Home Page | About Us | Press Enquiries| Reports | Policy Issues | News Items | Press Releases | Mailing Lists | Bookstore

The UK Government Encryption Policy Pages

Up-to-date till December 1999. For more recent items related to UK Government Encryption Policy visit http://www.cyber-rights.org/crypto pages.

The Parliamentary Ombudsman ( the Parliamentary Commissioner for Administration) published its report in relation to the UK Government Encryption Policy and access to documents related to such policy through the Department of Trade and Industry (Case No.A23/99). The DTI refused to release information relating to the development of encryption policy. See http://www.parliament.ombudsman.org.uk/pca/document/hc21/hc21-04.pdf or http://cryptome.org/dti-mrj.htm See further the Freedom of Information Pages of Cyber-Rights & Cyber-Liberties (UK) at http://www.cyber-rights.org/foia/

Electronic Communications Bill published and Key escrow is dead, 19 November 1999.
The Electronic Communications Bill has been published today and the Bill can be accessed at

http://www.publications.parliament.uk/pa/cm199900/cmbills/004/2000004.htm

The Explanatory Notes for this Bill are here. The House of Commons Standing Committee B Debates on the Electronic Communications Bill is also worth reading through http://www.publications.parliament.uk/pa/cm199900/cmstand/b/cmelect.htm

Report of proceedings - 4th Sitting 16 December 1999, 3rd Sitting 14 December 1999, 2nd Sitting 14 December 1999 (morning), 1st Sitting 9 December 1999.

The Bill makes the following statement in relation to the European Convention on Human Rights: Mr Secretary Byers has made the following statement under section 19(1)(a) of the Human Rights Act 1998: "In my view the provisions of the Electronic Communications Bill are compatible with the Convention rights."

Section 13 of the new Electronic Communications Bill provides a general ‘prohibition on key escrow requirements’ and this officially signals the death of key escrow and key recovery - proposals that the DTI tried to introduce since the summer of 1996. This is a partial victory for the privacy activists but the debate on the controversial law enforcement issues will switch to the Regulation of Investigatory Powers Bill which has yet to be published.

DTI Press Release: P/99/938 , 19 November 1999 - ERA OF ELECTRONIC SIGNATURES DAWNS - HEWITT

The Government today published The Electronic Communications Bill to promote electronic commerce in the UK in the 21st century.

The Bill forms an important part of the Government's policy to develop the UK as the best environment world-wide in which to trade electronically. Microsoft have called the Bill 'the model for Europe'.

Ms Hewitt said: "This historic Bill will help make the UK the best place in the world to do electronic business. Britain led the world in the first industrial revolution. Now we are determined to be winners in the new knowledge economy revolution. This Government is creating the conditions in which UK businesses can thrive and where the UK becomes first choice for investors.

"Many of our laws are hundreds of years old. They were written for the days of pen and paper. Today's businesses operate with e-mail and digital signatures. We must modernise our laws if we are to compete in the electronic market-place.

"We are determined to get e-commerce law right and get it in fast. That is why we are introducing this Bill in the same week as the Queen's Speech. We are on course to meet our original target for Royal Assent by April 2000 making this one of the UK's first 21st century laws."

Under the legislation:

Following two extensive consultations on the draft Bill with business and the IT industry the Government also announced that:

Home Office Minister Charles Clarke said: "Encryption is a double-edged sword - both vital to the e-commerce revolution and at the same time a deadly weapon in the hands of criminals. Paedophiles, drug traffickers and terrorists are already using encryption to try and evade justice. This cannot be allowed to continue. As encryption becomes more readily available and easier to use, the need to modernise police powers to enable them to read the material they can already lawfully get access to becomes ever more urgent.

"That is why the Government will provide law enforcement agencies with new powers to access decryption keys and the plain text of lawfully obtained material under properly authorised procedures containing strong safeguards. We have listened and reflected on how best to update the statute book and have decided to take the measure forward this session in the Investigatory Powers Bill instead of the Electronic Communications Bill."

