PART I

Fees

  1.   In relation to Clause 2(7) and the comments on page 34 of the Explanatory Notes about the financial effects of the Bill, it would be useful for the Committee to receive the Government's estimate of the cost of running the statutory approval scheme, if it were brought into force, and the level of fees required to cover that cost; and to be informed of any discussions between the Government and the Alliance for Electronic Business about the fees which might be charged in relation to an industry-led approvals regime.

  As explained in the draft Regulatory Impact Assessment, it is not yet possible to quantify the costs of the statutory approvals scheme as the standards which would need to be met to gain approved status have not yet been specified. The scheme is intended to be self-financing, so fees would be set to cover the cost of determining whether an applicant met the required standard and ongoing costs. The fees will also depend on the overall size of the market, the proportion of it falling under the approvals scheme; the exact services an applicant wanted to carry out and the exact nature of their current business. All of these are unknown at present. The voluntary nature of the scheme means that companies would only apply for approved status if they estimated the business benefits as exceeding the costs of approval. The scheme's voluntary nature provides a strong incentive to minimise costs.

  Similar considerations apply to the industry-led approvals scheme which is intended to be run on a non-profit making basis.

  We hope to be able to provide further information on costs during the passage of the Bill.

Scope

  2.   It would be helpful for the Committee to receive clarification of Clause 6(2) and in particular, whether it is the Government's intention for providers of cryptographic products embedded in other forms of software—for instance web browsers—to be exempted from involvement with the proposed approvals scheme.

  Clause 6(2) makes it clear that the scheme would apply to cryptography services, rather than cryptography products (whether hardware or software). Thus the scheme would apply to a company offering to certify electronic signatures. Such a company might offer cryptography products as part of such a service, and the company could apply to have the service approved whether or not it did so. The scheme would not apply to a compnay which only offered cryptography products. The question of "exemption" from the scheme does not apply as the scheme would be voluntary so it would ultimately be for the service provider to decide whether or not to apply.

Regime

  3.   What criteria will be used to determine whether or not industry has failed to work out a suitable model for self regulation of cryptography service providers consistent with the Government's e-commerce and law enforcement interests, beyond those set out in paragraph 28 of the Government's Reply?

  In publishing the Command Paper Promoting Electronic Commerce the then Parliamentary Under Secretary of State (Mr Michael Wills MP) made it clear that the Government favoured the self-regulatory scheme being developed by the Alliance for Electronic Business in saying:

"The Government has been working closely with the Alliance for Electronic Business who are leading the development of a non-statutory, self-regulatory scheme. Such a scheme bringing together providers and users, including consumers, should offer a more flexible and effective way of meeting the Goverment's objectives than a statutory scheme. The Alliance's scheme is still in its infancy, so the draft Bill proposes to take powers to set up a statutory voluntary scheme by secondary legislation. The Government will only use these powers should the industry fail to work out a suitable model for self-regulation consistent with our e-commerce and law enforcement interests."

  The Government is continuing to work closely with the Alliance for Electronic Business and hopes that a scheme meeting the criteria set out in para 28 will be operating by the end of 2000, in which case it will not be necessary to implement the statutory scheme. We will report on progress during passage of the Bill.

PART II

Scotland

  1.   Following the Committee's recommendation in paragraph 40 of its Seventh Report (HC 187), and paragraphs 16 and 17 of the Government's Reply, it would be helpful to receive guidance on the applicability of Clause 7 in Scotland.

  Clause 7 will apply in Scotland, so that electronic signatures and certificates will be admissible before the Scottish Courts.

Signatures

  2.   The Committee would welcome clarification of how electronic signatures can be authorised with a seal, witnesses or made under oath, as suggested in Clauses 8(2)(c) and (d).

  The clause allows a requirement for something to be authorised with a seal, witnessed or made under oath etc to be satisfied by electronic means subject to provisions specified in clause 8(4). To understand how an electronic signature can help achieve this, it is worth recalling that an electronic signature is capable of doing far more than a manual signature. A manual signature is typically added at the end of a document (which may consist of several pages) to indicate assent to the document but provides little assurance that the document has not been altered since being signed.

