United Kingdom Parliament
HOME
ABOUT
MEMBERS & STAFF
BUSINESS
PUBLICATIONS
A-Z INDEX
GLOSSARY
CONTACT
Publications & records
Advanced search
 HansardArchivesResearchHOC PublicationsHOL PublicationsCommittees
You are here: Publications and Records > Commons Publications > Select Committees > Trade and Industry > Trade and Industry
Select Committee on Trade and Industry Seventh Report

  SUMMARY OF CONCLUSIONS AND RECOMMENDATIONS

Cryptography Policy - General Principles

    (a)  The Government's proposals to facilitate trust in electronic commerce must not interfere with existing, and often long-standing, electronic commerce relationships (paragraph 7).

    (b)  The Government's proposals are tied, perhaps unduly, to the creation of a regulatory regime based on one particular technology — public-key cryptography — and a specific market model, which, although they could be considered attractive at present, may not be optimal bases for electronic commerce carried out over the internet in the future (paragraph 8).

    (c)  In order to help the UK become the best environment in which to trade electronically by 2002, the Government should keep a close eye on international electronic commerce policy developments and adopt best practice from elsewhere when appropriate (paragraph 25).

Cryptography Policy — The Government's Proposals

    (d)  Notwithstanding legitimate reasons for delay, we are concerned at the time it has taken the present Government to establish and implement a cryptography policy. It is our perception that inadequate political control has been exercised over the development and determination of cryptography policy. The policy agenda has been allowed to drift for too long. It is imperative that Ministers take a firm grip of the issues from now on (paragraph 34).

    (e)  We believe it is essential that every measure included in the forthcoming Electronic Commerce Bill is designed to facilitate rather than restrict electronic commerce and that this should be the criterion by which Parliament judges the Bill (paragraph 36).

    (f)  While, we accept the Government's judgement that legislation should not be delayed still further solely to allow for a standard consultation period, especially as the issues on which DTI sought views were so familiar to likely respondents, the time constraints cited by DTI have been entirely of their own making (paragraph 37).

    (g)  Although the forthcoming Electronic Commerce Bill is not likely to be a source of party political controversy it is a vital measure for UK competitiveness and law enforcement. It requires full and rigorous parliamentary scrutiny (paragraph 113).

    (h)  We recommend that DTI publish a full analysis of responses received to its recent consultation document, including a list of those who responded to the document, at the same time as the Electronic Commerce Bill is published (paragraph 114).

    (i)  We recommend that draft regulations arising from the Electronic Commerce Bill be given full public scrutiny before they become law (paragraph 115).

Electronic Signatures

    (j)  We consider it a potentially serious omission that DTI has not indicated how its proposals for electronic signatures would affect Scottish law and we recommend that they quickly do so (paragraph 40).

    (k)  Although electronic signatures are not currently without legal standing, legislation to clarify their status would command widespread support (paragraph 41).

    (l)  One objection to the Government's proposals for the recognition of electronic signatures is that they are better suited to a civil law jurisdiction, than to the English common law tradition (paragraph 44). A second objection to the proposal that some electronic signatures will carry a rebuttable presumption of validity is that this would reverse the burden of proof in contractual disputes, potentially undermining confidence in electronic commerce if means of forging electronic signatures are developed (paragraph 46).

    (m)  We recommend that the Government lay before Parliament the justification for such a radical change to the way signatures are considered by English law and explain in greater detail than hitherto whether or not the EU Electronic Signatures Directive genuinely necessitates such a change to be made (paragraph 51).

Electronic Writing

    (n)  The outdated definitions of words such as "writing" and "signature" in law are potentially significant barriers to the development of electronic commerce in this country. DTI seems not to appreciate the need for swift legislative action in this area and would appear to have made limited progress since 1997. We favour the Government taking powers in the forthcoming Electronic Commerce Bill for secondary legislation to update definitions of words in law to take account of new information and communication technologies and drawing on the approach of the Australian draft Electronic Transactions Bill 1999. We recommend that the Government quickly publish an analysis of legal changes required, both in relation to English and Scots law and identify those transactions and official proceedings which it believes should not be allowed to be conducted electronically (paragraph 58).

Licensing of Trusted Service Providers

    (o)  We acknowledge the need for some form of accreditation scheme relating to TSPs to persuade firms and individuals "standing on the edge of the e-commerce lake wondering whether it is really safe to dive in" that electronic commerce is as safe and reliable as traditional forms of commerce (paragraph 64).

    (p)  We recommend that the Government sponsor a voluntary accreditation scheme for TSPs which is based on the needs of users and service providers but which is not grounded in legislation. We think it prudent that the Government take powers to establish a statutorily-backed scheme but recommend that these powers are held in reserve unused unless and until it is demonstrated that a voluntary scheme fails to protect the interests of all consumers and service providers (paragraph 65).

    (q)  We see no reason why existing means of distinguishing licensed or accredited services from unlicensed or non-accredited services cannot be applied successfully to TSPs (paragraph 66).

    (r)  There is a danger that TSPs and their customers will be confused by the multi-layered design of the proposed statutory licensing regime. We would welcome early clarification by DTI and OFTEL of how the proposed licensing regime will work in practice, were it to be introduced (paragraph 67). We recommend that, if DTI intends to establish a statutory licensing scheme, it spell out which licensing functions it would be prepared to delegate to an industry body in future and which it would prefer a public sector body to perform; and that it set out the criteria an industry body must meet in order for it to be considered as the licensing authority for TSPs (paragraph 70).