People who welcomed the Electronic Communications Bill include:

Karen Thomson, Managing Director AOL UK who said: "AOL continually strives to make it simpler and more secure for our members to shop online. By giving legal recognition to electronic signatures, the e-commerce bill provides us with additional scope to enhance member confidence in the medium."

John Browning, co-founder of First Tuesday, Europe's leading meeting place for people, money and ideas in new media and e-commerce who said: "Trust is the ultimate basis of business success. So creating a regulatory environment that makes the electronic realm at least as consistent, predictable and trustworthy as the physical one is the most important thing Government can do to promote the new generation of internet entrepreneurs transforming Britain's economy - and the world's."

Carl Symon, Chief Executive Officer of IBM United Kingdom Limited, who said: "IBM welcomes the introduction of this important measure and we hope that it will become law very early in the new Millennium. It is clear from the Bill's text that the Government has listened very closely to what industry has had to say.

"We are delighted in particular that ministers support an industry-led approach to developing trust in emerging technologies and services. It's now down to UK industry to take forward this initiative not only to meet e-commerce requirements in the UK but also to serve as a model for other countries in Europe and world-wide."

David Svendsen, Chairman of Microsoft Ltd, who said: "With the publication today of the Bill, which provides a model for the rest of Europe to follow, we are sending a signal to UK and European businesses that Britain can become one of the best places in the world to do electronic business in the next millennium."

Keith Todd, Chief Executive of ICL, who said: "This is good news. The separation of the legitimate commerce issues from the law enforcement one is particularly welcome because it shows that Government is listening to what Industry wants.

"We in ICL are contributing to the Alliance for Electronic Business in the development of the self regulatory scheme which we understand will satisfy all the needs of Part 1 of the Bill. This new sense of partnership between Industry and Government will make the UK a great place for electronic commerce."

Keith Chapple, Managing Director Intel UK, who said: "We are delighted that government has confirmed in the Bill that key-escrow is off the agenda and is focusing on the real issue of legal recognition of electronic signatures which will give a vital boost to business and consumer confidence and promote the growth of electronic business in the UK."

The Bill also includes powers to modernise procedures to modify telecommunications licences. Existing procedures were originally designed for a small number of licence-holders and have become cumbersome and unwieldy now that there are hundreds of licence- holders. The procedures will be streamlined following further consultation with the industry making it easier to adapt licences to changing market conditions.

Notes to Editors

1. The Government is working with the Alliance for Electronic Business on a non-statutory, self-regulatory scheme known as the 'T-Scheme'. Good progress is being made and Government will make further announcements during the passage of the Bill.

2. Mandatory key escrow would have required people wanting to keep their e-mails confidential to deposit copies of their 'electronic keys' with third parties to help law enforcement in case criminal activity was suspected. The Government rejected this policy earlier this year because it would have imposed unfair burdens on law abiding citizens but it would have been able for criminals to evade. Now mandatory key escrow has been ruled out explicitly in the Bill.

3. The Bill is available on the Houses of Parliament website at: http://www.parliament.the-stationery-office.co.uk/pa/pabills.htm

4. The DTI has published a summary of responses to the consultation on the draft Bill launched on 23 July. The summary is available on the DTI website: http://www.dti.gov.uk/cii/elec/billsumm.html

DTI Summary of Responses to Promoting Electronic Commerce: Consultation on Draft Legislation and the Government’s Response to the Trade and Industry Committee’s Report (Cm 4417), 19 October, 1999 at http://www.dti.gov.uk/cii/elec/billsumm.html

Queen’s Speech and the introduction of new Bills related to encryption and e-commerce, 17 November, 1999.

The following Bills were announced with the Queen’s Speech today and they are important for the development of electronic commerce within UK.

(1) Electronic Communications Bill - This would allow Internet users to sign message electronically and introduce a "kitemark" for minimum standards of quality and service. Follows from last year's draft bill.

