Previous Section Back to Table of Contents Lords Hansard Home Page


Lord McNally: I shall not go into great detail. From what the Minister has said, I think that we are close to an agreement, but we shall read Hansard and take wider advice.

We seem to be putting the plain text at the forefront. We have been at pains to make sure that the acquisition of the key must not become a useful end in itself, because that would result in an open door, which has caused a great deal of concern. The Minister has reassured us and, as the noble Lord, Lord Cope, eloquently explained, that was the intention of our amendments.

Lord Blackwell: Like other noble Lords, I listened to the Minister with great interest and appreciated his argument, but despite the welcome movement on plain text, there are still a large number of issues, both of principle and of practicality, on which I am not fully satisfied. The issues of principle are the broadest ones. Although it may seem reasonable to the man sitting in Whitehall for the Government to have certain powers for use in exceptional circumstances, that fails to take into account the perceptions of people outside and their fears about how those powers may be used. That goes to the heart of whether these clauses are appropriate.

Leaving that to one side, there are other significant issues of practicality that have not been addressed, particularly on clause 46. They go back to some of the points that my noble friend Lord Lucas made. The word "key" is widely used in the Bill, and the amendments, as though we were talking about a key that could unlock something simply, like a door to a room. However, developing technology means that, in many cases, keys will not exist in that form. As I understand it, the dynamic generation of new keys may be ephemeral and it may not be possible after the event for somebody to say what the key was, because it was simply generated, used and destroyed.

There are some practical issues that I do not yet understand. Do the Government believe that it is technically feasible after the event to ask people to give them information that will enable them to go back and decode messages that have been encoded and transmitted using such ephemeral keys? I am not sure that it is possible. If the Government think that it is, we

28 Jun 2000 : Column 968

need to understand why, and how it can be achieved. If it is not technically feasible, the whole apparatus will fall flat on its face, because everyone will move to those forms of encryption that cannot be caught under the powers in the Bill. Only the honest and the simple will be constrained.

Even if it is technically feasible in a way that I do not understand, I am still not sure whether the language used in the Bill creates the powers to do whatever is necessary to understand enough about the systems that generate keys to give the Government the legal entitlement to find out how to decrypt messages. Whether the legal language in the drafting is right depends on the answer to the first question and whether there are technical solutions that will deal with ephemeral keys in particular.

I do not necessarily expect an instant response, but before we conclude, we need to understand whether the Government have answers to the difficult questions on the principles and practicalities of the clauses. If not, there is a danger that the legislation will be merely tilting at windmills and none of the aims of the Bill will be achievable as technology moves on.

Lord Lucas: I very much support what my noble friend Lord Cope has said. The important issue is the level of authorisation needed to obtain a key. If the authorisation has to come from a senior judge, people will take some comfort from the fact that it will happen only in exceptional circumstances. However, it might be that only the authorisation of an official is needed. How will the system work? Clause 46(1) allows the prospective key to be obtained in a wide variety of circumstances. Some information can be obtained only by having the key. If keys are going to be asked for frequently, it will be a tedious process if authorisation has to come from a senior level. To an extent, Clause 46(1) and the amendments rub against each other.

The Government also need to address the issue of self-incrimination. If someone knows that the data that they have encrypted will incriminate them, how can they be made to reveal the key?

Viscount Goschen: I welcome the thrust of the government amendments. Will the Minister tell us a little more about the special circumstances under which keys will be required?

Putting plain text to the fore is a move forward. I am trying to test how much the Government believe their own arguments. If there is a circumstance in which an agency of government has to resort to law to compel a company to give its information, is it likely then to believe the plain text which is provided? It is rather like asking someone to search his own house and then tell the police what he found when they arrived. In what sort of circumstances does the Minister envisage that plain text would suffice? One can imagine a number of such circumstances; for example, where a trusted organisation was asked to reveal information, perhaps, about an employee who was considered to be suspect.

28 Jun 2000 : Column 969

But does the Minister feel that that would be the case in the vast majority of circumstances? Whether or not this will work, as my noble friend Lord Blackwell, said, will the circumstances be so very special or will the Government use the excuse, as it were, that the plain text is just not good enough once the Bill is safely tucked away on the statute book?

7.30 p.m.

The Earl of Liverpool: I, too, express my gratitude to the Minister for the amendments that he has tabled, which may go some way towards allaying my fears.

I shall refer to my Amendment No. 163, which is buried in this enormous group of 34 amendments. Where the surrender of keys is being demanded, it is essential that such demands should be subject to the appropriate tests of both reasonableness and--I use a favourite word of the Minister--proportionality. I am afraid that I did not have the advantage of seeing the government amendments at six o'clock last night. I saw them only this afternoon at about three o'clock. To what extent does he believe that his amendments have answered the concerns raised in my Amendment No. 163?

