Escrow time line draws fire from think-tank
The government's decision to drop key escrow -- which would give law enforcement agencies access to data sent over the Internet -- leaves the e-commerce bill "a dead limb of an old policy which should be chopped off," according to Caspar Bowden, director of the Foundation for Information Policy Research.
Bowden believes the government is "in a terrible tangle" over the bill and has lodged a formal complaint with Secretary of Trade and Industry, Stephen Byers, over the time given for the IT industry to respond to the consultation document -- Building Confidence in Electronic Commerce.
The government has given the industry under four weeks to come up with an alternative for establishing a licensing scheme for digital signatures. Bowden is calling for an extension until 30 April, claiming the time given is not only insufficient but contravenes Cabinet Office guidelines on response time to consultation documents.
Quoting a government document, Bowden writes: "Eight weeks for replies should generally be the minimum for all consultation exercises, but whenever possible more should be allowed." On a matter as important as e-commerce, he feels the government is attempting to "rush the bill through to meet a rash commitment made in the Queen's Speech."
"The proposed legislation on regulation of e-commerce affects everyone in society, and would amend many complex areas of law... consumers, businesses, companies, shareholders (among others) will be affected," Bowden writes in his letter.
A spokeswoman for the DTI denied the charge. "Discussions have been ongoing in the industry for many months and ministers are confident the timescale is sufficient," she said. "Obviously we want to get it through as quickly as possible but we want to get it right as well," she added. She claimed the department had not received Bowden's letter.
She admitted the government has bowed to industry pressure over the issue of key escrow. "The industry persuaded us that it was not the way forward," she said. Now the government is asking the industry to come up with alternatives to making e-commerce secure while giving law enforcement agencies access to cyber criminals.
It is not clear whether the government plans to return to the technology if the industry fails to come up with an alternative. FIPR's Bowden would be surprised if they raised it again in this bill. "I can't believe they could make a serious decision to go back to key escrow," he said. He believes the debate over access to encrypted data would be more appropriate as part of the Interception of Communications Act, which Home Secretary Jack Straw has announced will be reviewed later this year to take account of "high-tech developments."
Bowden believes the most relevant question for the current e-commerce bill is whether a licensing scheme is needed at all. Describing digital signature licensing as "a carrot for getting people to use key escrow," he views it as an irrelevance now. There is little global precedent for such a scheme. Both the Canadian and Australian governments have decided against licensing structures and it is unlikely the US will go for it either.
Although the government has committed itself to getting the e-commerce bill read in the current session of Parliament, there is still no firm timetable for legislation and the bill has delayed many times over the last 12 months.