(2) Regulation of Investigatory Powers -This would bring the UK into line with Europe by strengthening the regulation of covert surveillance, but it would provide for lawful access to encrypted data. (For further details see the attached Home Office press release)

Initial reaction and comments by Cyber-Rights & Cyber-Liberties (UK):

"We welcome the removal of the law enforcement section (Part III of the Electronic Communications Bill) from the announced Electronic Communications Bill which will now deal only with electronic commerce issues. This is an important step forward for the development of electronic commerce in UK."

"However, the controversial law enforcement issues in relation to the legitimate use of strong encryption technologies and law enforcement access to encrypted messages will be dealt by the Regulation of Investigatory Powers Bill through the Home Office. Whether the Home Office will take into account the strong criticism received during the consultation process remains to be seen. If electronic commerce and the use of the Internet is expected to flourish, then the Home Office should meet the requirements of the European Convention on Human Rights and the Human Rights Act 1998."

"With the Home Office Bill, the balance should be struck in favour of the privacy of communications in the new Information Age for preserving human rights rather than for the creation of a Big Brother state. The opportunity to update the laws on interception of communications should not be used to create a more intrusive legal system."

Home Office Press Release - Regulation of Investigatory Powers Bill

" A Bill will be introduced to ensure that the interception of communications, and the use or other intrusive techniques, continues to be regulated for the protection both of the rights of Individuals and of society as a whole."

The Regulation of Investigatory Powers Bill would:

The Bill would put into effect the proposals in the consultation paper 'Interception of Communications in the United Kingdom' (CM4368). This was published on 22 June 1999.

The Bill would continue strictly to limit the occasions on which communications can be intercepted. And it would ensure that the same restrictions applied to all communications. A change in the law is necessary due to the diversification of communications technologies since the introduction of the Interception of Communications Act 1985.

The Bill would also strengthen the regulation covert surveillance and other intrusive investigative techniques used by public authorities. This would extend regulation to cover surveillance (not currently regulated by Part III of the Police Act 1997) and the use of covert human sources, including the use of agents, informants and undercover officers.

The final part of the Bill would provide for lawful access to encrypted data. This would put into effect Part III of the draft Electronic Communications Bill which was published on 23 July 1999 (CM4417). Where, for example, law enforcement has lawfully acquired encrypted material, the Bill would give them specific powers to enable them to make that data intelligible.

All three elements of the Bill would regulate techniques which are necessary for the protection of society at large but which can impact on the privacy of specific individuals. The Bill would strike a balance between these aims in accordance with our obligations under the European Convention on Human Rights.


The House of Commons Trade & Industry Select Committee will publish its Report on the Government's Electronic Communications Bill on November 3, 1999. On July 23 the Government published a draft Electronic Communications Bill and initiated a consultation process with a request for responses by October 8, 1999. The Select Committee has seen the responses to the DTI and this new Report, the third this session on Electronic Commerce, is a detailed commentary on the Government's current proposals. It is widely expected that the Bill will appear in the Queen's Speech as proposed legislation for the forthcoming session. The Report itself should be available on the web after approximately 3 pm on November 3. Details of press facilities, including a press conference, may be obtained from the Committee Office on 0171 955 5779. Keep an eye on http://www.parliament.the-stationery-office.co.uk/pa/cm/cmtrdind.htm

GOVERNMENT AND THE OFFICE OF TELECOMMUNICATIONS OBSERVATIONS ON THE TENTH REPORT OF THIS SESSION ON ELECTRONIC COMMERCE: The House of Commons Select Committee on Trade and Industry published its Twelfth Special Report (HC 835) of Session 1998-99, Government and the Office of Telecommunications observations on the Tenth Report of this Session on Electronic Commerce (HC 648) on Tuesday 26th October. See the report at http://www.parliament.the-stationery-office.co.uk/pa/cm199899/cmselect/cmtrdind/835/83502.htm

Cyber-Rights & Cyber-Liberties (UK) sent an Open Letter on the controversial Electronic Communications Bill to IBM and BT, 5 August, 1999, at http://www.cyber-rights.org/reports/ibmbt-letter.htm. A PDF version of this letter is also available at http://www.cyber-rights.org/reports/ibmbt.pdf

