Feeds

UK abandons key escrow

Police to gain access to data only with senior politicos' say-so

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

The UK government has at last set down its policy on encryption software and, as predicted, the announcement yesterday presented a considerably more liberal approach than those taken by previous administrations. Stating that there was no easy way to reconcile the needs of law enforcement agencies to access criminals' data with the public's right to privacy, the government said the only way to balance these opposing factors was through co-operation rather than enforcement. So, out goes key escrow, the requirement that encryption software suppliers maintain 'back-door' access to encrypted data and register that with a centralised key broker. However, companies will be required to disclose a key when presented with a warrant. Such warrants will need to be signed by the Home Secretary, the Foreign Minister and another "senior minister". Previously proposed legislation would have required warrants to be signed only by a senior police officer. Warrants would be issued under the Police and Criminal Evidence Act to allow police access to encrypted data just as they can apply for warrants to enter homes and offices. The difference is that the application for the data-access warrant will be treated as an application to intercept mail or phone traffic -- hence the high level to which the application must go before the warrant is granted. Ministers said the decryption process would be performed by a centralised Technical Assistance Centre once a given police force had obtained a warrant and the key to open the data. Yesterday's announcement followed the formation of a task force combining government, law enforcement agencies and industry to propose legislation that best serves each party's interests. In turn, that is part of the UK government's avowed intent to make Britain one of the best countries to do e-business in. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.