We list below some (but not all) of the detailed points made to the Government by respondents to its most recent consultation exercise, that are not covered in this Report.[385]

Electronic Writing

• DTI were asked to consider updating common law as well as statute and to consider implied requirements eg for a seal [R.I. Howland]
• DTI warned off extending legal equivalence of electronic writing to audio, visual material etc just yet [Herald Information Systems, British Telecommunications paragraph 7, but see Intel p3]
• it was recommend that the paper-based requirements of the Consumer Credit Act 1974 be given urgent attention [Barclays, Nationwide, APACS, Institute of Credit Management]; as should requirements of form in the Distance Selling Directive [British Telecommunications paragraph 5, NatWest p2].

Liability

• provision should be made for the liability of the licensing authority for any mistakes it makes [Real Time Club]
• Government might consider introducing a scheme similar to the Investor Compensation Scheme in financial markets to compensate users in the event of the failure of a TSP [Reuters Electronics p3]
• liability of firms for crimes committed by employees using their networks should be clarified [CommerceNet UK p12].

Licensing Regime

    —  the licensing fee should be phased in [British Chambers of Commerce]; and not prohibitively high [Protek; and see British Telecommunications paragraph 16]

• rules might be necessary to prevent the licensing authority from contracting out some of its functions to bodies which also offer cryptographic services [Herald Information Systems, Masons paragraph 18]
• procedures are desirable to cover the hand-over of keys in the event of a TSP going out of business [Protek]
• the various standards mentioned, particularly BS7799 and ISO9000, might be inappropriate standards to be applied to this market, or sub-sections of it, at the present time [Microsoft, Racal Electronics, APACS, EESWG, British Chambers of Commerce, EURIM, Reuters, FIPR pp2-3, Hewlett Packard (final submission) p9, Phillip Hallam-Baker p2]
• licences should not be granted to TSPs who have sought but not obtained accreditation under BS7799 [British Steel, Pinsent Curtis p2]; the criteria, as drafted, might allow a firm which sought but failed to achieve BS7799 to be licensed [UKAS]
• need to specify minimum ITSEC levels for software/smartcards [NatWest p4]
• would there be a requirement for a register of TSPs to be kept? [Lloyd]
• the requirement for TSPs to produce a business plan would be unnecessary, particularly as the plan would be likely to contain confidential material [Herald Information Systems, British Telecommunications paragraph 19, Demon Internet/Scottish Power Annex A1, Berwin Leighton p7, UK Notarial Forum p2]
• deadline by which notification of need to revoke certificate, or compromised private key, should be received by TSP should reflect possibility of some TSPs being based outside UK [Herald Information Systems]
• the vetting of employees might pose firms' difficulties in respect of other legal obligations [APACS, British Chambers of Commerce; and see British Telecommunications paragraph 22, Demon Internet/Scottish Power Annex A1, Hewlett Packard (main submission) p9; but Berwin Leighton p7 gave a different view]
• the position of Registration Authorities as entities separate from CAs required clarification [APACS, British Chambers of Commerce, Ev, p239 paragraph 3.3]
• the relationship between regulators — eg OFTEL and the Financial Services Authority — must be established early on [Nationwide]. The British Bankers' Association suggested that the regulator could work through existing banking regulations [p3]
• the Government should consider subsidising the entire public key infrastructure in order to add momentum to its widespread use [Ladbroke]
• directory services should be provided on paper as well as electronically [Consumer Communications for England paragraph 8]
• no proposal made for a consumer organisation to monitor the work of the licensing authority; ICSTIS might provide a role model [Consumer Communications for England paragraph 10]
• the condition relating to liability was described as a restriction on competition [Demon Internet/Scottish Power Annex A1]; although there were arguments for a condition relating to liability insurance [eg British Computer Society p4]
• it was claimed that the criteria would not be well suited to non-commercial organisations which wished to offer cryptographic services, or wished to offer the same service separately, in both a commercial and non-commercial capacity [Norman Gray, University of Glasgow].

Law enforcement

• the tipping-off offence should be extended to cover material seized under an authorisation under part III of the Police Act 1997 [NCIS]
• "the right of lawful access should be extended to regulators" [Lloyd's of London, p2]
• the Bankers Books Evidence Act 1879 could be amended to permit warranted timely access to electronic transactions to or from named bank accounts in order to better target money laundering [Charles Lindsey paragraph 2.5]
• legislation could be introduced to require manufacturers of encryption software to provide for covert law enforcement access [Greater Manchester Police]
• attention should be paid to the possibility of criminals illicitly using authentication keys for encryption and thereby escaping interception by law enforcement agencies [PriceWaterhouseCoopers]
• further details on oversight and complaints relating to the new offence were proposed [CACIB p6].

