[FYI] UK: Computer crime plan 'bad for business'

["Axel H Horns" <horns@t-online.de>]

------- Forwarded message follows -------
From:           	"Dave Foulger" <davidfoulger@hotmail.com>
To:             	<ukcrypto@maillist.ox.ac.uk>
Subject:        	bbc news online
Date sent:      	Tue, 9 May 2000 09:35:57 +0100
Send reply to:  	ukcrypto@maillist.ox.ac.uk

http://news.bbc.co.uk/hi/english/sci/tech/newsid_740000/740766.stm

Computer crime plan 'bad for business'


Controversial proposals to control the interception of e-mail and
other communications return to the UK Parliament on Monday, having
previously been described appalling and objectionable. The government
says legal changes are needed to continue the fight against crime in
the internet age, given that encryption codes are freely available to
make secret electronic messages uncrackable. 

But the Home Office's Regulation of Investigatory Powers Bill has come
under fierce criticism, from opposition politicians and groups outside
parliament. 

They have two main fears. The first is a potential financial burden on
business if internet service providers (ISPs) are forced to provide
access to data for the government. The second is a "reverse burden of
proof", meaning people unable to produce the key to encrypted
information would be guilty of a crime. 

No concessions 

The government says the bill clearly covers questions of who can use
the interception powers, for what purpose and how the power is
regulated. 

Observers believe they are unlikely to shift their position on the key
objections, which could lead to the Conservative opposition abstaining
on the whole bill. This would go against their traditional support for
measures which strengthen crime-fighting powers. 

      UK intelligence agency MI5 could access any email

The human and civil rights group Liberty welcomes parts of the bill,
but believes: "The bill will require some amendment in order to comply
with international human rights standards. For example, the proposed
powers to recover encryption keys risk reversing the burden of proof."


This has been the objection most vehemently voiced. Many businesses
and individuals wish to send sensitive information over the internet.
This can be done by encrypting the message, using one of many free
programs available. 

However, criminals can do the same and the government proposes to make
it illegal to fail to hand over the key to any encrypted information.
The problem, according to the critics, is that the individual has to
prove he no longer has the key, if it has been lost or forgotten. 

To spy or not to spy 

Prominent critic Caspar Bowden, Director of the Foundation for
Information Policy Research, told the BBC: "Either we can go down the
path of trying to set up total surveillance apparatus or we accept
that changes in technology have fundamentally limited the ability of
governments to do this. 

"The latter choice means proceeding on the basis of very specialised
forensic investigation teams that target the most serious criminals
with the best techniques." 

The other main point of contention is over the potential cost to
business of the proposed legislation, which some say will make people
pay for the provision of the government's ability to intercept their
e-mail. 

Keith Mitchell, who runs the London Internet Exchange told the BBC: "I
think there are going to be significant burdens on ISPs in terms of
using our skilled engineers as moonlighting government spooks." 

He believes that current proposals requiring the government to be
given access to data will cost large ISPs at least £250,000 a year. He
said that cost has to be passed to consumers, making internet access
more expensive. 

An industry think tank told the BBC that such costs could drive
businesses out of Britain: "There is a risk that e-commerce could be
damaged - it would be very easy for all kinds of e-business to migrate
to Ireland or France." 



------- End of forwarded message -------