DTI, PROMOTING ELECTRONIC COMMERCE: Consultation on Draft Legislation and the Government’s Response to the Trade and Industry Committee’s Report, CM 4477, London: HMSO, July 1999, at http://www.dti.gov.uk/cii/elec/ecbill_2.html. A PDF version of this paper is at http://www.dti.gov.uk/cii/elec/ecbill.pdf

The Draft Electronic Communications Bill is at http://www.dti.gov.uk/cii/elec/ecbill_1.html. The Ecxplanatory notes for the Electronic Communications Bill is at http://www.dti.gov.uk/cii/elec/ecbill_3.html. These notes refer to the draft Electronic Communications Bill as published for consultation on 23 July 1999.

Part IIIof the Draft Electronic Communications Bill will be the most controversial part as far as privacy and human rights are concerned. See this part at http://www.dti.gov.uk/cii/elec/ecbill_part_III.htm

A report for the DTI summarising responses to BUILDING CONFIDENCE IN ELECTRONIC COMMERCE: A CONSULTATION DOCUMENT, Unique Reference Number: URN 99/891, at http://www.dti.gov.uk/cii/elec/conrep.htm

For Immediate Release - 15 June, 1999, "Critical letter on the UK Encryption policy sent to the Prime Minister"

LEEDS - In a letter sent to the Prime Minister, the Board Members of Cyber-Rights & Cyber-Liberties (UK) criticised the recently published Cabinet Office Report entitled Encryption and Law Enforcement. The letter states that "while we welcome this report as an initial step, we are concerned to find that it places too much emphasis on the value of encryption in support of business interests whilst giving insufficient attention to the interests and concerns of consumers and private citizens."

The letter (which is available through http://www.cyber-rights.org/reports/blair-letter.htm) also stated that the board members of Cyber-Rights & Cyber-Liberties (UK) are surprised and concerned about the legislative proposals that the Cabinet Office report contains, which seem to propose steps that could remove important civil rights and protections.

Dr. Brian Gladman, Technology Policy Adviser for Cyber-Rights & Cyber-Liberties (UK) stated that:

"The absence of any coverage of cryptography export controls and their detrimental impact on electronic commerce is a surprising and serious omission. This appears to be an attempt on the part of Government to divert attention from an area where their ongoing actions are totally inconsistent with their stated aim of promoting electronic commerce."

Mr. Nicholas Bohm,E-Commerce Policy Adviser for Cyber-Rights & Cyber-Liberties (UK) added that:

"It would be a grave embarrassment, both for the Government and for Britain’s position in the world of electronic commerce, for the Government’s E-Commerce Bill to be found inconsistent with the Human Rights Act."

Mr. Yaman Akdeniz, Director of Cyber-Rights & Cyber-Liberties (UK) concluded that:

"The joint government industry forum is a step in the right direction. However, it will only succeed if representation is widened to include representatives from consumer, civil liberties and public interest bodies in order to ensure that the interests of UK citizens are fully recognised, represented, and protected. Public accountability, openness and transparency will also be essential if such a forum is to command the trust and confidence of the UK public."

Notes for the Editors

The Cyber Rights & Cyber-Liberties (UK) letter has been sent to The Right Honourable Tony Blair, PC, MP, The Prime Minister on Monday, June 14, 1999.

The Cyber-Rights & Cyber-Liberties (UK) letter is available at http://www.cyber-rights.org/reports/blair-letter.htm
A PDF version of this letter is available at
http://www.cyber-rights.org/reports/blair-letter.pdf
The Cabinet Office report entitled Encryption and Law Enforcement is at
http://www.cabinet-office.gov.uk/Innovation/1999/encryption/index.htm
This press release will be available at
http://www.cyber-rights.org/crypto
For a list of Cyber Rights & Cyber-Liberties (UK) reports and papers see
http://www.cyber-rights.org/reports.


