The CBI welcomes this draft proposal for legislation to underpin trust in the emerging electronic world. However, the CBI has serious concerns as to the practicality of the current proposals and their impact on the ability of UK industry to take advantage of emerging opportunities. We believe that further consultation is needed before draft legislation can be drawn up.

This response is in three parts:

• The first part provides general comments on the proposals contained in the Consultation Paper, and gives suggestions on a way forward.
• The second part gives answers to the specific questions raised in the Consultation Paper.
• The third part consists of two Annexes - one giving detailed comments, paragraph by paragraph, on the Consultation Paper, and the other providing some scenarios that illustrate how these proposals could affect industry.

1. Appropriateness of Proposals

1.1 The CBI has actively supported the Government's Information Society Initiative. We welcome any initiatives that help make the UK a world leader in the new age of electronic commerce. Our response to the announcement of 10 June 1996 on the provision of encryption services on public networks highlighted the opportunities. However that response also raised concerns that unduly restrictive legislation could adversely affect the ability of UK industry to exploit these opportunities and might discourage rapid development of a public key infrastructure in the UK.

1.2 The CBI supports proposals that encourage the use of public key infrastructures in support of electronic commerce by legitimate business while creating trust in such services offered to the general public. The proposals put forward in the Consultation Paper do not recognise the complex trust relationships that already exist in industry, imposing costly licensing of public key infrastructure services onto legitimate business processes to no benefit.

1.3 The CBI has also supported the development of the OECD Guidelines on Cryptography Policy, which have just been published. We recognise that the needs of individuals and industry must be balanced against the needs of law enforcement and national security, and see the OECD Guidelines as providing a framework within which that balance can be struck. The CBI believes that the exclusions proposed do not strike the right balance between the various Principles in that document. The proposed licensing requirements, in the view of the CBI, are not "..no more than are essential to the discharge of government responsibilities…" (Principle 2).

1.4 The CBI believe that the proposals place restrictions on the ability of UK industry to work with partners internationally. They also appear to force international companies doing business with UK companies, or in the UK, to abide by the proposed licence conditions. While this might be acceptable if such licence conditions were widely imposed internationally, their early introduction just in the UK would create a very unbalanced international trade environment. This would act to the detriment of UK industry, and would discourage inward investment by companies investing in the emerging electronic world.

1.5 The Consultation Paper is very imprecise in its use of terms, which makes it difficult to determine exactly the implications of some of the proposals. In particular there is an over-emphasis on the need to obtain the keys of encrypted information being communicated. The reference to Encryption Services in the Title of the Paper reflects this. Future proposals should recognise the different uses of cryptography and types of service that can be offered, and how regulation will vary between them. The Paper also assumes particular technical solutions (especially for the management of keys used for confidentiality). Any proposed legislation must be technically neutral if it is not to need continual amendment to cater for new technologies and applications.

1.6 In order to understand better how these proposals might affect industry, a set of typical scenarios was created. These were used to identify where licensing might be required in the business environment, and to draw conclusions on the extent to which industry could require TTP licences under these proposals. These scenarios are attached as an Annex for information. The CBI would be happy to discuss their implications with the DTI.

1.7 The CBI considers that, overall, the proposed legislation will not create an environment that encourages UK industry to exploit the opportunities offered by electronic commerce. These proposals can be interpreted as placing a substantial regulatory burden on all companies trading electronically, and appearing to focus on the needs of law enforcement to access keys used for confidentiality at the expense of the needs of industry for an environment in which public key based processes for creating trust in electronic commerce can rapidly be established.

1.8 These points are covered in more detail in the answers to the Questions listed in Section VIII of the Consultation Paper, included in this response. We have also provided in an Appendix to this response a detailed paragraph by paragraph commentary on the Consultation Paper.

2.1 The CBI would like to see a clear distinction made between the different uses of cryptography and types of service that can be offered. The way regulation is applied can vary accordingly. In particular, the CBI would propose that cryptography services provided in support of legitimate business activities be treated differently from those offering commercial or public cryptographic services as a business to the general public. This would enable industry to operate internationally with minimum regulatory overheads while creating trust in commercial services for smaller businesses and individuals.

2.2 The CBI suggests that a better approach would be for the legislation to define clearly the Principles that need to be followed for provision of cryptography services of different types and use. The legislation can then provide mechanisms for the verification of conformance to those principles that are relevant in different situations. For those offering commercial cryptographic services to the general public, this could be a full licensing process, while for businesses providing such services purely in support of their business operations this could be by a simple registration process, or by a simple open licence application. This would remove from industry the burden of setting up expensive independent cryptography services while ensuring that the essential mechanisms to meet government access needs were, if appropriate, in place. Such an approach could also more easily be technically neutral.

2.3 The CBI considers that significant additional work needs to be done in other areas such as liability, relationships with existing and proposed legislation (such as to include the effects of the Data Protection Directive), relationships with other initiatives (especially internationally), recognition of digital signatures, and licence terms and conditions. There is also the need to consider the implications of proposals being put forward by the newly elected government such as adoption of the European Convention on Human Rights. We recommend that further consultation take place before draft legislation is drawn up. We are concerned lest legislation is rushed through that requires so much interpretation that UK industry is severely restricted and people lose trust in the licensing system because it is too confusing.

2.4 This could, with advantage, be prioritised with initial legislation focusing on establishing trust services as part of legitimising use of electronic transactions, and altering The Interpretation Act so that all future statutes are interpreted in an electronic friendly way unless they contain an express provision to the contrary.

This section provides views on the Questions listed in Section VIII of the Consultation Paper. In each case the Question is repeated, with the CBI view following.

Note that, throughout these answers, the term cryptographic services has been used rather than encryption services, since the former is more representative of what industry needs and uses. It is also consistent with the terminology used in the OECD Cryptography Policy Guidelines.

