Opposition lords claimed last week that there was a chance, with cross-party support, that they could make significant amendments to curb the "worst" aspects of the Regulation of Investigatory Powers (RIP) Bill. The legislation is certainly getting a bumpy ride, but it would not be the first time that proposals extending surveillance powers have been rejected.
When the Electronic Communications Bill (ECB) became law last month, the government might have expected a chorus of approval from the industry for making digital signatures legally enforceable. Nobody noticed, however. Those with an ecommerce interest were busy concentrating on RIP, which was originally published in February.
For many in the software and IT services industry, the RIP proposals represent the dark side of the government's strategy for ecommerce and a back door re-entry of key escrow.
The key problem
Key escrow centred on a proposal that if a business wished to encrypt its communications, it must provide keys to a trusted third party (TTP) organisation. Law enforcement agencies would then have the powers to obtain these keys from a TTP. The government was persuaded that the proposals were unworkable, and dropped key escrow from the ECB. Yet within months, the RIP Bill saw surveillance back on the agenda.
The most contentious proposals give the Home Secretary the power to issue warrants allowing the police and other security agencies to intercept and decrypt email and other electronic communications where there is a suspicion of criminal activity. The legislation also requires internet service providers (ISPs) to install equipment enabling the authorities to access these messages.
"Ecommerce should be better protected from attack by serious criminals. The RIP Bill seeks to do that," Home Secretary Jack Straw argued this month. He insisted that RIP simply applies the same rules to internet messaging as currently exist for tapping telephone conversations.
Business leaders, however, remain unimpressed. "The Bill needs significant amendments," said Mark Sharman, head of policy at the British Chamber of Commerce.
Sharman's main concerns surround the liability of law enforcement agencies if an encryption key is given to the authorities and then misused. He wants firms to be given greater assurances that they will not be open to prosecution for breaking contractual agreements on confidentiality.
Simon Davies, visiting fellow at the London School of Economics (LSE), said: "The main issue is the loss of trust in international business dealings. If an overseas partner can't guarantee a high level of security, it simply won't do business with the UK."
A recent LSE report, commissioned by the Confederation of British Industry, estimated that the law will cost UK industry £46bn over the next five years as businesses move their electronic dealings offshore, and new ventures go elsewhere in search of a more secure trading environment.
It also places the cost to internet service providers (ISPs) of installing and maintaining surveillance equipment at £640m over five years - far higher than Labour's estimate of only £20m a year.
Davies said that many of these costs are indirect, including the need for ISPs to buy modified applications to run alongside surveillance equipment. This, he said, could lead to an extra five per cent to 10 per cent being added to the price of a standard software application. It could also result in ISPs having to wait an extra three months after the software is first released for modified applications to become available, resulting in significant competitive disadvantages.
Many of the government's problems are a result of uncertainty over parts of the Bill. Its own estimates put the cost for a medium to large ISP at between £23,200 and £236,000 per year, depending on the surveillance system or so-called black box it expects them to install. Ministers agreed to contribute to costs incurred by ISPs, but have not accepted that it should pay the full amount.
The situation was clouded by Straw's response to the LSE, rejecting its cost projections in part because "the number of ISPs we are likely to work with is many fewer than that estimated".
Far from placating critics, Straw merely fanned the flames. Tory peer Lord Cope said: "If this £20m - the government's estimate [of the annual cost to ISPs] - is going to be imposed on even one-tenth of ISPs, it will cause grave difficulties. The others will be at a competitive disadvantage because they have not been approached."
Opposition peers are confident that they can pass amendments to the Bill, although the government could still force it through intact. The Bill is due to be passed as an act in late summer.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches