An international consensus is emerging on security in ecommerce, say Computing's Joanne Wallen and Dan Sabbagh.
An international political consensus on ecommerce is emerging. And after UK government attempts to impose strict control of encryption technology, it is surprisingly liberal.
Last week, at a briefing at 10 Downing Street, the government finally abandoned its three-year-old plans to introduce key escrow, a complex mechanism for interception of encrypted communications.
Meanwhile, in Dublin at the International Commerce eXchange (ICX), global encryption and security experts, governments and businesses backed the new consensus, saying ecommerce needed the lightest regulation. Even a year ago, that would have been unthinkable.
'I have never seen so much convergence of ideas and such a will to work together before,' said Hubertus Soquat, an official at the German ministry of economics and technology. Irish, Canadian and UK government officials called for co-operation between states over encryption and regulation to build consumer trust.
Key escrow, touted by the UK government as a part of its proposed ecommerce bill, was intended to balance the interests of those who wanted minimal regulation so that the market could take off, and law enforcement, which wanted to tap into encrypted communications to combat cyber crime. It required users to deposit copies of their keys, the only legal way to unlock escrow encryption code, with trusted third parties.
But key escrow would have imposed substantial costs on business and, in the borderless world of the Internet, was unenforceable unless adopted by every country.
Following years of opposition to escrow by businesses including high street banks, the Post Office, BT and Microsoft, the UK now lags behind other countries in the race to build an infrastructure that attracts Internet businesses and ecommerce.
Even UK civil servants, for so long advocates of escrow, acknowledge that crucial time has been lost. Department of Trade and Industry official Nigel Hickson, speaking at ICX, said the Canadian government was way ahead of the UK, with Ireland in second place.
Ecommerce pits national governments against each other in a race to attract business and boost economies.
Jim Ladouceur, head of cryptography policy for the Canadian government's Ecommerce Strategy Group, puts it simply: 'Speed wins'.
Canada realised last October that there was no neat way to balance the desires of the law enforcement community with those of a growing ecommerce industry. But the Canadian government decided it couldn't just sit around and wait for an answer while the ecommerce revolution took off.
'We had to take some positive actions to promote ecommerce, while continuing to work on the issues,' said Ladouceur.
The Canadian government rejected key escrow and a consensus was reached.
It gave organisations freedom to use whatever strength cryptography they liked and granted export licences for all cryptography up to and including 128-bit key length.
The Irish government also publicly rejected escrow at ICX, ahead of its own proposed ecommerce bill. Niall O'Donnchu, an official at the department of public enterprise, said the government wanted to promote an 'open, transparent, enterprise-friendly policy on electronic commerce'.
O'Donnchu, Ladouceur and Hickson called for international co-operation to produce similar policies. Three years ago this would have meant bowing to an agenda heavily influenced by the US signal intelligence agency, the National Security Agency, which has repeatedly tried to restrict the global availability of encryption.
Now it means agreeing on issues such as key escrow and establishing a legal framework for digital signatures and electronic contracts.
The Irish government proposes that electronic signatures should be admissible as evidence in a court of law, giving them parity with paper documents signed by hand and adding credibility to ecommerce transactions. The UK has virtually identical goals. Hickson said the government would impose full regulation only if 'something went horribly wrong'.
The growing international harmony was welcomed by multinationals at ICX.
Chris White, Shell International licensing attorney, said: 'The encouraging thing is the level of cooperation we are seeing between governments.'
Shell operates in 150 countries and White added: 'We don't want 150 different regulatory rules. We would prefer one global rule.'
Yeah, sorry about all that, simpers Zuckerberg
Vivaldi promotes DuckDuckGo search engine over Google over privacy concerns
Scientists say that strontium titanate could transform electronics
The wheels of justice grind surprisingly slowly