The CBI considers that the proposals as written in paragraphs 48 are unduly restrictive, and do not recognise the way that industry operates. The exclusions defined here are too imprecise - for example, what is meant by a closed user group or employee - and appear to conflict with statements in paragraph 68. As can be seen from the scenarios in Appendix A, companies form complex relationships both internally and with other organisations. Such relationships already imply trust relationships, and industry is already extending these to include trust in public key infrastructures and exchange of confidential information electronically. Examples that would appear to require licences for providing cryptographic services under the current proposals are consortiums, virtual corporations and relationships with and between groups of suppliers. However, since most companies will interact with people and organisations outside their control, they will inevitably interact with a licensed TTP, resulting in a need for them to become licensed whatever the exclusions. Paragraph 69 appears to acknowledge this.

The exclusions in paragraph 49 are also unclear, and could be technically dependent. For example, it is not clear if applications supporting the SSL or SET protocols would be exempt.

Overall, the CBI is concerned that exemption on the grounds described would require very detailed definitions and would always be subject to complex interpretation. We recommend that a different approach be taken, with legitimate business having the ability to register business-related cryptography services rather than having to provide the full, independent TTP environment required by these proposals.

The vast majority of current written signatures are accepted on the basis of mutual trust, and there is no obvious reason why this should change with digital signatures. Where additional confidence is required (in situations equivalent to the need for witnesses to a written signature, for example) there may be a need to ensure that such digital signatures are certified by a Certification Authority recognised contractually between the parties involved. This may be the Certification Authority service provided within an organisation (for example where an organisation is exchanging information with a contracted supplier) or by a mutually agreed third party. There is no business need for such third party to be licensed.

Where business is carried out with people with whom no contractual relationship exists (for example with a member of the public) there would be advantage in ensuring that their public keys are certified by a trustable authority. In such cases there could be advantage in such public certification authorities being licensed.

There is a general need to provide a better legal framework for the recognition of electronic documents and signatures. Care must be taken to ensure that any legal framework reflects the way in which digital signatures are used. Digital signatures are one technical means of achieving certain business functions in the electronic world, and it is the function that needs to be legally recognised. This may require more than just confirmation that the certificate attached to a public key is valid. As pointed out in the Consultation Paper, the Society for Computers and Law has done work in this area and concluded that "These are complex issues and cannot be rushed. Such changes will possibly help to underpin secure electronic commerce for a long time to come. We cannot afford therefore to get it wrong.", so any legislation in this area should be carefully considered, including the impact of TTP licensing. However, legislation to legitimise the use of electronic transactions would be useful in the short term. A rebuttal presumption could introduce a positive incentive for industry to use electronic transactions, but would need to take account of factors such as the erosion of cryptographic strength over time. A transaction that is secure today may not be seen as secure in 6 years time (the statutory limitation period).

The CBI considers that the licensing approach proposed is too restrictive, especially if all licences require the level of investment implied by the criteria in Annex C. Although it is implied that licences are only needed where cryptographic services are offered to the public, interpretation of this elsewhere suggests all businesses will be forced to licence their cryptographic services as well leading to a huge demand on the licensing authority.

The CBI recommends that the licensing process be different for different types of cryptography service, and for different types of use. Full licensing, as proposed, would be appropriate for those offering cryptography services as a commercial service or business to the general public. However, some form of registration or open licensing arrangement (such as exists now for export of certain goods) would be more appropriate for use within a legitimate business context.

The CBI sees no reason why licences should be renewable. Provided service providers conform to the terms of their licence it should remain in force indefinitely.

While the set of defined licence conditions may be appropriate for the most stringent commercial cryptographic service provision to the general public, the CBI suggests that a subset of these conditions would be appropriate not just for the licensing of specific services, but also for the licensing of different types of use by legitimate businesses, as discussed earlier. Indeed such costly licence conditions will positively discourage investment in cryptographic service provision (especially by smaller entrepreneurial firms) to the detriment of UK business overall.

As discussed in the answer to paragraph 50, the exclusions do not recognise the complex ways in which business is conducted. Statements in paragraphs 66-69 also appear to contradict or ignore statements in paragraph 48 - for example on closed user groups. Finally paragraph 69 effectively admits that any exclusions are, in practice, meaningless. These proposals would also discourage organisations from basing in the UK cryptographic services supporting particular industries - such as the banking industry or the shipping industry - to the detriment of the UK balance of payments.

The CBI would prefer to see the licensing process applied in a way that did not mandate the need for companies to create expensive, multiple independent TTPs within their organisations in order to do business. The proposed exclusions appear not to achieve this.

If the UK is to become a leading player in the emerging world of electronic commerce, it must encourage investment in businesses offering a range of relevant services to customers world-wide. A distinction needs to be made between services provided in a business context (perhaps within a closed user group), and services offered on a commercial basis to the general public. Any unreasonable restrictions on the former will damage the ability of the UK to exploit this emerging opportunity since trust is established through commercial arrangements between the parties involved and strong licensing conditions would be an additional cost burden. Where services are offered commercially to the public world-wide, strong licensing conditions may be seen as a benefit, and encourage the establishment of such services in the UK, provided the cost of conforming to those licence conditions is not so high as to discourage investment.

While the CBI recognises the advantages of providing a central repository to manage legal access to confidentiality keys, we have two major concerns.

First, any such repository must be seen to be completely independent of any government agency or control, and of control by the law enforcement authorities. It must also report publicly on its operations, be able to present on request public legally binding audit trails of its operations and be liable for any faults.

Second, any technology that is required to enable the automatic operation of the repository must be demonstrated to conform to a publicly available security policy. Given that most products that could be affected by such technology are sourced from outside the UK, it will also be necessary for non-UK product suppliers to agree to support such technology. Enforced use of a technology supported only in the UK would cripple UK organisations that trade internationally.

There also needs to be a clearer definition of exactly what is handed over on such requests. Technologies for encrypting information differ between products, and whether the information is being stored or communicated. For example, Microsoft Word can encrypt documents using a local key provided by the user; firewalls providing "IP tunnelling" encrypt all external communications between two firewalls using a random session key generated once they have been mutually authenticated. Associated information on certificate formats or algorithms used may also be needed.

There are other issues in this process that need clarification. An example is the need to inform the owner of a key that has been accessed under warrant, but who is subsequently not charged, that the key has been compromised and should be changed. Who carries the cost in such cases is not defined.

The CBI considers it desirable that the legislation should refer to other forms of legal access - for example legal access provisions for the purposes of other legislation, such as insolvency.

Some consideration should be given as to how to deal with privileged information, for example that between a solicitor and their client. An appropriate mechanism must also be incorporated specifically to protect information where it relates to the obtaining and giving of legal advice in relation to a prosecution.

The Data Protection Act and Computer Misuse Act were not drafted with this legislation in mind. Therefore this legislation should also make express provision for remedies for the unauthorised deliberate, reckless or negligent disclosure of a private key of any form. This should apply even where the discloser of such keys is not an individual, or a public or private company but, for example, a government agency or a law enforcement body. The CBI recommends that this be a criminal offence to reinforce the trust in those providing commercial cryptography services to the general public. The government’s proposals in this area would need to be further consulted upon once the draft proposals have been prepared.

Para 89 The Government invites comments on whether the principle of strict liability (as described in para 86-88) is appropriate in these circumstances.

The CBI is not entirely clear what is being proposed, with both a system of strict liability and a Tribunal, which appears to be assessing damages. However, the principle intended where strict liability is applied may be reasonable subject to clarification of detail. For example, the maximum must be sufficiently large to make the resultant compensation reasonable; the TTP should be liable for any unauthorised disclosure of any information provided in confidence or any service negligently supplied, not just disclosure of encryption keys; this liability should extend to all types of employee (including any associates or contractors used). The liability of agents requesting access to or legitimately handling keys is also not clear.

The CBI strongly supports the creation of an appeals body that is independent of both the regulatory and licensing authorities and of Government control.

The CBI strongly supports the creation of an independent Tribunal with the powers described in Para 92. Its part in establishing liability needs clarification, as stated in the answer to paragraph 89.

The CBI sees ITSEC evaluation as adding significantly to the cost of provision of cryptography services, and to the time taken to set them up. If the interpretation of these proposals does result in most companies having to licence their cryptography services, then mandatory ITSEC evaluation would be an unacceptable burden. It would also discourage investment by smaller service companies.

The CBI believes that it would be sufficient to product a clear set of Guidelines or Codes of Practice on the security system, business and administrative processes that would need to be provided for different types of cryptographic service. There could also be a recommended Security Policy for cryptographic service providers to follow. These documents could be used to confirm that service providers are, indeed, conforming to licence conditions. ITSEC evaluation of products used by service providers could provide an additional, optional, degree of confidence that commercial services offered to the public have integrity, but this may not be cost effective.

This Appendix includes comments on individual paragraphs in the Paper. These detailed comments are preceded by general observations on the Paper.

A.1 A fundamental problem with the Paper is the way the term "encryption services" is used without a clear definition. This is not helped by the occasional use of other terms, such as "protection services" which are not defined at all.

Paragraph 74 provides a definition of "encryption services" which is very broad. As one example, it includes both key certification and key revocation services. Paragraph 68 states that "...should it decide to extend the protection service to its suppliers, then it would require a licence." If company A, with a Certification Authority, is working with a supplier with its own Certification Authority, they are each certifying the keys of their employees and providing public key verification and revocation services to the other company. It is not clear whether this is an encryption service requiring a licence. The same appears to be true if Company A chose to offer a Certificate Authority service, as part of the supply contract, to those of its suppliers who did not have one.

There are other similar examples of ambiguity in the way services are described that lead the CBI to conclude that licensing could become effectively mandatory for any cryptographic service if the resultant legislation is not very carefully worded.

A.2 The Paper does not distinguish between licensing conditions for services related to confidentiality and other types of service. The CBI believes that there are significant differences between the two, and that any legislation should distinguish clearly between them. The CBI notes that draft legislation published by the US Administration in March 1997 makes such distinction, and also proposes voluntary licensing.

A.3 The Paper refers repeatedly to "private encryption key". The CBI regards this form of words as being unnecessarily restrictive. A secret key is usually used to encrypt information. This secret key may be generated uniquely for that exchange or session, or may be allocated for a longer period of time. It may even be the private key of a public/private key pair. The way that encryption keys are made available to the relevant authorities will depend on the technology used. The term "private encryption key" implies both that a private key from a public/private key pair is used for confidentiality, and that a public key based technology (such as the Royal Holloway scheme, perhaps) is used for key escrow. There are products - such as Trusted Information Systems RecoverKey - that do not work in this way.

The legislation should be technology neutral both in the way information is encrypted and in the way keys are escrowed. It should allow the use of any product that provides access to plaintext, or to associated encryption keys.

The Paper also fails to understand the difference between key escrow and key recovery, which provide for very different means of accessing encryption keys. It also fails to allow for situations where only the plaintext of encrypted information can be provided, as is being proposed with some "key recovery" technologies.

A.4 The paper fails to take account of the ways in which industry establishes trust relationships. It appears to assume a very basic trust model where no business trusts anything outside its own organisation. It would help understanding of these proposals if the DTI could publish the assumptions underlying them, especially on the way it is thought trust is established in business, and the extent to which current legislation, for example to obtain the keys of stored information under the same process as for the information itself, does not meet the needs of law enforcement or national security.

Paragraph numbers are those used in the Consultation Paper.