A report by the Cabinet Office entitled Encryption and Law Enforcement is now available at http://www.cabinet-office.gov.uk/Innovation/1999/encryption/index.htm This is a Performance and Innovation Unit May 1999 Report and the task force concluded that no single technique or system was likely to be enough to sustain law enforcement capabilities in the face of rising use of encryption by criminals.

The recommendations suggest that key escrow will not be mandatory and that there should be a new approach based on co-operation with the industry. The Task Force further welcomes the intention to include in the forthcoming Electronic Commerce Bill provisions to allow lawful access to decryption keys and/or plain text under proper authority. The task force also recommended that further attention should be given in the Bill to placing the onus on the recipient of a disclosure notice to prove to the authorities that the requested keys or plain text are not in his possession, and to state to the best of his knowledge and belief where they are.

Law Enforcement part of the document is not new and most of the stuff and examples are identical to those provided within the DTI March 99 consultation paper plus the NCIS submission made to the Select Committee. So we are still in the range of three examples of encryption usage for "serious crime". Just to note that the law enforcement was successful regardless of the usage of encryption in the cited examples.


The House of Commons Select Committee on Trade and Industry, "Report on Building Confidence in Electronic Commerce: The Government’s Proposals," HC 187, seventh report of session 1998-99, 19 May, 1999 is available through http://www.parliament.uk/commons/selcom/t&ihome.htm and http://www.parliament.the-stationery-office.co.uk/pa/cm/cmtrdind.htm To go directly to the report either click on the image or click here: http://www.parliament.the-stationery-office.co.uk/pa/cm199899/cmselect/cmtrdind/187/18702.htm

LEEDS - Today the Select Committee on Trade and Industry will publish its report on Building Confidence in Electronic Commerce: The Government’s Proposals.

The report concluded that "the rationale for an electronic commerce bill is open to question" and it recommended that the "Government think twice about the content of its forthcoming Bill and only include in the Bill measures which will promote electronic commerce rather than measures discarded from the previous key escrow policy". Cyber-Rights & Cyber-Liberties (UK) representatives gave oral evidence in front of the Select Committee in March 1999 and our views were taken into account by the Select Committee in their report. Mr. Yaman Akdeniz, director of Cyber-Rights & Cyber-Liberties (UK) stated that:

"The report is timely and all government departments including the DTI and Home Office should take this report very seriously before formulating and finalising their policies in relation to electronic commerce and interception of communications."

"We are glad that privacy issues are fully explored and considered by the Select Committee and the views of the civil liberties organisations are taken into account. After all the debates about the use of encryption is not all about electronic commerce!"

See further the Memorandum submitted by Cyber-Rights and Cyber-Liberties (UK) and the oral evidence provided by the members of Cyber-Rights & Cyber-Liberties (UK) at Examination of Witnesses (Questions 495 - 499) and Examination of Witnesses (Questions 500 - 520).

Cyber-Rights & Cyber-Liberties (UK) Response to the March 1999 DTI Paper: Building Confidence in Electronic Commerce - A Consultation Document, 1 April, 1999, at http://www.cyber-rights.org/reports/dti99.htm

Cyber-Rights & Cyber-Liberties (UK) gave oral evidence to a House of Commons Trade and Industry Select Committee on Electronic Commerce Inquiry, 09 March 1999. Following the submission of a Memorandum in February 1999, the representatives of CR&CL(UK) has been invited to give oral evidence on 09 March, 1999. Read the press release for further information.

See further BBC News Online, "E-commerce blueprint under fire," Wednesday, May 19, 1999.

[Earlier Announcement: Cyber-Rights & Cyber-Liberties (UK) will give oral evidence in front of a House of Commons Select Committee on Trade and Industry in relation to their Electronic Commerce Inquiry on 09 March, Tuesday, 1999 at 10:50 at the House of Commons. The Cyber-Rights & Cyber-Liberties (UK) representatives are called to give evidence following a written submission made by the organisation in February 1999. A press release and the written submission will be available through http://www.cyber-rights.org/reports on 09 March, 1999.]

