Private Security Industry Bill - latest Straw outrage

[Ross Anderson]

If this bill passes, you will need a licence from the Home Office
to consult on information security or cryptography. It introduces
controls on `the giving of advice about the taking of security
precautions in relation to any risk to property or to the person'
(schedule 2, part 1, 5 (1) b).

There are exemptions for lawyers, accountants and management
consultants. There's even a training exemption that might be
interpreted as a get-out for academics teaching security courses.
But there is no exemption for the ordinary systems analyst who has
to specify information protection mechanisms as part of his job.
(The directors of his company can go to jail, too.)

Some parts of the Bill have exemptions for journalists (e.g., the
part on private eyes, schedule 2, part 1, 4). However, the part
that deals with security consulting has no such exemption. SO even
if material is destined for publication - newspaper articles, 
postings to ukcrypto, my next security book - it seems that the
author may need to get a licence, if the bill is interpreted as
meaning what it says.

Help may be at hand, though. The Home Secretary can change the
schedules `for the purpose of adding or excluding any such 
activities as he thinks fit'. So perhaps IT people can all write
to him and ask politely not to have to pay dues to his latest
quango.

This bill was advertised as a means of licensing wheel-clampers,
nightclub bouncers and private eyes. Nobody seems to have paid it
much attention. My informant tells me that it's now cleared the
Lords and if it isn't stopped in the commons, it could be law
before the election

Ross