Feeds

UK to drop key escrow from crypto rules

But only maybe -- opponents have to find an alternative first

  • alert
  • submit to reddit

Seven Steps to Software Security

The British government has dropped plans to build key escrow into its encryption policy -- a day before the Department of Trade and Industry releases the second public consulation document seeking opinion on how the UK's crypto policy should be formulated. However, the move may not remove the rights of the police and other agencies to access encrypted material. Instead, opponents to key escrow may have to come up with an alternative. The first set of DTI encryption policy proposals were made public back in 1997, under the previous, Conservative government. The suggested policy centred on a scheme whereby the DTI licensed Trusted Third-Parties (TTPs) to issues strong encryption technology to businesses, organisations and individuals. Each TTP would be responsible for maintaining and certifying users' encryption keys. However, a fundamental part of that proposal was key escrow -- making users' keys available to law enforcement and security forces, allowing those organisations to access encrypted data. The key escrow arrangement has since been widely attacked by business groups and civil rights organisations. This week the House of Commons Trade and Industry Select Committee, which is currently investigating the UK e-commerce arena and the role of strong encryption within it, heard evidence from Post Office board member Jerry Cope that ill-considered legislation -- law that required key escrow and/or limited the strength of encryption software -- would limit the UK's chances of become a world centre for e-commerce (see UK Post Office confirms crypto service roll-out). That outcome is the exact opposite of the UK administration's e-commere policy, outlined last year by the then Trade and Industry Secretary, Peter Mandelson, who said it was the government's intention to make the UK "the best place in the world to do business electronically". And yesteday Prime Minister Tony Blair backed up that claim by telling representatives of the IT and telecoms industries that key escrow would no longer be obligatory, according to sources close to the meeting. However, Blair clearly told them that they will need to come up with an alternative. Taking a tough stance on law and order issues is also a well-stated government policy, so the government is unlikely to willingly sign away law enforcement agencies' rights to intercept and access encrypted data while fighting crime. Sources suggest the IT and telecoms industries have three weeks to suggest an alternative to key escrow -- or it willbe put back into the proposed regulations. ®

Boost IT visibility and business value

More from The Register

next story
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.