The UK Government through the Department of Trade and Industry published on 05 March, 1999, yet another consultation paper on the regulation of encryption entitled: "Building Confidence in Electronic Commerce." The full document as a PDF file is available here. The DTI wants your comments by 1 April (it must be a joke), 1999. The paper states the following and the intentions of the UK government in relation to law enforcement issues remain somehow unclear:

Serious criminals, including drug traffickers, paedophiles and terrorists, are turning to encryption to conceal their activities. Unchecked, this will make the work of law enforcement increasingly difficult. The Government therefore intends to provide the agencies responsible for tackling serious crime with the ability to acquire lawful access to material necessary to decrypt communications or stored data.

While the Government remains keen to promote the development and use of encryption technologies that meet law enforcement requirements, it recognises industry concerns that making key escrow and third party key recovery a requirement for licensing could hinder the development of electronic commerce in the UK. It is therefore consulting on the basis that this will not be a requirement for licensing. However, the Government is looking to industry to help identify ways of meeting law enforcement requirements while promoting the growth of electronic commerce.

Bowden, Caspar & Akdeniz, Yaman, ‘Cryptography and Democracy: Dilemmas of Freedom,’ in Liberty eds., Liberating Cyberspace: Civil Liberties, Human Rights, and the Internet, London: Pluto Press, 1999, 81-125

This is a new piece written jointly by Bowden & Akdeniz and has been recently published in Liberating Cyberspace: Civil Liberties, Human Rights, and the Internet, through Pluto Press in April 1998. This chapter concluded that "The fork in the road is clear. One path leads to an infrastructure capable of an unprecedented degree of state surveillance limited only by perpetual government self-restraint; the other leads to a dilution of power and strengthening of privacy, but with compensatory reforms to assist law-enforcement. Without independent expert scrutiny and public debate of the law-enforcement case, escrow may happen by default."

The full chapter is now available through http://www.cyber-rights.org/reports/ as a PDF file.

Bureau of National Affairs, Electronic Commerce and Law Report, Wahington, March 25, 1998. This article is copyright of BNA Electronic Commerce and Law Reports.

U.K. President of EU Kicks Off Debate on Police Access to Encrypted Messages

BRUSSELS-The United Kingdom, in its capacity as the current holder of the European Union presidency, has prepared a policy paper calling for law enforcement authorities to have access to encrypted electronic communications under certain circumstances. The document, submitted to an EU police working group at the end of February, states that "where an encryption key is used for confidentiality purposes, it may be necessary for law enforcement agencies to have lawful access in certain circumstances. This access may need to be either overt or covert," a U.K. official told BNA, speaking on the condition of anonymity.

Exactly which circumstances would require access have not been determined, said the U.K. official.

The paper was drawn up after an informal meeting of EU justice and home affairs ministers at the end of January when the ministers concluded that there was a "need for possibilities of interception by law enforcement authorities."

The U.K. paper is further evidence that, as in the United States, there is a split between law enforcement agencies and industry related governmentdepartments and industry itself over the encryption issue.

The British government also argued in the policy paper that under what it calls a "back door key" approach, law enforcement agencies must be allowed fast access to encrypted messages in order to combat the increasingly sophisticated communications methods used by criminal organizations and terrorists, the U.K. official said.

But another official, David Hendon of the U.K.'s Department of Trade and Industry, said it would be wrong to surmise that the United Kingdom is about to pursue a mandatory key escrow policy. "Of course to be 100 percent sure of getting keys, you would need to have mandatory escrow. But we don't think this is realistic or in any way attainable and so it would be wrong to make a connection that the U.K. is about to announce such a thing-which, to be clear, we are not," said Hendon.

Hendon explained that the paper's reference to "overt" and "covert" does not imply a call for "back door keys." By overt, he said, "we were referring to a search warrant that is served on the owner of a PC," for example. "By covert, we were referring to encryption related to interception of realtime communications.