1. This paragraph is encouraging as it refers to TTPs providing a range of information security services to their clients. The CBI strongly supports this for Trusted Third Parties that provide commercial services to the general public. However this must not result in the imposition of burdensome regulations on industry in support of normal business processes.

9. This introduces the term encryption services. The CBI recommends that this be changed to cryptographic services to bring this document into line with the OECD guidelines and to reduce the undue emphasis, apparent throughout the paper, on encryption at the expense of other cryptographic services.

The CBI also notes that this paper covers a far wider range of services, including access to encrypted stored information, than was indicated in the announcement of June 1996, which focused on encryption services on public networks. Unfortunately, these additional services are covered inconsistently, making the Paper as a whole difficult to assess properly. Future versions of the Paper need to address the different types of cryptographic services, and their different uses - proposing appropriate licensing conditions for each.

14. The CBI agrees that a key issue is that of Trust - but this need only be reinforced where suitable processes to establish trust do not already exist. This Paper does not acknowledge that industry already establishes trust in support of its business processes in a variety of ways, nor that industry is already successfully extending those processes to include trust in electronic transactions and the exchange of confidential information. A simple trust model seems be have been assumed where a company trusts its own internal operations, but no external agency or organisation whatever its relationship with the company. Within industry the current obstacles to electronic commerce are not levels of trust, but the absence of:

• a technical framework which supports such processes. This does not require legislation - rather it requires encouragement of investment in suitable infrastructures (such as are being developed in other countries).
• any more general legal or commercial basis, other than normal commercial contracts, for the acceptance of electronic documents and transactions.

This proposal progresses neither of these issues.

The CBI recognises that the introduction of a mandatory licensing scheme for those wishing to offer commercial cryptographic services as a business to the general public and to small companies would encourage trust in the emerging electronic world, but this should be done in a way that does not overly burden industry in support of normal business processes.

15. This paragraph well illustrates a major problem with the Paper. Its main focus is on the use of cryptography for confidentiality over networks. It hardly discusses the many other uses for which industry has been demanding strong cryptography - such as for integrity, authentication, stored information, and so on. Industry has been prevented from using such technologies primarily because of restrictive export controls by other governments. There are also clear confusions of interest in that this paragraph states that "...essential that the ability of security, intelligence and law enforcement agencies to conduct effective interception of communications under the IOCA 1985 is preserved..." which appears to conflict with the statement elsewhere that UK citizens and companies have free choice of cryptography. It is unclear to the CBI how these proposals will ...facilitate the use of cryptography for everyone. Further, it states that ...technology made available....that these proposals wish to introduce which implies control over technology provision. This is not in the spirit of the OECD Guidelines.

16. Paragraphs 15, 17 and the original Statement in June 1996, all address access to encrypted communications and the need to ensure that IOCA remains a valid tool for law enforcement. However, paragraph 16, and the rest of the Paper, appear to include a range of other "encryption services" including access to stored information. These are outside the scope of IOCA and subject to different sets of laws. These proposals do not explain what changes, if any, are needed to adapt existing laws to allow legal access to encrypted stored information.

17. Paragraph 16 states the intention is to licence TTPs wishing to provide a range of encryption services to their clients and the need to protect users. This paragraph states that TTPs providing encryption services to the general public will be licensed. The CBI believes that the requirements of different players in the community are different and would seek a consistent definition of who the various players are. If the intent of this paragraph is that only services offered to the general public are licensed, then the body of the proposals in this paper are not consistent with this paragraph.

18. Conversely, if the UK introduces a licensing regime that unduly restricts UK industry before equivalent conditions are introduced elsewhere, this will make the UK unattractive to emerging new businesses and result in it not being able to create a leading position in the emerging electronic world.

23. The OECD was careful to distinguish use of cryptography and encryption. It has created a Cryptography Policy, not an Encryption Policy. These proposals should follow the OECD Principles.

24. The OECD Guidelines stress that the 8 Principles should be taken as a whole, and a reasonable balance struck between them. The CBI believes that these proposals do not strike a reasonable balance - erring on the side of law enforcement at the expense of Choice, Development of and Standards for Cryptographic Methods, and of International Co-operation.

26/27. The CBI regrets that these proposals appear to take little account of the work going on elsewhere, including that listed in these paragraphs. There is a distinct danger that the UK could enact legislation that puts UK industry in an inconsistent position with respect to its international partners and competitors.

27. The CBI observes that the US March 12 Key Recovery Draft Legislation does distinguish between licensing for key recovery services, and licensing for other services. Licensing is also voluntary. The CBI also points out that the other examples quoted include investment in appropriate public key infrastructures, and do not include any requirement within the country for mandatory licensing of any cryptography service - especially relating to confidentiality.

Section IV This section as a whole concentrates almost exclusively on the use of cryptography for confidentiality. This is but a small part of the overall use of cryptography. This illustrates well the bias of the Paper towards confidentiality at the expense of those other uses. The Paper would have benefited from a clear separation of the different uses of cryptography.

30. Integrity, and other non-confidentiality uses are not mentioned. However, they are key to trustworthy electronic commerce and are of greater importance to industry.

32. Public key cryptography is used for much more than just to verify the integrity of the sender or data, underpinning a number of electronic business processes.

33. Public key systems are rarely used for confidentiality - they are far too inefficient. They can be used for key management, which is not the same thing. They are also used for a range of other functions, of which digital signature is but one. Note also that there are technologies that provide confidentiality of communications that do not rely on public keys directly associated with a person to create the session key. An example is the SSL protocol.

34. Certification Authorities and Trusted Third Parties are not the same. The former is a function that can be performed by any appropriate mechanism - in particular it need not be an external Third Party. Within industry there are existing processes to establish trust between parties that do not need the use of an independently trusted third party.

