In its latest proposals for regulating Web encryption, the UK government has been accused of failing to balance police requirements against the encryption needs of online businesses.
The Cabinet Office issued the encryption portion of its Ecommerce blueprint last week, which deleted several roundly criticised proposals and conceded that "no single technique or system was likely to be enough to sustain law enforcement capabilities in the face of rising use of encryption by criminals".
But the report proposed that where police want access to encrypted evidence, an individual must prove that the relevant decryption keys are not in their possession. IT industry watchers and civil liberties activists derided that tack as unworkable.
Other critics said the proposals failed to go far enough in recognising that encryption plays an essential part in providing authentication that would increase consumer confidence in Ecommerce.
Caspar Bowden, director of the Foundation for Information Policy Research, told PC Week: "The (proposed) joint government and industry forum should be balanced by independent civil liberties representatives, to consider how new Internet policing methods may require new forms of oversight and safeguards. For example, putting the onus on a person to prove that they do not possess a decryption key could lead to miscarriages of justice."
Others disputed the government's assertion that the interception of encrypted material is an important element in the fight against crime.
The report said: "During 1996 and 1997, lawful interception of communications ... led to 1,200 arrests. During this period, around 2,600 interception warrants were issued. This means that on average one person involved in serious crime was arrested for every two warrants issued."
But Nicholas Bohm, Ecommerce policy adviser to Cyber Rights and Cyber Liberties UK, said: "If we are to have a campaign to inform us how important interception is to law enforcement, it will need something better than these rather dodgy statistics."
Yaman Akdeniz, head of CR&CL UK, added that the report "does not even say if there was any use of encryption in these cases."
The PIU report is available at: www.cabinet-office.gov.uk/innovation/1999/encryption/
Source: PC Week
Yeah, sorry about all that, simpers Zuckerberg
Vivaldi promotes DuckDuckGo search engine over Google over privacy concerns
Scientists say that strontium titanate could transform electronics
The wheels of justice grind surprisingly slowly