By Madeleine Acey,
LONDON -- British academics, IT users, and civil libertarians expressed concern on Wednesday that the U.K. government may try to control the use of encryption in electronic communications by surreptitious legislation.
The London School of Economics' computer security Fellow Peter Sommer is an adviser to the House of Commons Select Committee investigating the Department of Trade and Industry's proposed policy on e-commerce. Sommer said he expected the controversial legislation to comprise a short bill, with few procedural or technical details, but providing a minister with powers to pass later regulations.
The public meeting was called to debate the proposed Electronic Commerce Bill, which until March 5 called for licensed encryption providers to hold copies of users' cryptographic keys for law-enforcement access.
At the meeting, Sommer said he feared the minister would now use statutory instruments to legislate quietly for the government's desired powers. The bill still proposes voluntary licensing of encryption providers and digital-signature suppliers and would make it a crime to withhold a key from police.
"The critical thing is, how much consultation will there be beforehand?" he said. Statutory instruments could be passed immediately if there was no active opposition. The department and the Home Office received heavy criticism for only allowing three weeks for the industry and public to comment on the revised March 5 policy.
"If all you pass is enabling legislation, it's like writing a blank check," said Stefek Zaba, IETF member and HP Labs security expert, after the meeting.
"We have to be careful key escrow is not coming in by the back door," said Post Office lawyer Clare Wardle.
"There isn't any attempt to get key escrow through the back door," said senior department official Stephen Pride.
When other bills had taken this route, politicians had been given the right to grant themselves unlimited and unchecked powers, said Peter Noorlander, legal-policy officer at lawyers' human rights group Justice.
"It's something that we're very worried about," he said. "If these powers can say what the details of licensing requirements, for example, will be -- that sort of thing should be on the face of the bill."
He added that the new Human Rights Act provided for privacy in correspondence and the bill would have to be "human rights-proof."
"We really need to see some justification," he said, referring to the National Criminal Intelligence Service's inability to show an urgent need for access to encrypted communications or any statistics on encryption used in crime -- highlighted by Sommer at Wednesday's meeting, which NCIS declined to attend.
Sommer said in his experience as an expert witness in the courts he had dealt with pedophile and cracker cases. He found that among the police's problems in gathering evidence, encrypted-data traffic was a long way down the list.
Try TechWeb's RSS Feed!Lowe's seeking Systems Engineer III in Mooresville, NC
Univ of Michigan seeking University Ethical Hacker in Ann Arbor, MI
MAP Digital seeking Project Manager: Live Digital Events in New York, NY
cPanel Inc. seeking Internal Systems Developer in Houston, TX
Cirrus Design seeking Web Architect in Duluth, MN
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