A Trusted Third Party is an independent agent providing defined security services to clients or customers. One such service may be that of certifying public keys (i.e. providing the certification authority function). This Paper continually confuses these terms, which causes difficulties in interpretation.

36. In the last but one sentence, it says ...who has encrypted files may resign without leaving information concerning the private key... This statement assumes a particular mechanism for gaining access to keys used to encrypt stored data that involves allocation of a public/private key pair specifically for confidentiality - as has been assumed for access to data encrypted in communications. The CBI would prefer the legislation to be technology neutral, and refer only to a phrase such as "access to the plaintext or the encryption key by appropriate means".

This paragraph also confuses access to information being encrypted via IOCA and access to encrypted stored information. The CBI suggests that current legal mechanisms may be adequate to force access to the keys associated with stored information - and this has nothing to do with the needs of IOCA. Nowhere are such differences discussed in this Paper.

37. This paragraph, and the Paper generally, confuses key escrow and key recovery, which are two very different approaches to the storing of keys. The last sentence appears to assume a particular technical solution based on public key technology only for encrypted communications. Indeed, key recovery and key escrow technologies are already available that do not conform to this model. Legal access should be to the plaintext or the encryption key, using whatever technology is available.

38. The real issue facing UK industry is that the vast majority of products used in the support of information systems are sourced from outside the UK. Any UK legislation must take account of this. Similarly, any relaxation of UK export controls for cryptographic products and technology is only of use if the associated key management technology is universally accepted. Licensing of TTPs by itself will not lead to easier export - that will be tied to support of any implied technology linked to licensing of TTPs. The CBI presumes that there is no intention of banning cryptography products that do not support specific UK-defined key recovery or key escrow technologies or of mandating specific technologies for use by TTPs.

39. These proposals do not distinguish between cryptography services offered to the general public as a commercial business, and those provided as part of established business arrangements. As worded the paragraph implies that any business offering cryptography services, including secure communications, as part of a commercial relationship (such as between buyer and supplier) would use the services of a TTP. However, trust is already established in business by other means, such as in the contract between buyer and supplier. Such trust relationships form the basis of most current business (including for secure communications), and there is no need for the involvement of a third party. Such entities would be of use where a trust relationship has not been established by other means - for example if a public key based transaction is presented by an unknown customer.

40. Here the TTP is providing encryption services to a wide range of bodies across all sectors. Earlier they provided services to clients, users or the general public. This implies they are expected to provide services to industry as well. It is not clear what is meant by services to industry - would a service such as BOLERO require a licence, or would it be part of a closed user group.

41. Again, the TTP is here offering services to business and the public, which is inconsistent with earlier statements. The limitation of exemptions to intra-company services is far too restrictive. As mentioned earlier, where businesses choose to work together, and provide common cryptography services, this should not be regarded in the same way as commercial cryptography services offered by a TTP to the general public who voluntarily choose to use them.

While the CBI would support attempts by the UK government to obtain universal agreement to consistent cryptographic service architectures this must, in the spirit of Principles 3 and 4 of the OECD guidelines, be within the context of market driven developments and standards, not as a UK-centric solution.

42. These benefits assume TTPs are used in all circumstances, which will not be true for industry. Looking at the specific examples:

Dot 1 - If by users, the DTI means the general public (as implied in paragraph 17) the CBI would support this statement.

Dot 2 - this paragraph is totally unrepresentative of the real commercial world. The main obstacle to widespread use of strong encryption is export controls in the country of origin (mainly the USA). While there are technical issues to be resolved, normal market forces are addressing them. Passing key management to TTPs will not improve this - what will is widespread availability of commercial products designed to meet commercial needs and supporting commercially derived standards. It is noted this paragraph also focuses on encrypted communications to the exclusion of other uses of cryptography.

Dot 3 - industry does not need TTPs to establish secure electronic trading processes - the necessary mechanisms are already being developed. What would encourage such trade is cryptography services that can be trusted by the general public - especially for the certification of public keys for authentication.

Dot 4 - within industry recovery of keys of stored information does not need the involvement of an independent third party. However, the general public and SMEs might benefit from such a service. Industry has no need to recover the keys for encrypted communications. This is a law enforcement requirement.

Dot 5 - What is needed is products that conform to the requirements of law enforcement for access to the plaintext or the encryption keys of encrypted information. This may, or may not, require interaction with a TTP. If the government forces use of technology that works only with independent TTPs then industry will not have freedom of choice. The CBI notes that the vast majority of commercial products are sourced from outside the UK, and that relaxation of UK export controls will not significantly boost UK markets.

Dot 6 - As explained earlier, the Paper is confused as to where TTPs are thought to be involved. The current proposals effectively force use of licensed TTPs by all, as is stated in paragraph 69, removing free choice.

Dot 7 - While the UK government may consider this scheme well balanced, this is not the view of the CBI. If such a scheme were to be introduced unilaterally into the UK, it would put UK industry at a significant disadvantage in the emerging electronic world.

43. This paragraph, and that following, appear to assume that the only way to establish trust, and to provide the necessary cryptographic services, is via independent TTPs. As has repeatedly been said earlier, this is not necessarily the case. Nowhere in this Paper is any attempt made to differentiate the different cryptographic services, the uses to which they are put, and the different players. Some form of accreditation of a cryptographic service as being properly managed could suffice where no commercial cryptographic service is being offered to the general public.

45. Yet another TTP client is introduced here - the subscriber. The Paper needs to differentiate between services offered to the general public and services provided as part of wider business processes. Freedom of choice is effectively removed by the more detailed proposals, as is later admitted.

46. This proposal assumes that all confidentiality keys are accessible through an associated private key. There are already key recovery and key escrow products available now for which this is not true. The access requirement should be technically neutral and presume no particular method of key management. Legitimate business would always be prepared to provide relevant information under their control, subject to legal warrant on request. This need not involve independent TTPs.