    (s)  A comparison of the 1997 and 1999 DTI consultation documents would suggest that little effort has been devoted over the last two years to considering the detailed licensing criteria to be applied to TSPs, or the effect of such criteria on the market. The licensing criteria for TSPs recently set out by DTI are not fit to be written into law. Unless they are improved, then the licensing system will be a damaging and embarrassing failure. We invite the Government to inform Parliament how it intends to work with electronic commerce providers and users to design more suitable criteria (paragraph 73).

Liability

    (t)  We recommend that the Government exercise caution before implementing a statutory liability regime in this nascent market. We suggest that, until the market develops further, the most useful requirement might be for TSPs to set out in full their liability provisions, including relevant limits, both to users and third parties, including how liabilities can be met, to assist consumer choice of TSP and swift redress when problems are encountered (paragraph 79).

Law Enforcement

    (u)  We are persuaded that encryption will increasingly be a source of advantage to criminals with which law enforcement agencies are, at present, inadequately prepared to deal (paragraph 80).

    (v)  We suggest that those organisations involved in electronic commerce will be much more willing to help the law enforcement agencies if there are reliable means to assess the extent of the problems posed by encryption, and that there would be advantage in Parliament having a fuller picture of the perceived threat (paragraph 81).

    (w)  We see merit in NCIS being notified whenever a local law enforcement agency encounters encryption during the course of a criminal investigation. We also recommend that the Government consider the establishment of a law enforcement resource unit for dealing with computer crime, including encryption. (Paragraph 110).

Key Escrow

    (x)  By dropping key escrow as a licensing condition for TSPs, the DTI's third attempt to formulate an acceptable cryptography policy is a marked improvement on its predecessors. We are disappointed, however, that the Government should still hold a candle for key escrow and key recovery. We can foresee no benefits arising from Government promotion of key escrow or key recovery technologies (paragraph 90).

    (y)  If the Government consider it necessary in future to introduce key escrow, key recovery or a related requirement on TSPs then we recommend that they do so only after stating precisely the reasons why such a change would be necessary as part of a full public consultation exercise. Powers should not be taken in the forthcoming Bill to permit the introduction of key escrow or related requirements at a later date (paragraph 107).

The New Power

    (z)  We think that the proposed new power to require decrypted data or private encryption keys to be provided when appropriately authorised will be a useful addition to the armoury of the law enforcement agencies. We recommend that the Government quickly clarify the situations in which it thinks this power will be likely to prove most helpful. In particular, Parliament should be given an indication of the criteria which will be used to decide against whom written notices for the provision of information will be served and whether it is proposed that the request should be for a private key or decrypted data (paragraph 98).

Interception of Communications

    (aa)  It is entirely unacceptable that the Government should announce a major review of the Interception of Communications Act 1985 and then fail to publish any further details of the review for over eight months, especially when the consultation exercise on building confidence in electronic commerce explicitly refers to the Act and the review. We recommend that the Government set out the options for change to the interceptions regime, and how they relate to the forthcoming Electronic Commerce Bill, before the Bill is debated by Parliament (paragraph 101).

Enfopol

    (bb)  We recommend that the Government give authoritative clarification of the status of the Enfopol proposals and their potential implications for relevant UK service providers (paragraph 102).

Partnership Approach

    (cc)  If, after three years of considering its policy on cryptography, the Government should announce the need for a partnership with industry, then that would suggest failure in the past to create such a partnership. We consider that the fault for failing to create such a partnership lies not with industry, which would appear to have been ready and willing to help, but with Government. Although DTI has been willing to listen to what industry and others have had to say about cryptography, we have gained the impression that they have not, until recently, taken much notice of what has been said to them. From now on, we expect the Government to work with all interested parties to devise a cryptography policy which is best for the UK as a whole, rather than one which is geared towards satisfying law enforcement concerns at the expense of Britain's economic competitiveness (paragraph 105).

    (dd)  We recommend that the Government keep Parliament informed of the remit and membership of the Cabinet Office task force dealing with law enforcement aspects of electronic commerce and of any body established in its place (paragraph 106).

  

    (ee)  We suggest that the experience of the relationship between ISPs and the law enforcement agencies underlines the need for openness and transparency in the new partnership between industry and Government on law enforcement aspects of encryption, so as to avoid confidence in electronic commerce being undermined (paragraph 108).

Export Controls

    (ff)  We recommend that the Government consider the case for a review of the rationale for the continuation of export controls on cryptographic products, in the light of their widespread availability, and the procedures by which such controls are implemented (paragraph 112).

Conclusion

    (gg)  Until recently, the Government intended to use legislation to control cryptography rather than to encourage the development of electronic commerce (paragraph 116). Now that key escrow has been dropped by the Government, the rationale for an electronic commerce bill is open to question. We recommend that the Government think twice about the content of its forthcoming Electronic Commerce Bill and only include in the Bill measures which will promote electronic commerce, rather than measures discarded from the previous key escrow policy which are concerned with controlling, not facilitating, electronic commerce (paragraph 117).

 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries
© Parliamentary copyright 1999
Prepared 18 May 1999