|Previous Section||Back to Table of Contents||Lords Hansard Home Page|
We seem to be putting the plain text at the forefront. We have been at pains to make sure that the acquisition of the key must not become a useful end in itself, because that would result in an open door, which has caused a great deal of concern. The Minister has reassured us and, as the noble Lord, Lord Cope, eloquently explained, that was the intention of our amendments.
Lord Blackwell: Like other noble Lords, I listened to the Minister with great interest and appreciated his argument, but despite the welcome movement on plain text, there are still a large number of issues, both of principle and of practicality, on which I am not fully satisfied. The issues of principle are the broadest ones. Although it may seem reasonable to the man sitting in Whitehall for the Government to have certain powers for use in exceptional circumstances, that fails to take into account the perceptions of people outside and their fears about how those powers may be used. That goes to the heart of whether these clauses are appropriate.
Leaving that to one side, there are other significant issues of practicality that have not been addressed, particularly on clause 46. They go back to some of the points that my noble friend Lord Lucas made. The word "key" is widely used in the Bill, and the amendments, as though we were talking about a key that could unlock something simply, like a door to a room. However, developing technology means that, in many cases, keys will not exist in that form. As I understand it, the dynamic generation of new keys may be ephemeral and it may not be possible after the event for somebody to say what the key was, because it was simply generated, used and destroyed.
There are some practical issues that I do not yet understand. Do the Government believe that it is technically feasible after the event to ask people to give them information that will enable them to go back and decode messages that have been encoded and transmitted using such ephemeral keys? I am not sure that it is possible. If the Government think that it is, we
Even if it is technically feasible in a way that I do not understand, I am still not sure whether the language used in the Bill creates the powers to do whatever is necessary to understand enough about the systems that generate keys to give the Government the legal entitlement to find out how to decrypt messages. Whether the legal language in the drafting is right depends on the answer to the first question and whether there are technical solutions that will deal with ephemeral keys in particular.
I do not necessarily expect an instant response, but before we conclude, we need to understand whether the Government have answers to the difficult questions on the principles and practicalities of the clauses. If not, there is a danger that the legislation will be merely tilting at windmills and none of the aims of the Bill will be achievable as technology moves on.
Lord Lucas: I very much support what my noble friend Lord Cope has said. The important issue is the level of authorisation needed to obtain a key. If the authorisation has to come from a senior judge, people will take some comfort from the fact that it will happen only in exceptional circumstances. However, it might be that only the authorisation of an official is needed. How will the system work? Clause 46(1) allows the prospective key to be obtained in a wide variety of circumstances. Some information can be obtained only by having the key. If keys are going to be asked for frequently, it will be a tedious process if authorisation has to come from a senior level. To an extent, Clause 46(1) and the amendments rub against each other.
Putting plain text to the fore is a move forward. I am trying to test how much the Government believe their own arguments. If there is a circumstance in which an agency of government has to resort to law to compel a company to give its information, is it likely then to believe the plain text which is provided? It is rather like asking someone to search his own house and then tell the police what he found when they arrived. In what sort of circumstances does the Minister envisage that plain text would suffice? One can imagine a number of such circumstances; for example, where a trusted organisation was asked to reveal information, perhaps, about an employee who was considered to be suspect.
But does the Minister feel that that would be the case in the vast majority of circumstances? Whether or not this will work, as my noble friend Lord Blackwell, said, will the circumstances be so very special or will the Government use the excuse, as it were, that the plain text is just not good enough once the Bill is safely tucked away on the statute book?
I shall refer to my Amendment No. 163, which is buried in this enormous group of 34 amendments. Where the surrender of keys is being demanded, it is essential that such demands should be subject to the appropriate tests of both reasonableness and--I use a favourite word of the Minister--proportionality. I am afraid that I did not have the advantage of seeing the government amendments at six o'clock last night. I saw them only this afternoon at about three o'clock. To what extent does he believe that his amendments have answered the concerns raised in my Amendment No. 163?
I should say for the record that I acknowledge the benefit to be derived from the primary purpose of this part of the Bill. It is self-evident that, where criminal elements avail themselves of the use of the protection of encrypted electronic messages, there are strong arguments in favour of law-enforcement agencies having adequate and appropriate powers to access such protected information. I emphasise my use of the phrase "adequate and appropriate powers". Like many others, I remain unconvinced that the way forward is for the UK Government to take what I perceive to be unilateral action in this area. My personal belief has always been, and continues to be, that that would be better delivered by means of international agreement.
The reasons are manifest. While my noble friend Lord Lucas has already elucidated them most eloquently, they bear repetition. First, the criminal fraternity will, in any event, develop ways round key disclosure. For example, with the free availability of steganography programmes from down-load sites, it would seem that the Internet community, let alone criminal elements, have already discounted that part of the Bill.
Secondly, there are legitimate concerns that the imposition of that regulatory regime will act adversely upon the UK's ability to compete effectively in both the e-commerce and financial services industries, the more so given that those are such hugely mobile industries.
Thirdly, the more logical and effective recourse for law enforcement agencies in this area is through such means as forensic hacking. There must be a risk that that investigatory avenue could begin to play second fiddle to key disclosure. That would be extremely regrettable.
I have a few general questions. First, do the Government have a finger on the pulse of what percentage of encrypted traffic is derived from criminality? While I acknowledge that that is difficult to quantify, I have yet to see any figures which enable us to assess the scale and seriousness of the problem. Given the huge popularity of the Internet, logic leans me towards me the supposition that its use by criminal elements is, in reality, quite a small percentage of overall traffic.
Following on from that, it would be extremely helpful if the Minister could afford the Committee some insights into how other countries are facing up to that problem. In other words, how do the Government's proposals compare with practice, either existing or proposed, elsewhere in terms of scale and degree? Do other countries, particularly our competitors, have, or are they taking, powers to require key disclosure in whatever form? In the event that they are, how do their safeguards compare with the regime proposed in the Government's amendments. Needless to say, that is of paramount importance in assessing the sort of impact which the Bill may have on our competitive position.
At the risk of stating the obvious, there is a very significant and important practical point at issue here. One almost tires of saying it, but the single biggest obstacle to the take-up of e-commerce is that of trust in its confidentiality and security as a medium of communication and exchange. It must be said that a regulatory regime which conveys the perception that such matters are being compromised is, by definition, antipathetic to the Government's aspiration to make the UK the best and safest place for e-commerce in the world.
I have but one more point of concern which is relevant in this regard and I hope that the Minister will assist me with it. I am uncertain how the new cast of the relevant clauses will interact with other legislation, both here and overseas. In particular, are the Government entirely satisfied that in instances where the surrender of a key is required, there is no likelihood that inadvertent breaches of contractual or legal obligations for confidentiality will occur? It may well be that I am worrying unnecessarily on the point but some clarification from the Minister would help.
Finally, like my noble friend Lord Lucas, I subscribe to the view that, in the circumstances, the best solution available is to withdraw the whole issue of key disclosure from the Bill. With the best of imaginations, it is very difficult to formulate the sort of amendments required to unravel the harm which those proposals may cause to UK plcs.
Back to Table of Contents
Lords Hansard Home Page