The government should state that it will not require access to any keys other than those associated with encryption of information. Keys are used for more than just integrity.

48. This paragraph is far too restrictive. Business forms many and complex relationships, as is illustrated in the scenarios on Appendix A. The lack of any definition of a closed user group does not help understanding, as does the inadequate definition of encryption services. The requirement to be licensed to operate with a licensed TTP will, as paragraph 69 admits, result in every business having to licence its cryptographic services whatever the exclusions. This will place an excessive burden on industry, and make the UK an unattractive place in which to set up businesses that exploit the emerging business opportunities.

49. These exclusions are also inadequate, especially when taken in conjunction with the definition of encryption services in paragraph 74, For example, it is unclear whether products that support SSL or SET protocols would need to be licensed (since the user (client) chooses which service to connect to).

50. See separate section responding to the Questions.

54. See separate section responding to the Questions.

55. On the surface allowing use of foreign TTPs conflicts with the statement in paragraph 57 that bodies wishing to offer or provide encryption services to the public in the UK will be required to obtain a licence. However, this paragraph could be interpreted as meaning that, where other countries have local TTP licensing that is recognised by the UK government, UK bodies can use such TTPs. In reality few countries will have such licensing regimes for the foreseeable future, and UK bodies will have to do business with businesses and individuals in such countries whether or not the UK government approves.

57. This appears not to be consistent with earlier statements on the customers for TTP services. It is not clear what the difference is between offer and provide in this context, nor is the definition of public, given in paragraph 74, adequate to resolve this.

59. The CBI suggests that a licence, once given, should be held indefinitely, subject to some form of inspection. Repeated renewal seems an un-necessary cost.

60. See separate section responding to the Questions.

65. See separate section responding to the Questions.

66. The exclusions will need to be very precisely defined, and to be technology and application independent if they are to be effective. Given the rate of change of technology, business and applications in the electronic world, unless they are very precise, industry will have to licence its cryptography services "in case they breach the rules". It should be noted that almost all cryptography is used in protection of a business service, which would seem to create a massive exclusion and is inconsistent with paragraphs 49 and 68. There is also a need to define exactly what is meant by an employee. Companies employ people on a wide variety of contracts from permanent staff (legally employees) through contract staff and subcontractors to freelance consultants.

70. See separate section responding to the Questions.

71. See separate section responding to the Questions.

72. Again is the UK public the same as the general public referred to earlier? This paragraph, by insisting that any TTP offering cryptographic services to the UK public is licensed, appears to contradict the freedom to choose a non-UK TTP implied in paragraph 55, which states that UK clients are not required to use a UK licensed TTP and are free to register with foreign TTPs. Depending on the definition of public or client, this may make it difficult for UK companies to work with non-UK companies unless the non-UK companies have UK licensed TTPs.

74. The definition of public is not clear. Does it mean only a natural or legal person acting in their own right, or also when acting as, for example, an employee of a company (even though they might have a personally allocated key). If the latter is excluded, this might simplify the need for businesses to obtain licences.

The definition of encryption services is inadequate. As written it means any activity relating in any way to keys - including, for example, verification of public key certificates. It is also unclear who a client is at the end of the definition. There are technologies already in place where the user is unaware that keys have been generated on their behalf, which these proposals would discourage. Finally, these proposals will encourage the creation of multiple parallel public key based identity systems, each being exempt from licensing - which may not be in the interests of the consumer or industry.

75. These proposal fail to recognise the real world situation. For industry the majority of countries with which they do business will not have an acceptable TTP licensing process acceptable to the UK government in place for some time. It is good business practice to verify the credentials of anyone with whom one has not done business before, and this would be no different when establishing trust in the electronic world. Any certification authority in a reputable business would check the credentials of a strange certification authority before doing business with it. This need not be the prerogative of licensed TTPs. Enforcing this principle will force all UK companies to licence their internal cryptographic services as they will inevitably interact in some way with TTPs offering services to the general public (if only to get verification of public key certificates) as is admitted in paragraph 69.

76. The whole legal Access section is directed solely at obtaining access to encrypted information being communicated. There should be a parallel set of statements covering how, if at all, the existing laws and regulations need to be changed to allow access to encrypted stored information. There is also a view that the proposed legislation might discourage users of encryption services from using UK-based TTPs since they might feel less vulnerable to access by the state to their information if the authorities had to overcome the dual-legality provision which will apply to TTPs based overseas.

The section is also predicated on a technology that assumes confidentiality keys are accessed via public key mechanisms. Any legislation should be technology neutral. The CBI regrets that these proposals do not take note of the OECD guidelines, which indicate that the objective is to obtain plaintext of the encrypted information, and that access to confidentiality keys may be only one way of doing this.

This section also says nothing about what happens where a suspect is subsequently not charged. Since their keys have been compromised, it is presumes they should be told that this is so. Who pays any consequential costs for key replacement, especially where innocent parties have relied on the same keys, is not discussed.

79 A number of issues are raised by these proposals - particularly relating to the technology to be used in authenticating warrants securely, communicating keys securely between a TTP and the central repository, secure storage of those keys within the repository, and securing the audit trails. If the UK government dictates the technology to be used, this could seriously disadvantage UK industry, since most current key recovery/escrow systems are US sourced. It is also unclear who would be responsible for funding, specifying, implementing and confirming fitness for purpose of the technology and processes associated with the central repository.

81. See separate section responding to the Questions.

82 See separate section responding to the Questions.

84 See separate section responding to the Questions.

89 See separate section responding to the Questions.

91 See separate section responding to the Questions.

93 See separate section responding to the Questions.

Annex A

The CBI notes the comments made here on the complexities presented in allowing legal recognition of electronic transactions and information - via digital signatures or however. If the UK is to take advantage of the opportunities presented in the emerging electronic world, these issues must be addressed urgently. If the government fails to do this, the initiative will be taken by other countries such as Germany and the USA.

