[ISN] Deadline to tackle cyber crime in UK

From: mea culpa (jerichoat_private)
Date: Sat Mar 06 1999 - 00:53:45 PST

  • Next message: mea culpa: "[ISN] Microsoft Alters Windows in Response to Privacy Concerns"

    Forwarded From: someone <userat_private>
    Friday, March 5, 1999 Published at 17:49 GMT 
    Deadline to tackle cyber crime 
    The Industry department wants comments and answers by 1 April 
    By Internet Correspondent Chris Nuttall
    The UK Government has given the IT industry until the end of the month to
    come up with a solution to criminals exploiting a boom in the use of the
    In exchange, it has dropped, for now, controversial plans to give law
    enforcement agencies easier access to the keys to unlock coded data sent
    over the Net.
    Key escrow, as it is known, is omitted from a consultation document
    published on Friday for a forthcoming Electronic Commerce Bill.
    "Real problems" for law enforcement But the Information Industry minister,
    Michael Wills, warned key escrow could still be revived if industry failed
    to come up with an alternative. 
    "The use of strong encryption by criminals and terrorists creates real
    problems for law enforcement. We are therefore working with industry to
    identify ways of meeting law enforcement requirements while also promoting
    the growth of electronic commerce," he said. 
    A task force has been set up comprised of civil servants and industry
    representatives to try to find a solution to concerns that criminals will
    increasingly take advantage of encryption to commit serious crimes.
    Caspar Bowden of the Foundation for Information Policy Research says the
    tight deadline of 1 April for the task force and for comments on the
    document is puzzling.
    "We know that the United States is making heavy investments in developing
    what is sometimes called a Net Centre - facilities for retrieving data by
    using penetration and surveillance techniques at the source or destination
    computer," he said.
    "It could be that this is the type of thing the task force has in mind. 
    Whether they're being set up to fail, only time will tell."
    Blow for law enforcement Friday's announcement was a blow for the law
    enforcement agencies. They had asked for a policy of mandatory key escrow
    but expected the government to offer at least a voluntary scheme to help
    them recover the keys to encrypted data from the licensing bodies known as
    Trusted Third Parties (TTPs). 
    Michael Wills said the Department of Trade and Industry (DTI) and the Home
    Office were united that this was the best way forward and law enforcement
    concerns were being addressed in the document. 
    It proposes to create two new offences: one of failure to comply with the
    terms of a written notice to produce specified material such as encryption
    keys, and secondly, an offence of "tipping off" an individual about the
    existence of a warrant authorised by the Secretary of State allowing
    lawful access to an encryption key.
    Decryption powers to be given to the law enforcement agencies will apply
    only where access to the encrypted information is already available under
    existing laws suchas the Police and Criminal Evidence Act and the
    Interception of Communications Act. 
    The Home Secretary, Jack Straw,said: "Encryption is already being used by
    drug traffickers, terrorists and paedophiles. We must ensure that vital
    law enforcement powers keep pace with this new technology."
    Global race for e-commerce market The government feels it is in a global
    race for the billions of pounds in business being created by an explosion
    of trading over the Internet. It estimates electronic commerce will grow
    to 350bn worldwide by 2002.
    The Trade Secretary, Stephen Byers, in a parliamentary written answer on
    Friday, said it was essential Britain was at the forefront of the dramatic
    changes in doing business and the government had crucially to build trust.
    "The Government has set the ambitious goal of developing the UK as the
    world's best environment for electronic trading by 2002," he said. 
    "I will shortly be appointing an e-envoy to push forward our strategy for
    achieving this. An important part of our strategy is the proposed
    legistation on electronic commerce, which I intend to present to
    parliament later this session."
    Industry, civil liberties groups respond Other reaction to the document: 
    Civil liberties groups: Simon Davies of Privacy International says:  "The
    consultation paper is deceptive. It purports to embrace a clear-sighted
    view of e-commerce based on the principles of trust, but it incorporates
    failed US policy"
    "The government has created the illusion that it has abandoned the escrow
    approach, but nothing in the consultation paper guarantees any commitment
    to this approach. The escrow option is left entirely open for the future."
    "Export restrictions are foreshadowed in the paper, along with strict
    controls on key confidentiality. This exercise is a sham. The consultation
    period is impossibly short, and breaches both public confidence and the
    government's own guidelines on consultation." 
    Internet industry: Russ Sellers, director of the Blueberry New Media group
    says: "Whilst we welcome the government's attempt to raise awareness and
    educate the population about the benefits of e-commerce, we believe that
    future legislation needs to lean more in favour of the merchant
    particularly in reference to credit card verification
    "The Internet is a global medium and, as a result, any development in
    encryption needs to be directed towards an international standard. We will
    be lobbying the government to prevent powers being given to the police to
    break encryption codes. We believe this to be a Big Brother move that will
    inhibit e-commerce growth in the UK." 
    Comments needed on range of issues The consultation paper seeks views on a
    number of issues:
    * establishing a voluntary licensing system for businesses who provide
    services such as electronic signatures and confidentiality in order to
    give the oublic a guarantee of high standards of quality and service.
    * setting the criteria that applicants for the licences will have to meet. 
    * obstacles in existing law which insist on the use of paper will be swept
    away wherever it makes sense to do so.
    * establishing the liability of service providers towards their customers
    and others.
    * maintaining the effectiveness of existing law enforcement powers in the
    face of increasing criminal and terrorist use of encryption and proposals
    for lawful access to encryption keys.
    * ways of meeting the needs of law enforcement agencies by existing and
    forthcoming developments in encryption and communications technologies. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:20 PDT