FIPR Release 29/3/01: Govt. stalls on licensing of computer consultants

[Caspar Bowden]

FIPR Press Release 29/3/01 LONDON: FOR IMMEDIATE USE
=================================

		Foundation for Information Policy Research

Contact: Caspar Bowden                       Tel: +44(0)20 7354 2333

Government stalls on Bouncers Bill licensing of computer consultants
--------------------------------------------------------------------
Home Office Minister Charles Clarke announced yesterday (28/3/01 16:09 BST)
in the 2nd Reading debate of the Private Security Industry (PSI) Bill that
the government did not "CURRENTLY" intend to bring IT security consultants
within the scope of a new licensing regime, but would not give an assurance
to amend the wording to guarantee their complete exemption.

Promoted as a measure to crack down on wheelclampers and bouncers, the PSI
Bill also requires private investigators and "security consultants" to be
licensed by a new statutory authority supervised by the Home Office.

"Security consultant" means anyone giving advice about "security precautions
in relation to any risk to property" (Sch.2 5(1)a). This has caused a wave
of unease through the IT industry as it was realised the wording could catch
freelancers such as systems administrators ('sysadmins') who configure and
maintain computer access controls, and programmers and consultants who
typically work on a wide range of system tasks including information
security. Several trade bodies have made enquiries about the Home Office's
intentions in the past few weeks but have received no clear reply.

Mr.Clarke referred to the presently unregulated status of IT consultants,
but said the government did not "currently" intend to prescribe their
inclusion in the licensing regime. However he said the DTI would consult
with the industry about the adequacy of existing professional practices.

Opposition spokesman Nick Hawkins MP (Con) asked if the government would
agree to revised wording which would grant IT consultants the clear
exemption afforded to accountants, lawyers and management advisers.
Mr.Clarke stressed the broad wording of the bill was intentional, and agreed
merely to "look" at the wording.

Quotes
======
Caspar Bowden, Director of Internet policy think-tank FIPR commented:

"In 1999 the government wanted 'key-escrow' - a copy of everyone's
encryption keys. The RIP Act 2000 allows seizure of anyone's encryption
keys. Do they now want to ban anyone from working with encryption without a
license?"

"This looks like a tactic to keep the government's options open. Unless
there are the same cast iron exemptions for programmers, sysadmins and IT
consultants that have been granted to other professions, the government can
introduce licensing by order at any time."

What Next ?
-----------

The Bill has already passed through the House of Lords, and now enters the
Committee Stage in the Commons. In the absence of an early government
amendment to make necessary changes in the definitions, it must be assumed
that the government intends to take power to license IT consultants without
further legislation.


Notes for Editors
-----------------

1. The Private Security Industry Bill is at
http://www.publications.parliament.uk/pa/cm200001/cmbills/067/2001067.pdf

2. The Foundation for Information Policy Research (www.fipr.org), is a
non-profit think-tank for Internet policy, governed by an independent Board
of Trustees with an Advisory Council of experts.

3. Research topics include: legislation and regulation of electronic
commerce and infrastructure, consumer protection, data protection and
privacy, copyright, law enforcement and national security, evidence and
archiving, electronic government and interaction with business and the
citizen, and social inclusion.

4. FIPR's analysis of the RIP Act stimulated media debate, and led to
amendments ensuring that people who lose keys or forget passwords are
presumed innocent until proven guilty, and preventing casual surveillance of
web browsing without a warrant.