Annex B

While the CBI understands the need for law enforcement agencies to be able to access keys lodged outside the UK, we remain concerned that practical arrangements will take some time to put into effect, and that a unilateral declaration by the UK that anyone doing business in the UK will have to lodge their keys with a UK registered TTP will lose UK industry the opportunity to exploit the emerging electronic world. We look to specific proposals and timetables for achievement of the necessary international agreements to allow UK industry to operate effectively in international markets.

Annex C

It is likely that there will be a large number of businesses of different types offering a range of cryptographic services to the general public - from small companies offering public key certification authority services to the SOHO market to large international corporations providing a full range of outsourced cryptographic services to major international businesses. There will also be many cryptographic service providers in large corporations operating at various levels from a single central facility to many small services distributed across the organisation worldwide - all supporting business processes internally and with business partners.

While this Annex lists the most stringent licence criteria, the actual criteria applicable for a particular type of business offering particular services should reflect the nature of the business and the need to encourage investment in such business while ensuring that an adequate level of trust is established. The CBI proposes a tiered approach from strict adherence to the full licence criteria, for a major business offering a full range of services to the general public, to simple registration that the services supporting their business operations in major companies conform to declared guidelines. This would greatly reduce the cost to industry while retaining the government’s goal for all public cryptographic services to be licensed.

The CBI is also concerned as to how these licensing criteria are to be applied to non-UK companies - of which there will be many under the current proposals - and how the substantial cost and effort of approving licences against these criteria will be staffed and funded for the potentially large number of services that will require licensing.

Specific comments are:

Dot 1 - It is not clear what sort of "recognised security vetting procedure" is meant here. It does seem excessive to require all staff (whether employees, contractors, etc) to be security cleared to HMG standards.

Dot 4 - What is important is that the products used are known. Formal evaluation of products is not necessary where there is general market acceptance of their probity.

Dot 8 - This would seem to go against the OECD Principles on market led development and standards. It is not the concern of governments to dictate the technologies acceptable to TTPs.

There should also be some constraints on transfer of ownership of TTPs to prevent trust in TTPs being undermined by hostile takeovers of the owning company.

Annex E

This is not a definition of an international TTP architecture, but a definition of requirements for law enforcement access to encrypted information. It is also aimed specifically at access to information being communicated, and does not address issues relating to access to encrypted stored information. It would have been useful to have shown in this Paper how the proposals meet the requirements stated in this Annex.

B.1. Purpose

In order to understand better the issues raised by the legislation proposed in the Consultation Paper, a number of typical scenarios have been defined, and decisions made as to whether licences would be needed. This exercise has raised a number of questions, documented as part of this Appendix.

The CBI would be happy to discuss these, and other appropriate scenarios with the DTI. If wrong assumptions have been made, this would indicate particular areas where the proposals needs further work.

B.2. Definitions

In order to create the scenarios, it was necessary to define more precisely than has been done in the Consultation Paper what is meant by encryption services - and variations, such as protection services, security related services, etc.

Such services have been considered as being of three types:

• Cryptography services carried out on behalf of a user - primarily key management (generation, issue, revocation, storage, etc).
• Services carried out in support of the infrastructure. These would include cross-certification between Certification Authorities, making available public key revocation lists, verifying public key certificates, etc.
• Other security related services that might make use of cryptography, such as time stamping, secure information storage, etc.

The definition of Trusted Third Party refers to security related services, not encryption services. For the purposes of these scenarios, it has been assumed that provision of the second type of service listed above is not considered a security related service. If this is not the case, any key management system that includes verification of public keys issued by that key management system and presented by an external certification authority will have to be licensed, for example.

The current definition clearly intends that provision of services in the third category will be licensable. They are assumed to require licensing conditions, if any, relevant to the service offered. Scenarios have not been generated for them.

Employee is not defined, but is mentioned (for example in paragraph 48). It is assumed here that employee means any person contracted to work for the company directly or indirectly, full or part time. Such contracts include, for example, people hired through an agency or people working as independent consultants. This definition could have a significant effect on when licensing is required if not carefully considered.

B.3. Scenarios

B.3.1 Introduction

To simplify the scenarios, three types of service provision are considered - certification authorities, stored key recovery and recovery of keys for encrypted communications.

Note that, as soon as a company is required to licence any internal cryptography service for whatever reason then, unless it chooses to separate those particular services as an independent entity, all its cryptography services appear to become, by definition, licensed. The restrictions appropriate to a licensed TTP then apply to all internal cryptographic services.

B.3.2 Certification Authorities

Assumptions:

1. Company A has an internal key management system that includes a certification authority for public keys it issues for authentication/digital signature.

2. Cross-certification (including provision of Certificate Revocation Lists) with a certification authority in another company is not an encryption service (or a security service), so does not make the certification authority in Company A a Trusted Third Party, as defined in the Consultation Paper.

Typical Scenarios

a) All public keys only used within Company A - No licence required

b) Cross-certifies with certification authority in UK Company B which is unlicensed and not a TTP. No licence required. Assumes assumption 2 above is true, and "protection services" in paragraph 68 excludes such functions.

c) Cross-certifies with certification authority in non-UK Company C. No licence required.

d) Cross-certifies with UK Company D that uses a UK Licensed TTP as its certification authority. No licence required, as Company A is not a TTP (so paragraph 75 doesn't apply to Company D’s TTP).

e) Cross-certifies with UK Company E that uses a non-UK based TTP as its certification authority. No licence required as Company A is not a TTP.

f) Cross-certifies with "closed group" certification authority service provider in the UK (eg. BOLERO). No licence required - as for d) above. However, BOLERO may have to be licensed, depending on whether paragraph 48 or 68 is correct, on how a "closed group" is defined and whether BOLERO is considered as offering a service to the public (so invoking paragraph 72).

g) Cross certifies with "closed group" certification authority service provider outside the UK (eg. SWIFT). No licence required, assuming SWIFT is not providing a public service, so paragraph 72 does not apply.

h) Provides certification authority services to a supplier as part of the supply contract. Licence required (paragraph 68 applies). Note this makes Company A's certification authority a TTP, and changes some of the answers to the previous scenarios. An alternative interpretation is that a company and its suppliers form a closed user group and Company A does not need a licence.

