The Bill, which is expected to become law on 2nd October 2000, covers government authorities’ rights to monitor business e-mails and to demand decryption keys under certain circumstances.
The Bill regulates new powers to set up a monitoring centre to intercept private e-mails and mobile phone communications. It also provides that if the authorities lawfully obtain encrypted data, they can demand the decryption key from the holder. If the holder refuses to do so, he or she risks a prison sentence.
The letter from Chris Humphries, Director General of the Chamber of Commerce, acknowledges the need for law enforcement agencies to have access to electronic data, but asks that appropriate methods for providing access be incorporated into the law. Humphries suggests that the approaches taken by countries such as the US and Ireland will prove less burdensome on business and that British businesses will resort to offshore ISPs.
The Chamber of Commerce is also concerned that the government has underestimated the cost of monitoring communications.
In addition, Humphries argues that allowing the government access to encryption keys “raises a number of obvious questions with regard to the potential civil liability of the company if the surrendered keys were used in such a way that an innocent third party suffered loss.” He wants to see an amendment to the Bill such that orders to surrender encryption keys should require a separate judicially authorised warrant.
In response to the letter, a Home Office spokesman said: “We believe we have a good story to tell in answer to all of the points raised by the BCC.”