DTI publishes draft etrade bill

The Department of Trade and Industry has completed a hat trick of industry friendly changes to its electronic communications bill, which was published in draft form this week.

Following its U-turns on key escrow encryption snooping and enforced regulation of ecommerce IT service providers, the DTI has also simplified its approach to the legal recognition of digital signatures.

However, fears remain that regulatory detail could see the reintroduction of overly complex requirements, and concern was voiced over the penalties for failing to disclose an encryption key.

In an interview with Computing, IT minister Michael Wills said the revision capped a four-month period in which the DTI has responded to fierce industry criticism of its ecommerce legislation plans.

"Anyone who thinks we've not made any progress has not had eyes or ears for the last three to four months," he said. "We've solved problems which I was told were intractable."

Some banks welcomed the bill. "The bill is now moving in the right direction," said Steve Thomas, head of security with banking body APACS. He added that it will help banks develop a payments guarantee scheme for the Internet.

The Home Office has been responsible for a requirement in the bill which states that users or systems administrators can be compelled to decrypt encrypted data on demand from the police - or face a two-year jail sentence.

A Home Office spokeswoman insisted, however, that the courts will not force IT managers to prove they do not have access to encryption keys used by others. "We are not reversing the onus of proof," she said.

The bill was published in draft form, following the Tories' refusal to allow it to be introduced now and carried over into the next session of Parliament. It will now be introduced in November, and become law next spring.

Key points:

• Legal basis for electronic writing and digital signatures, previously in doubt or illegal in some cases
• Self-regulation scheme created for providers of ecommerce services to provide consumer guarantees
• No key escrow encryption snooping scheme. This frees the use of strong encryption for online security

For more stories, see this week's issue of Computing