UK Post Office confirms crypto service roll-out
Trusted Third Party status to fuel PO's drive into e-commerce
The Post Office is to offer to e-commerce operations its services as a Trusted Third Party (TTP) as it strives to become more relevant in an increasingly Internet-oriented world. PO board member Jerry Cope said: "The launch of our TTP service will be a hugely significant development for the Post Office as it means we will be entering a new market. But it will also be a significant development for UK industry as a whole." He added: "We have made a substantial investment in producing the necessary infrastructure by acquiring a licence for functionally rich, strong encryption software and providing the necessary hardware, processes and personnel to deal securely with data." The PO's TTP service will use software supplied by Entrust Technologies, a subsidiary of Nortel. "Using advanced cryptographic technology, it will be the electronic equivalent of sending a signed document in a sealed Royal Mail Special Delivery envelope," said a PO spokesman. "It will enable anyone -- private individual or business user -- to send and receive data on the Internet in the knowledge that their messages are totally secure." Cope's comments were made before the House of Commons Trade and Industry Select Committee, which is investigating e-commerce in preparation for UK government legislation on encryption. Cope warned that ill-considered crypto laws could have a profoundly negative effect on the UK's burgeoning e-commerce business. "If the UK does not have a regulatory regime that meets the need of business, then companies will opt to base their e-commerce operations in those countries which they regard as responsive to their needs," he said. "Some proposals, such as Key Escrow, requiring the release of private encryption keys to security agencies could, if not carefully thought through, cause the UK to lose customers to foreign-based businesses," he added. The UK government is currently considering a crypto policy based on providing strong encryption through a series of licensed TTPs, who would maintain and certify individuals' and business' encryption keys. Making those keys easily available to law enforcement agencies will, many organisations believe, undermine the public's confidence in the system. ®
Sponsored: RAID: End of an era?