The Bill, which is expected to become law on 2nd October 2000,
covers government authorities’ rights to monitor business e-mails
and to demand decryption keys under certain circumstances.
The Bill regulates new powers to set up a monitoring centre to
intercept private e-mails and mobile phone communications. It also
provides that if the authorities lawfully obtain encrypted data,
they can demand the decryption key from the holder. If the holder
refuses to do so, he or she risks a prison sentence.
The letter from Chris Humphries, Director General of the Chamber
of Commerce, acknowledges the need for law enforcement agencies to
have access to electronic data, but asks that appropriate methods
for providing access be incorporated into the law. Humphries
suggests that the approaches taken by countries such as the US and
Ireland will prove less burdensome on business and that British
businesses will resort to offshore ISPs.
The Chamber of Commerce is also concerned that the government
has underestimated the cost of monitoring communications.
In addition, Humphries argues that allowing the government
access to encryption keys “raises a number of obvious questions
with regard to the potential civil liability of the company if the
surrendered keys were used in such a way that an innocent third
party suffered loss.” He wants to see an amendment to the Bill such
that orders to surrender encryption keys should require a separate
judicially authorised warrant.
In response to the letter, a Home Office spokesman said: “We
believe we have a good story to tell in answer to all of the points
raised by the BCC.”
