The DTI proposals on Encryption

an overview by Richard Clayton

Last revision: 4 MAR 98

In March 1997 the UK Department of Trade and Industry (DTI) brought out a "public consultation paper" on "Licensing of Trusted Third Parties for the Provision of Encryption Services." You can read it for yourself at http://www.dti.gov.uk/pubs/

The paper proposed legislation to set up "Trusted Third Parties" (TTPs in the jargon) who will offer encryption services to the public. Encryption is going to be a vital part of commerce on the Internet and so the proposals were broadly to be welcomed.

However, there are some extremely serious flaws in the proposals:

Licensing of TTPs is to be compulsory.

But that sounds like common sense! Find out why not...

Private keys will be held at TTPs so that Law Enforcement can access them.

Well perhaps that would be in societies best interests ? Sorry, no. It won't catch out the bad guys. It puts TTPs at risk, and it can lead to undetectable forgeries. Read more about this key problem...

The liability of TTPs makes the scheme unattractive.

The DTI wants TTPs to be liable for the leakage of private keys. Sounds fair, but fraud could make TTP operations a financial disaster. Meanwhile, the TTP doesn't seem to have any liability to the community as a whole. This makes their role in certifying keys almost useless. Read on...

A 'management summary'

There's quite a lot of information and explanation in these pages, so if you want a relatively quick and punchy approach which doesn't labour the arguments, then try here!

And what's going on now ?

The consulation phase was extremely short, finishing at the end of May 1997. However, since the Conservative party lost power at the start of May, it is far from clear what will now happen. Although Labour Party policy is somewhat at odds with the DTI document, the incoming minister has yet to pronounce on the matter. But a statement is expected soon.

You can read my submission here. It's quite long, so reckon to print it out and read it at your leisure! If you've read the other parts of this site you'll find some sections strangely familiar, but there is some new material and argument there, so don't skip it if you're interested in the subject.

An annotated list of useful links is available if you would like to learn more, or just find and read some other views.

Demon Internet, who keep my bank manager happy on a monthly basis, are currently hosting a variant of the contents of these pages. Read the gloss and the Demon Internet corporate view by following this link here.

Can you help ?

It will be interesting to see what lessons the DTI draw from the widespread opposition which they have encountered.

But DON'T just assume it will all be different now we have a new government. There are international forces from the OECD, Washington and Brussels driving these proposals. We'll just have to wait and see if 'New Labour' really will mean 'New Policy'.

Return to home page

* DTI Encryption Proposals - Main Discussion
* Compulsory Licensing * Compulsory Key Escrow * Legal Liability * Summary * Links

© 1998 Richard Clayton
4th March 1998

HTML problems? mailto: webmaster@happyday.demon.co.uk
an invisible counter :-)