  As the Committee knows, there are various types of electronic signature. The rest of this discussion will assume an electronic signature based on public key cryptography, but the Bill is not limited to this technology. Such an electronic signature can ensure both the authenticity of a document (who signed it) and its integrity (that its contents have not been altered). Turning to the specific examples raised by the Committee we will illustrate how an electronic signature could meet such a requirement. These examples are not intended to be prescriptive, as clause 8 will be used on a case-by-case basis, depending on the underlying requirement that is being modified to allow electronic communication or storage:

A signature is typically required to be witnessed to provide greater assurance of authenticity: the signatory will sign a document in the presence of a witness who then adds their own signature. To some extent this function is inherent in the concept of an electronic signature supported by a Certification Authority (CA). The CA issues a certificate which says that a particular signature creation key (the private key), which matches the signature vertification key in the certificate (the public key), was issued to a particular person on whom specific checks were made. A CA may also accept certain liabilities. This can provide a much higher guarantee of authenticity than a typical unwitnessed manual signature. An additional guarantee might, in some implementations, be provided by a biometric link to the signatory. The additional property of witnessing that the witnessed signature was made by the signatory in the presence of the witness could be provided electronically by the witness adding their own electronic signature to the document signed by the signatory (there is nothing to stop two or more signatures being applied sequentially to the same document). The requirement for a statement to be made under oath could also be met electronically in a similar way.

A seal may be used to provide a higher degree of authenticity than can be achieved by a manual signature alone. Again this property is inherent in an electronic signature. A requirement for a corporate seal, for example, could be met by having an equivalent corporate electronic signture creation key, issued only to selected individuals within the company, which is used to sign the document requiring a seal. Note, an individual may have several electronic signatures corresponding to different responsibilities (eg as a Director of several companies, as an employee authorised to spend within certain limits, as an officeholder in a club etc).

Incentives

  3.   It would be helpful to receive a statement of the Government's views on the desirability or otherwise of imposing different fees or charges for electronic communications or storage than those relating to non-electronic communications or storage, with regard to Clause 8(4)(e).

  The Government does not have a settled view on whether different fees should be imposed for electronic or non-electronic means and would take decisions about this on a case-by-case basis. In the case of a service designed to cover its costs, rather than raise revenue, it might be appropriate for the Government to pass on its cost-savings expected from the electronic handling of data to the fee-payer. Clause 8(4)(e) is designed to give the Government the flexibility to do this.

Retention of writing

  4.   In relation to Clauses 8 and 9 it would be useful for the Committee to receive some indication of the Government's priorities for using the proposed power, aside from in relation to the Companies Act 1985, and of those communications which the Government does not consider should be allowed to be conducted electronically, referred to in paragraph 22 of the Reply as "a few examples".

  The Government has not yet settled its priorities for using the Clause 8 power. The Government intends to do so as a matter of urgency. It has set the high-level targets for the UK to be the best environment for electronic business by 2002; and for 100 per cent of appropriate Government services to be available electronically by 2008. The Prime Minister accepted the recommendation of the PIU study published[1] on13 September that Government departments should quickly take advantage of the equivalence between digital and written documents. The DTI expects to publish further details during the passage of the Bill.

  The Government would not want to rule out specific communications from being able to be conducted electronically, but recognises that while allowing electronic communications is largely a relatively uncontroversial question of updating the law to what is now possible, there are cases where more fundamental issues of principle may arise (eg marriage).

Commencement

  5.   It would be helpful to have some indication of the Government's plans on commencement of the different parts of the Bill, in particular the reasons for any delay in bringing into force Part III and Clauses 7 and 20 to come into force once the Bill is enacted.

  The Government has stated its intention to use Part I only if industry self-regulation does not work. Parts II and IV would be commenced without delay. The provisions in Part III of the Bill giving the Secretary of State the power to authorise the service of disclosure notices will not come into force until the Tribunal provided for under the Bill (Clause 18) to hear complaints about the exercise of the Secretary of State's powers is established.

PART III

Anticipation

  1.   It would be helpful to have clarification of the extent to which the use of the phrase "or is likely to come" is in 10(1)(a) and (b) is intended to enable a person with permission to require an intelligible copy of material not in existence at the time of serving the notice.

  This is intended to cover instances where warrants are issued (eg under the Intelligence Services Act 1994 or the Interception of Communications Act 1985) enabling material to be lawfully obtained from the date the warrant is signed and for the duration it remains in force. This would only be appropriate where there was prior knowledge that the material itself was likely to be encrypted.

Information in place of key

  2.  It would be helpful in considering Clause 11 to have some indication of the circumstances in which it is envisaged that disclosure of the key rather than an intelligible version is to be required, and whether that would be covered in the proposed Code.

  It is envisaged that disclosure of an intelligible version of specified data will be sufficient in many cases. But in some cases, it may be necessary to require the disclosure of a relevant key (or at least a session key). Keys may be required in certain cases in order to protect operational security and to comply with statutory requirements affecting, for example, the privacy of information obtained (section 6 of the Interception of Communications Act 1985 (IOCA), for example, places an obligation on the Secretary of State to make arrangements as he considers necessary for the purpose of securing that the extent to which intercept material is disclosed is limited to the minimum necessary for the purpose of the warrant). Keys may also be required in certain cases in order to ensure that decryption of material takes place in accordance with computer forensic best practice so as to maintain chains of evidence.

