coded data sent over the Net. Key escrow, as it is known, is omitted from a consultation document published on Friday for a forthcoming Electronic Commerce Bill. "Real problems" for law enforcement But the Information Industry minister, Michael Wills, warned key escrow could still be revived if industry failed to come up with an alternative. "The use of strong encryption by criminals and terrorists creates real problems for law enforcement. We are therefore working with industry to identify ways of meeting law enforcement requirements while also promoting the growth of electronic commerce," he said. A task force has been set up comprised of civil servants and industry representatives to try to find a solution to concerns that criminals will increasingly take advantage of encryption to commit serious crimes. Caspar Bowden of the Foundation for Information Policy Research says the tight deadline of 1 April for the task force and for comments on the document is puzzling. "We know that the United States is making heavy investments in developing what is sometimes called a Net Centre - facilities for retrieving data by using penetration and surveillance techniques at the source or destination computer," he said. "It could be that this is the type of thing the task force has in mind. Whether they're being set up to fail, only time will tell." Blow for law enforcement Friday's announcement was a blow for the law enforcement agencies. They had asked for a policy of mandatory key escrow but expected the government to offer at least a voluntary scheme to help them recover the keys to encrypted data from the licensing bodies known as Trusted Third Parties (TTPs). Michael Wills said the Department of Trade and Industry (DTI) and the Home Office were united that this was the best way forward and law enforcement concerns were being addressed in the document. It proposes to create two new offences: one of failure to comply with the terms of a written notice to produce specified material such as encryption keys, and secondly, an offence of "tipping off" an individual about the existence of a warrant authorised by the Secretary of State allowing lawful access to an encryption key. Decryption powers to be given to the law enforcement agencies will apply only where access to the encrypted information is already available under existing laws suchas the Police and Criminal Evidence Act and the Interception of Communications Act. The Home Secretary, Jack Straw,said: "Encryption is already being used by drug traffickers, terrorists and paedophiles. We must ensure that vital law enforcement powers keep pace with this new technology." Global race for e-commerce market The government feels it is in a global race for the billions of pounds in business being created by an explosion of trading over the Internet. It estimates electronic commerce will grow to £350bn worldwide by 2002. The Trade Secretary, Stephen Byers, in a parliamentary written answer on Friday, said it was essential Britain was at the forefront of the dramatic changes in doing business and the government had crucially to build trust. "The Government has set the ambitious goal of developing the UK as the world's best environment for electronic trading by 2002," he said. "I will shortly be appointing an e-envoy to push forward our strategy for achieving this. An important part of our strategy is the proposed legistation on electronic commerce, which I intend to present to parliament later this session." Industry, civil liberties groups respond Other reaction to the document: Civil liberties groups: Simon Davies of Privacy International says: "The consultation paper is deceptive. It purports to embrace a clear-sighted view of e-commerce based on the principles of trust, but it incorporates failed US policy" "The government has created the illusion that it has abandoned the escrow approach, but nothing in the consultation paper guarantees any commitment to this approach. The escrow option is left entirely open for the future." "Export restrictions are foreshadowed in the paper, along with strict controls on key confidentiality. This exercise is a sham. The consultation period is impossibly short, and breaches both public confidence and the government's own guidelines on consultation." Internet industry: Russ Sellers, director of the Blueberry New Media group says: "Whilst we welcome the government's attempt to raise awareness and educate the population about the benefits of e-commerce, we believe that future legislation needs to lean more in favour of the merchant particularly in reference to credit card verification "The Internet is a global medium and, as a result, any development in encryption needs to be directed towards an international standard. We will be lobbying the government to prevent powers being given to the police to break encryption codes. We believe this to be a Big Brother move that will inhibit e-commerce growth in the UK." Comments needed on range of issues The consultation paper seeks views on a number of issues: * establishing a voluntary licensing system for businesses who provide services such as electronic signatures and confidentiality in order to give the oublic a guarantee of high standards of quality and service. * setting the criteria that applicants for the licences will have to meet. * obstacles in existing law which insist on the use of paper will be swept away wherever it makes sense to do so. * establishing the liability of service providers towards their customers and others. * maintaining the effectiveness of existing law enforcement powers in the face of increasing criminal and terrorist use of encryption and proposals for lawful access to encryption keys. * ways of meeting the needs of law enforcement agencies by existing and forthcoming developments in encryption and communications technologies. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:20 PDT