Specifically, once Company A has to licence its cryptography services it becomes a TTP, so paragraph

e) becomes difficult as Paragraph 75 prohibits such links.

f) it is not clear if Company A can now link with an unlicensed closed group (which depends on the interpretation of paragraphs 48,68 and 75).

g) Company A now appears to be excluded from such groups under paragraph 75.

Note that Company A can split off that part of its certification authority function that requires a licence, and treat it as a separate entity. This will prevent the rest of its cryptographic services becoming restricted by the licence conditions. However, this will cost, and provides no direct business benefit.

i) Company A provides public/private key pairs on smart cards to Company G as part of a supplier contract. Licence not required (paragraph 67 applies).

j) Company A sets up a common interest group for which it provides certification authority services. Licence may be required depending on the interpretation of "closed group" in paragraph 48, and of paragraph 68. It also depends on the interpretation of services to the public in paragraph 72.

k) Company A primes a complex bid involving a number of organisations (not all UK based), and provides certification services to the consortium as part of prime contractorship. Licence may be required depending on the interpretation of "closed group" in paragraph 48, and of paragraph 68. It also depends on the interpretation of services to the public in paragraph 72.

l) Company A is part of a complex bid involving a number of non-UK organisations, primed by a non-UK company that provides certification services to the consortium as part of prime contractorship. Licence may be required by the non-UK prime contractor depending on the interpretation of "closed group" in paragraph 48, and of paragraph 68. It also depends on the interpretation of services to the public in paragraph 72.

m) Company A decides to outsource all its IT functions, including certification authority activities, to a third party. Company A does not need a licence, but the Outsourcing supplier does need a licence.

n) Company A is run as a number of business operations A1, A2, A3, etc., each of which provides local cryptography services. If any of these business operations provides cryptography services that require licensing, then it will have to set up a separate TTP organisation. This could be costly for Company A, which may be forced to centralise such cryptographic services to save costs.

B.3.3 Key Recovery for Encrypted Stored Data.

a) Company A internally encrypts stored data using UK-sourced products that do not provide any automatic means of storing the keys used. However, Company A does take steps to retain internally copies of any keys that are issued (e.g. taking copies of issued Lotus Notes Key Discs). No licence required.

b) Company A stores keys from products that encrypt stored data internally using a commercially available key recovery product, but retaining all functionality in-house. No licence required.

c) Company A provides a service to supplier Company B to store copies of keys used by Company B to encrypt stored data as part of the contract. Licence required (paragraph 68) unless this is covered by the definition of a closed user group, or excluded as it is not a service to the UK public (paragraph 72).

d) Company A provides a service to a consortium to store copies of keys used by other members of the consortium to encrypt stored data. Licence may be required depending on interpretation of paragraphs 48 and 68, of closed user groups and of the meaning of service to the public in paragraph 72.

e) Company A outsources its IT functions to Company C, including storage of keys used for encrypting stored data. Company A does not need a licence, but the outsourcing Company C does.

B.3.4 Key Recovery for Encrypted Communications

a) Company A encrypts internal communications using products that do not provide means of establishing the session key used. No licence required.

b) Company A uses a standard UK sourced product that provides for key recovery when encrypting internal communications. No licence required.

c) Company A insists its supplier Company B uses the same product to encrypt communications between the companies, but no keys are stored relating to those encrypted communications (even if the product provides such facilities). No licence is required as no encryption services are being offered by Company A.

d) Company A and Company B each store their respective keys, and provide a service where keys for communications originating in one company are provided on request to the other company. Licence required (paragraph 68 applies) assuming provision of keys on request is a security or encryption service. However, if this is not regarded as a service to the public (paragraph 72),or is considered as part of a closed user group (paragraph 48) then a licence would not be needed.

e) Company A outsources its IT functions to Company D, including cryptographic services. No licence required, but Company D, as the outsourcing provider, will need a licence whether or not it stores the encryption keys on behalf of the customer.

B.4. Conclusions

B.4.1 Much depends on the precise definition of encryption service or security service. The definition in paragraph 74 is not adequate.

B.4.2 There appears to be an anomaly between "closed groups" and "suppliers, sub-contractors, etc". In practical terms there is little difference between them, yet the proposed legislation appears to differentiate them. This is compounded by the confusion in use of terms in different paragraphs, especially paragraph 48 and 68, and in the reference in paragraph 72 to the need for a licence only where an organisation is providing encryption services to the UK public.

B.4.3 Most large companies will have to have a "licensed TTP" entity to meet at least part of its business needs as a direct result of these proposals. Unless the exclusions are far more tightly defined, the principle of due care would dictate that all company cryptography services should be licensed to make sure the law is not being broken inadvertently.

B.4.4 The UK will not be attractive for businesses providing cryptographic services to industry groups, common interest groups or consortia.

B.4.5 All outsourcing companies, whether or not they are based in the UK, will need a licence if they handle any form of cryptographic service on behalf of their UK business clients, whether or not they offer such services to a wider public. Such services appear to be different from closed groups, although there is no obvious reason for this.

B.4.6 It has been assumed that, if one cryptographic service has to be licensed, all services have to be licensed. It is not clear that this is, in fact, true. It might be possible for a company to licence certification authority services, but still run unlicensed key recovery for internally encrypted stored data.