  As set out in Clause 11 of the draft Bill, it will be for the person authorising the use of the lawful access powers (eg the Secretary of State) to decide whether keys or the plaintext of specified material should be demanded in a particular instance. It is envisaged that this issue will be covered in the proposed Code of Practice.

Offences

  3.   It would be helpful to have clarification of the reason for making tipping off under section 13 liable to more severe punishment than refusal to comply with a notice under section 12; and the reference to financial penalties on page 25 of the draft notes.

  The proposed penalty for "tipping off" follows an existing precedent in section 53 of the Drug Trafficking Act 1994 which carries a penalty, on indictment, of five years imprisonment. It is designed to deter persons taking deliberate and intentional action (ie "tipping off" another) with a view to frustrating statutory procedures and assisting others to evade detection. The proposed penalty for the offence of failing to comply with the terms of a disclosure notice was suggested as being in line with similar offences.

  There is an error in the explanation of the financial penalties as they appear on page 25 of the Government's consultation paper (Clause 14: Provisions supplemental to sections 12 and 13). The explanation, as regards the financial penalties for both the failure to comply and tipping off offences, should read:

"there is no upper limit to fines set in the Crown Court (on conviction on indictment). In a Magistrates Court (on summary conviction) the maximum fine is £5,000 (level 5)".

Police and HM Forces

  4.   It would be helpful to have an indication of the reasons for (a) the omission of various non-Home Office forces (eg UKAEA, Transport Police, MDP) from section 15(4), and of the extent to which it is intended that they would be able to obtain the appropriate permission and (b) the inclusion in paragraphs 2 and 4(5) of Schedule 1 of HM Forces.

  The Committee is correct to draw attention to non-Home Office police forces. There are a considerable number of such police forces who could, conceivably, come across encrypted material in the course of their duties and therefore need to utilise the proposed new lawful access powers. The Government is presently considering how best this can be accounted for in the Bill.

  The reference to HM Forces is included to cater for instances where, for example, the armed forces might encounter encrypted material while exercising statutory powers of search and seizure under the Northern Ireland (Emergency Provisions) Act 1996.

Commissioner and Tribunal

  5.   An indication of any intentions to add the Commissioner functions proposed under section 17 or the Tribunal proposed under Schedule 2 to existing and similar offices would be useful.

  The possibility of adding the functions of the proposed Commissioner and Tribunal to existing offices (such as those established under IOCA) is being considered. It should also be noted that these existing oversight mechanisms are themselves being examined as part of the current review of the interception legislation.

Electronic Communication

  6.   Elucidation of the formula used for non-written communications in section 10(3)(a) and the precedents therefore would be helpful, in the context of Part II of the draft Bill. It would also be helpful to have an indication if it is intended that permission under Schedule 1, paragraphs 2(3)(b), 3(2) or 6 should in due course be able to be given electronically.

  Clause 10(3)(a) is designed to ensure that disclosure notices are served in such a way so as to ensure a clear audit trail for future enquiries. It is envisaged that such notices should be able to be served electronically, where appropriate. It is intended that the permissions under Schedule 1 should, in due course, also be able to be given electronically.

PART IV

Background

  1.   In the May 1998 document reference was made to around 400 licences; in March 1999 to an increasingly large number; and in the draft notes (page 27) to well over 100. A clarification would be helpful, indicating the different categories to be referred to.

  379 individual licences had been issued by the start of May 1998—hence the "around 400 licences" comment in the May 1998 document. By March 1999 431 active licences were held, rising to a figure of 497 by the end of July 1999, illustrating the "increasingly large number" of licences referred to in the March 1999 consultation document.

  The draft notes refer to "well over 100" licensees. The number of licensees is considerably lower than the number of licences as some operators have many licences. There are approximately 45 active domestic Public Telecommunications Operators, approximately 120 holders of International Facilities Licences, and three major cable operators.

  2.   It would be helpful to have any further example to that of the Fair Trading condition referred to at paragraph 31 of the 1998 document of modifications delayed or abandoned as a result of the current procedures and the EU Directive non-discrimination requirements.

  Following implementation of the Licensing Directive and its non-discrimination obligations, OFTEL has postponed the making of certain licence modifications including some changes to the numbering conditions. It would not be possible to make these changes to all licences under the current regime.

  There is a proposal for a modification of regulation on Premium Rate Services which is currently the subject of OFTEL consultation. It would not be possible to pursue this under the present regime without the consent of all of 350 licensees. On past experience this would not prove possible.