Obviously in this case, if the suspect knows his communications are being bugged, he won't say anything that helps the investigators." This, said Hendon, is a significant point because U.K. law does not permit interceptions to be used as evidence. Rather, an interception enables evidence gathering. Covert access is also necessary in terrorism investigations because the goal there is to step the terrorist act before it occurs, he said.

Rift With E Commerce Boosters. "There seems to be widespread support among the member states for the report," added the anonymous U.K. official. She also stated that some European Commission officials would like to think that the U.K. "was out on a limb with this approach," but they were wrong.

Indeed, both Telecommunications Commissioner Martin Bangemann and Internal Market Commissioner Mario Monti have argued over the course of the past year that there is no need for a system where law enforcement agencies must be given a key to encryption codes.

"If the current trend continues there will likely be a showdown in the EU with those in favor of promoting a single market for electronic commerce against access to encryption codes versus those who believe law enforcement agencies need to have access to encryption," said the U.K. official.

As part of research compiled before presenting the report, the Netherlands conducted a survey on the status of encryption legislation and the so called "trusted third party" concept where the keys are deposited with a neutral body. Twelve of the 15 EU member states responded and some of the results, which the U.K. presidency used in its report, were as follows:

* One member state (France) has a law requiring the public or companies to surrender encryption keys to crime detection or state security services
while the United Kingdom and the Netherlands require this only under certain circumstances.

* In five member states (Spain, the United Kingdom Sweden, the Netherlands, and France) there is either new or revised legislation under discussion.

* In four member states (the United Kingdom, Denmark, the Netherlands, and Greece) trusted third parties (TTPs) are in use.

*No experience in any member state has been gained from the TTPs by crime detection and state security services.

 

Press Release: Global Internet Liberty Campaign Member Statement: New UK Encryption Policy criticised.
The newly announced GILC Member Statement is available
here. (February 17, 1998)

Akdeniz, Y., 'No Chance for Key Recovery: Encryption and International Principles of Human and Political Rights,' 1998 Web Journal of Current Legal Issues 1. Published in February 1998.


The UK Government intends to bring forward legislation enforcing a ban on (domestic and foreign) TTPs that do not require escrow of private keys in the first session of a new Parliament following the General Election in May 1997. This would follow a recent consultation paper on ‘Licensing of Trusted Third Parties for the Provision of Encryption Services’ issued by the UK Department of Trade and Industry on 19th March 1997.

A Microsoft winword6 version of the DTI Consultation Paper is available here. An html version of the document is available HERE.

Read the 'First Report on UK Encryption Policy: A Legal Reply to the DTI Public Consultation Paper on Licensing of Trusted Third Parties For the Provision of Encryption Services' published on May 30 1997 by Cyber-Rights & Cyber-Liberties (UK).

Following is an uncomplete list of the Replies to the DTI

Please let us know the unlisted responses to the DTI.

COM (97) 503 Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions ensuring security and trust in electronic communication Towards a European Framework for Digital Signatures and Encryption - October 1997.


Cryptography and Liberty: 'Can the Trusted Third Parties be Trusted ?

An article written by Yaman Akdeniz, Oliver Clarke, Alistair Kelman, and Andrew Oram which has been published in the June 1997 edition of the Journal of Information, Law and Technology.

Abstract

Computer encryption is part of the basic infrastructure for modern digital commerce and communications. Recently it has been the subject of various proposals from the U.K. government, as well as governments in several other countries and the European Union as a whole. Whilst these proposals claim to address both the goal of improving commerce through better encryption and that of facilitating access to encrypted communications by law enforcement, the impact of the proposals is in fact to impair the former goal in order to favour the latter. They tend to call for 'key escrow' or 'key recovery' systems that centralise sensitive keys in databases (at 'Trusted Third Parties') and permit government access in a manner similar to that in which phone wiretaps are currently conducted. This paper examines several proposals, especially the March 1997 Consultation Paper from the Department of Trade & Industry entitled 'Licensing of Trusted Third Parties for the Provision of Encryption Services', and assesses their implications. We argue that key escrow represents an unprecedented intrusion on individual privacy, holds back the development of digital communications and commerce, and does not achieve the government's stated goals of helping to prevent crime. As an alternative, to address problems of law enforcement in electronic commerce and to facilitate the prosecution of crimes, we suggest a compromise proposal which we call 'key archiving.'

