|Previous Section||Back to Table of Contents||Lords Hansard Home Page|
The noble Lord said: Here we come upon a clause that the Government have been kind enough to rewrite extensively and at the very last moment. I cannot pretend that I or anyone that I have talked to has had time to comprehend the details and effects of all these changes. Therefore, I intend to use my comments on this and subsequent amendments to explore what the Government have done and where we are now. It may be necessary. with the help of my colleagues on the Front Bench, to ask for a recommittal of this clause when we have had time to absorb the effect of all the changes, but for now I await advice and information from the Minister with great interest.
This whole clause is extraordinary. It addresses a problem that the Government imagine they might find their agencies in from time to time of being unable to decrypt information. In all the years that cryptography has been available, there has been only one case in the United Kingdom in which the Government could not decrypt all the files they needed on one particular pornographer's hard disk.
It is extraordinary that so much damage should have been done worldwide to the reputation of the United Kingdom as a place to do e-business, with anxieties and recriminations echoing round the globe from international lawyers to those who specialise in the Internet. I hope that we may reach a point with the Bill where we are able to allay some of the fears, but it will take a long time for all the damage that has been done to die away. It is extraordinary that it should be done, when there is so little need for this clause as a whole.
Encryption is in theory perfect. One can hide anything in a way that cannot be broken. Even if the clause were enacted in the way in which it was originally written, before the Government's latest amendments, it would be possible to hide anything one wanted. Internet communications will use ephemeral keys, and there will be no way of breaking that system. Cryptography has evolved in ways which have built-in deniability. The whole way in which the clause has been written assumes that there is only one key, which will reveal one set of information out of an encrypted file. But it is very easy to create a system whereby out of an encrypted file I can produce a Shakespeare sonnet or an order for hard drugs, depending on which key I use to unlock it. There is no way in which the Government can prove that there is a second key if I produce to them a first key.
One can hide whole file structures. One can hide the existence of files through the use of keys that go down in layers, so that the first key will reveal one file structure, but if one applied another key it would reveal hidden files below. If one uses suitable methods of hiding the files it is impossible to prove that the files even exist.
We are up against a system that is technically perfect, and the sort of attack envisaged by the Government will be useless against the serious and careful criminal. The sort of attack that works in practice, that has worked in all but one case to date, results from the fact that anyone doing cryptography is human, that hiding one's data in a consistent way is extremely tedious, and that people tend to take short cuts, and either as a result, or through the methods outlined in Part II--and there are plenty of them that can be used with computers--one can uncover the keys and the information needed to break people's cryptographic systems without going at it in the way envisaged in this part of the Bill.
What really frightens people about the way in which the clauses are drafted is that because they will be pretty useless against the serious criminal they will be used only against casual traffic, and, more important, will be available for use against messages received and communicated by substantial international businesses. Anyone who uses the Internet, which is essentially an open system--there is nothing secure about it--must use a high level of cryptography and assure clients, customers and associates that his systems are secure. Anything that puts that in doubt or makes business believe that by conducting this activity in the UK it lays itself open to international law suits or merely produces a loss of confidence that data stored in the UK is not as secure as data stored in a country which is not governed by this kind of legislation, even with the latest government amendments, will result in a substantial loss of business to this country.
I do not believe that business has had time to react to, and review, the latest amendments. We shall wait and see how it reacts to them and to today's debate. If, as I fear, the conclusion is that the Government have not gone nearly far enough, as suggested in today's Financial Times, we should either excise the clause from the Bill or insert a provision to say that it shall not come into effect until a further measure has been passed to authorise its implementation. A method must be found to ensure that the Government have those parts of the legislation that they require to comply with the Human Rights Act for the activities that they currently undertake but are denied the ability to trespass into areas where they have no present need to be, potentially at great cost to the UK's international business and its economic wellbeing, to use the famous definition. We should not imperil that for so little gain. If more time is needed to consider this matter and produce something with which everyone is content, we should provide the Government with a mechanism whereby that end can be achieved.
Lord McNally: I agree with much of what the noble Lord said. I added my name to the amendment because, as presently drafted, the provision seems to be "future proofing" gone mad on the part of the Government, as the noble Lord explained in his concluding remarks.
To save a repetitive speech, we have arrived at the crux of the Bill in terms of clearing the hurdle of business disquiet. We must all assess whether what the Government propose in Clauses 46 and 47 meets the concerns of business. I was interested in the initial reaction of one of the companies concerned, Vodafone. Its concern was that in seeking a proportionate response, to use a favourite expression of the noble Lord, Lord Bassam of Brighton, the provision leant too far towards the requirements of the relevant authorities and failed to take account of the needs of the businesses in question. A good deal of the debate on the clause will revolve around the question whether the powers that the Government seek are proportionate in terms of the real or imagined evils that they seek to counteract and the burdens that they place on business.
I am not one of those who believe that the new cyberspace technology is a zone that should be outside the rule of law. I still have sufficiently strong confidence in parliamentary democracy to believe that, as a necessary protection, all parliaments should be able to construct a framework within which people conduct their activities. I am not a member of the "cyberspace tendency" which believes that this is all beyond us. Who knows? Perhaps those countries which have not yet grappled with a legislative framework for e-commerce will regret it or look at our attempts as pioneering work in the field.
I hope that both sides will approach this matter in a constructive way. Industry, which has quite legitimately lobbied and stirred up media and political and parliamentary interests and obtained a response from the Government, should take a proper look at
|Next Section||Back to Table of Contents||Lords Hansard Home Page|