The Earl of Northesk: Like other Members of the Committee, I thank the Minister for his full explanation. However, I hope that the Minister will forgive me if I take up a few points.

I should say for the record that I acknowledge the benefit to be derived from the primary purpose of this part of the Bill. It is self-evident that, where criminal elements avail themselves of the use of the protection of encrypted electronic messages, there are strong arguments in favour of law-enforcement agencies having adequate and appropriate powers to access such protected information. I emphasise my use of the phrase "adequate and appropriate powers". Like many others, I remain unconvinced that the way forward is for the UK Government to take what I perceive to be unilateral action in this area. My personal belief has always been, and continues to be, that that would be better delivered by means of international agreement.

The reasons are manifest. While my noble friend Lord Lucas has already elucidated them most eloquently, they bear repetition. First, the criminal fraternity will, in any event, develop ways round key disclosure. For example, with the free availability of steganography programmes from down-load sites, it would seem that the Internet community, let alone criminal elements, have already discounted that part of the Bill.

Secondly, there are legitimate concerns that the imposition of that regulatory regime will act adversely upon the UK's ability to compete effectively in both the e-commerce and financial services industries, the more so given that those are such hugely mobile industries.

28 Jun 2000 : Column 970

Thirdly, the more logical and effective recourse for law enforcement agencies in this area is through such means as forensic hacking. There must be a risk that that investigatory avenue could begin to play second fiddle to key disclosure. That would be extremely regrettable.

I have a few general questions. First, do the Government have a finger on the pulse of what percentage of encrypted traffic is derived from criminality? While I acknowledge that that is difficult to quantify, I have yet to see any figures which enable us to assess the scale and seriousness of the problem. Given the huge popularity of the Internet, logic leans me towards me the supposition that its use by criminal elements is, in reality, quite a small percentage of overall traffic.

The important point is that without that knowledge, it is all but impossible to assess--I use that word again--the proportionality of the Government's proposals.

Following on from that, it would be extremely helpful if the Minister could afford the Committee some insights into how other countries are facing up to that problem. In other words, how do the Government's proposals compare with practice, either existing or proposed, elsewhere in terms of scale and degree? Do other countries, particularly our competitors, have, or are they taking, powers to require key disclosure in whatever form? In the event that they are, how do their safeguards compare with the regime proposed in the Government's amendments. Needless to say, that is of paramount importance in assessing the sort of impact which the Bill may have on our competitive position.

I turn from the general to the specific. The Minister proposes a number of amendments which substitute the phrase,


    "requirement to disclose the key",

with,


    "disclosure requirement in respect of the protected information".

That is all good and well. That is an essential part of the recast of the clauses. I simply ask the Minister why, in the circumstances, and for the sake of consistency, it is not possible to use the formulation,


    "disclosure of protected information in an intelligible form".

In other words, I should be grateful if the Minister will explain the distinctions between the two phrases.

At the risk of stating the obvious, there is a very significant and important practical point at issue here. One almost tires of saying it, but the single biggest obstacle to the take-up of e-commerce is that of trust in its confidentiality and security as a medium of communication and exchange. It must be said that a regulatory regime which conveys the perception that such matters are being compromised is, by definition, antipathetic to the Government's aspiration to make the UK the best and safest place for e-commerce in the world.

To be fair, the Government have said consistently that it was and is their intention that only in exceptional circumstances will Clause 46 notices

28 Jun 2000 : Column 971

require the surrender of keys. But that is not the way in which the Bill was originally drafted, nor, on my reading, do the amendments spoken to by the Minister entirely resolve the issue. However inexpertly, my amendments in the group, Amendments Nos. 139A and 164A, sought to achieve the same objective.

I have but one more point of concern which is relevant in this regard and I hope that the Minister will assist me with it. I am uncertain how the new cast of the relevant clauses will interact with other legislation, both here and overseas. In particular, are the Government entirely satisfied that in instances where the surrender of a key is required, there is no likelihood that inadvertent breaches of contractual or legal obligations for confidentiality will occur? It may well be that I am worrying unnecessarily on the point but some clarification from the Minister would help.

Finally, like my noble friend Lord Lucas, I subscribe to the view that, in the circumstances, the best solution available is to withdraw the whole issue of key disclosure from the Bill. With the best of imaginations, it is very difficult to formulate the sort of amendments required to unravel the harm which those proposals may cause to UK plcs.


Next Section Back to Table of Contents Lords Hansard Home Page