Other Matters

    —  on spam[386] some thought there was no need for legislation [Ken Brown, APACS, Reuters p3, Computing newspaper p2, UK Notarial Forum p2, Channel 4 p2, Association of Pharmaceutical Importers Section IV, British Computer Society p5, Ev, p83 paragraph 2.2] while others backed legislation of some sort [British Steel, VH Littler, de Montfort p7, Demon Internet/Scottish Power section 3]; one suggestion was for an international agreement to deal with the problem [Paul Johnson, IBM, AOL Compuserve p3, Energis paragraph 2.4]; another was that e-mail should be covered by the provisions of the EU Telecommunications Data Protection Directive [Singletons, Consumers in Europe Group, British Chambers of Commerce, ABI paragraph 3.4, Pinsent Curtis p1; and see DTI Press Notice 99/367, 30 Apr 99] or the draft directive on legal aspects of electronic commerce [PriceWaterhouseCoopers]; a further idea was that firms and consumers should opt to receive spam [Herald Information Systems, Consumers in Europe Group, David Vinograd, Hewlett Packard (main submission) p8] although an opt-out scheme was also put forward [Barclays, QMWC 4.5]; industry self-regulation was proposed by some [Real Time Club, Interforum, p3, RICS p3, UUNet paragraph 3, Amazon.co.uk p3, Cable & Wireless p3, AEB paragraphs 5.3-5.7, Berwin Leighton p3, Consumers' Association p4, British Telecommunications paragraph 8] and rejected by others [Lloyds]; means of retaliating against spam were discussed [Motorola]; there were also calls for further consultation [IMIS]

• there was support for legislation to outlaw spoofing [P. Johnson, Admiral Computing, EURIM, British Chambers of Commerce, Institute of Directors, David Vinograd; British Telecommunications paragraph 16 argued that it was already illegal], possibly by amendment to Computer Misuse Act 1990; it was argued that legislation would need to deal specifically with malicious misrepresentation of another person on-line [Herald Information Systems]
• little support was forthcoming for specific legislation on on-line intermediaries [Singletons, APACS, who described such a proposal as "wholly inappropriate", PriceWaterhouseCoopers, Real Time Club, BBA p2, NatWest p2, Vodafone paragraph 15, Association of Pharmacuetical Importers Section IV, MacRoberts p23, Notarial Forum p2, Law Society Section II.2; also see the useful list of activities in which intermediaries are engaged, by Motorola]; self-regulation or a code of practice was put forward as desirable [Admiral Computing, British Chambers of Commerce, Cable & Wireless p3]; it was argued that an obligation could be placed on intermediaries for them to promote competition on bases other than price [de Montfort p7]; the application of the Commercial Agents' Regulations to the on-line environment was raised [Berwin Leighton pp3-4]; there were calls for legislation on the liability of intermediaries [Consumers in Europe Group, QMWC]
• further ideas for legislation included on the place and time of on-line contract formation [APACS, Association of Unit Trusts and Investment Funds, R.I. Howland, Confederation of British Industry, Amazon.co.uk p3, SAP (UK) Ltd paragraph 3.1.3, Ev, p159 annex 1 paragraph 4.2.1, p259]; consumer protection issues including industry-led dispute settlement [PriceWaterhouseCoopers, EURIM; and see Royal & Sun Alliance p1, ABI p2]; incorporation of contract terms by reference [APACS, Barclays, Microsoft; for further discussion of aspects of the UNCITRAL Model Law on Electronic Commerce which could be incorporated into UK law see Masons paragraph 12, ABI paragraph 3.13, Energis paragraph 2.4, MacRoberts pp17-19, British Computer Society p5, RICS p3, Post Office paragraph 2.2, LIBA p3; and QMWC paragraph 4.3, Berwin Leighton p2, Tucker Turner Kingsley Wood and co paragraph 10]; allowing intangible information to have value, so that its theft or unauthorised possession could be penalised [EURIM]; extending section 75 of the Consumer Credit Act 1974 to cover overseas transactions [Law Society Section II.2]; banning subliminal advertising from the internet [de Montfort p6]; exempting electronic contracts from stamp duty [Justin Watts p2]; on the storage of electronic records [British Computer Society pp4, 7]; and on cookies (software that may, without an individual's consent, derive information about an individual from the websites they visit [SAP(UK)Ltd paragraph 3.2.2].

386   See detailed discussions of spam by MacRoberts pp17-22, CommerceNet UK p8, Demon Internet/Scottish Power annex 3 Back