Objection to modification to class licence

  3.   Section 12(4A) seems to provide for modification of a class licence to be subject to veto by any person benefiting from a class licence, but no others. Is there any experience of positive objection to modification of such a licence by those not benefiting from them? Is there provision for consumer objection?

  The current system allows holders of the relevant class licence to veto proposed modifications, and no change is proposed. No provision is made for objections to modifications by those who do not hold the relevant licence. However, it may be noted that modifications of class licences are usually affected by revocation and reissue, and that procedure makes no provision for any veto.

Form of objection etc

  4.   It would be helpful to have a clarification as to how far electronic communications are expressly permitted for the purposes of Clause 20, and in particular if the reference in section 12(6D) to accompaniment by a written statement is intended to exclude electronic communication.

  We would regard the phrase "written statement" in section 12(6D) as including any written statement delivered by electronic means. Indeed there is no intention to restrict the use of electronic communications for the purposes of Clause 20.

Deregulatory

  5.   Section 12A(4) seems to allow the Director to proceed with a modification deemed deregulatory despite objection from a significant minority. It would be helpful to have a note on the procedure envisaged, including the extent to which section 12(4A) covers such a proposal, the appeals procedure and the extent to which this proposal has been consulted on.

  Section 12A(4) does indeed allow the Director to proceed with a modification deemed deregulatory despite objection from a significant minority. The procedure envisaged is that, where the Director considers a modification to be deregulatory, he would publish an explanation of this view when giving notice of the proposed modification as required by section 12(2). It is envisaged that this note would include an explanation of why the Director considers that the conditions of section 12A(11) are satisfied. The decision to proceed with the modification under the terms of section 12A(4) is fully covered by the appeals procedure outlined in section 12B.

  Section 12(4A) relates to the modification of class licences, to which the requirements of section 12A have no reference. There is no provision for class licences to be modified where objections have been received from any relevant licensee, though as explained in the response to question 3 above, modifications of class licences are usually effected by revocation and reissue.

  This aspect of the proposals has precedents in the Gas Act 1995. It has not been the subject of any consultation prior to the publication of this draft.

Blocking minority

  6.   The 1999 document noted the objections raised to the formulae proposed for determining the blocking minority. How is it proposed that the rules and principles to be set out under section 12A(9) will differ from those set out in the 1998 paper?

  Both the May 1998 document and the draft clauses provide that, in determining whether a significant minority of those whose licences are to be modified have objected to the proposal, both the number of objectors (as a proportion of all those whose licences are to be changed), and their size (as a proportion of the overall size of the relevant activities) should be considered. However, despite this similarity there are important differences.

  Responses to the May 1998 consultation revealed concern that the "blocking minority" approach removed the individual right to a reference to the MMC (now Competition Commission). The appeals mechanism outlined in section 12B of the draft clauses is designed as a check on the increased power of the Director which this procedure gives him. Such a procedure was not included in the May 1998 consultation.

  The draft clauses also give greater flexibility than was provided in the May 1998 proposals. Specifically, the draft clauses allow the nature and extent of licencees' business activity, and not just their size, to be considered. This allows for different rules and principles to be prescribed reflecting the characteristics of different sectors of the telecommunications industry. Furthermore, by allowing the rules and principles to be prescribed by an order, rather than writing them on the face of the Act, provision is made for the rules and principles to be revised, if necessary, to take account of changing circumstances.

Appeals

  7.   Paragraphs 14-15 of the 1999 paper suggested that aggrieved licensees would be able to appeal on wider grounds than the normal grounds for judicial review. It would be helpful to have a note setting out how the terms of section 12B(2) reflect that, and in particular each of the grounds set out in paragraph 15 of the 1999 paper.

  The key way in which the terms of section 12B(2) reflect the right to appeal on wider grounds than the normal grounds for judicial review is in section 12B(2a) which allows for appeal on the basis that there has been an error as to the facts relied on in the making of the decision.

  Paragraph 15 of the 1999 paper outlined three grounds for appeal. Appeal on the grounds "that there had been a material error in the evidence on which the DGT made his decision" is reflected in section 12B(2a)—"that a material error as to the facts was relied on in the making of the decision". Appeal on the grounds "that the decision was incompatible with the evidence before the DGT" is reflected in section 12B(2d)—"that the decision is one that could not reasonably have been arrived at." Appeal on the grounds "that the decision was unlawful because, for instance, it would have a discriminatory or disproportionate effect on the appellant licensee" is reflected in section 12B(2c)—"that the decision involves a material error or law". The specific issues of discrimination or lack or proportionality are covered by this clause as modifications which are discriminatory or lack proportionality are prohibited by the EC Telecoms Licensing Directive and thus represent a material error of law.

September 1999