Financial Times LEADER on RIP - "the UK government should scrap this ill-considered bill in its entirety"

[Caspar Bowden]

http://news.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&cid=FT3Z2PZE49C&liv
e=true&useoverridetemplate=IXLZHNNP94C

Editorial comment: Online crime
Published: June 5 2000 19:17GMT | Last Updated: June 5 2000 19:23GMT

The UK government is succeeding in its aim of setting a global example on
e-commerce. Unfortunately, the latest example is of how not to regulate this
sector. Other countries, watching the way business reacts to e-commerce
legislation in the UK and Ireland, will be much more likely to follow the
lead of Dublin rather than London.

The Home Office insists the new measure, the Regulation of Investigatory
Powers bill, simply updates existing powers to tap telephones. Covert
surveillance is an important weapon in the fight against serious crime.
Unless law enforcement agencies have the power - enshrined in the RIP bill -
to intercept and decode encrypted e-mails, criminals will be given a free
rein online.

This is a powerful argument. But the bill that springs from it is seriously
flawed. Unless the government listens to the wide array of RIP critics, it
risks inflicting damage on business interests and civil liberties alike.

The most immediate industry casualties of the bill are internet service
providers, who will have to offer a permanent interception capability. The
government has yet to decide what technology it will impose. But the minimum
running cost for a small provider is £9,400 a year, according to a
government-commissioned report. That alone could encourage potential new
industry entrants to go elsewhere.

But the RIP bill carries wider costs to business. It will allow state
officials to demand access to a private decryption key or to a plain text
copy of an encrypted message. In certain exceptional circumstances - yet to
be defined - only production of the key will suffice.

Disclosing a key could compromise the security of a whole network. But it
will be a criminal offence to warn any third party that the key has been
requested. The concern is about security. UK companies would face
potentially huge damages if the key got into the wrong hands, and electronic
instructions, such as money transfers, were intercepted by a criminal third
party.

The industry wants the government to indemnify it against such claims.
Instead, the government should prevent such claims occuring in the first
place. It could do worse than look to the example of Ireland, where the new
e-commerce bill will not allow law enforcement agencies to require the
disclosure of private keys in any circumstances.

Better still, the UK government should scrap this ill-considered bill in its
entirety. Cybercrime is a serious issue. But it is also a global problem,
demanding global solutions - the Home Office should concentrate its efforts
on the international arena.