SCRAMBLING FOR SAFETY: Privacy, security and commercial implications of the DTI's proposed encryption policy - May 19, 1997 Computer Security Research Centre The London School of Economics.

There will be a one day conference on the 19th of May 1997 at the London School of Economics about the recent UK Department of Trade and Industry proposals on ‘Licensing of Trusted Third Parties for the Provision of Encryption Services’ in Britain. The Conference will be organised by Privacy International and the Global Internet Liberty Campaign. The DTI will be present to introduce their paper. Famous cryptographers such as Dr. Whitfield Diffie, Sun Microsystems, and Phil Zimmermann, PGP Inc. together with many civil liberties activists will argue against the DTI proposals on encryption.

See for Conference details here.

British and Foreign Civil Rights Organisations Oppose Encryption Paper, 9 April 1997. This is a press release written by Andy Oram (CPSR) and was signed by 18 civil liberties organisations world wide including Cyber-Rights & Cyber-Liberties (UK). The Press release has been sent to UK newspapers, editors and to the members of the Parliament. Please do read it and distribute it widely. Any comments are welcome.

OECD News Release, 'OECD ADOPTS GUIDELINES FOR CRYPTOGRAPHY POLICY', Paris, 27 March 1997. The Recommendation which came before the governing body of the OECD, the Council, is a non-binding agreement that identifies the basic issues that countries should consider in drawing up cryptography policies at the national and international level. The Guidelines are intended to promote the use of cryptography, to develop electronic commerce through a variety of commercial applications, to bolster user confidence in networks, and to provide for data security and privacy protection. The Guidelines set out eight basic Principles for cryptography policy and the fifth one remains to be the most important one:

'The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods.'

Among other things the OECD rejected key escrow and instead recommended voluntary, market driven development of crypto products. Follow EPIC's International Cryptography pages for recent developments.

OECD Cryptography Policy Guidelines, Recommendation of the Council concerning Guidelines for Cryptography Policy, 27 March 1997 are now available online.

See the critique of the UK Consultation Paper by Dr Brian Gladman, 23rd March 1997, and also fill out the questionnaire set out through his pages.

If you would like to put the above 'Global Warning' moving gif in your web pages please feel free to do so. If you need instructions on how to do that, click here.

Comments are invited on the issues set out in the UK consultation paper by Friday 30 May 1997. It may not be possible to take account of any responses received after this deadline given the Government's wish to move ahead quickly with the introduction of legislative proposals.

Comments should be sent in writing to :

Mr Nigel Hickson  
Information Security Policy Group
Communication & Information Industries Directorate
Department of Trade & Industry
Room 224
151 Buckingham Palace Road
London SW1W 9SS

E-mail address:- [ttp.comments@ciid.dti.gov.uk]
Fax: 0171 931 7194.

The Consultation Paper has not been advertised widely and the consultation period is very short considering that there will be a General Election in May 1997. Read the paper and please do send your comments before the deadline. I shall be working on a critique of the paper which will be available here. The following article I have written recently maybe helpful to understand the debate on encryption:

UK Government Policy on Encryption - 1997 Web Journal of Current Legal Issues 1 (February).

This article includes a discussion of the DTI Paper released in June 1996. Also discussed are the US, EU and OECD initiatives. Among other things the article also includes the views of the Labour Party on the use of encryption. It seems likely that a change in the UK Government in the next elections may change the current (possible) policy on encryption and make the DTI initiatives ineffective.

Please let us know if you are providing a reply to the Consultation Paper or whether this information is available on the Internet and any other suggestions and comments will be appreciated.

 

Cryptography & Encryption PGP & Clipper Chip & ITAR
UK Encryption Policy Recent Developments in the United States

Back to Cyber-Rights & Cyber-Liberties (UK) Crypto Policy Pages