FIPR Press Release 29/3/01 LONDON: FOR IMMEDIATE USE ================================= Foundation for Information Policy Research Contact: Caspar Bowden Tel: +44(0)20 7354 2333 Government stalls on Bouncers Bill licensing of computer consultants -------------------------------------------------------------------- Home Office Minister Charles Clarke announced yesterday (28/3/01 16:09 BST) in the 2nd Reading debate of the Private Security Industry (PSI) Bill that the government did not "CURRENTLY" intend to bring IT security consultants within the scope of a new licensing regime, but would not give an assurance to amend the wording to guarantee their complete exemption. Promoted as a measure to crack down on wheelclampers and bouncers, the PSI Bill also requires private investigators and "security consultants" to be licensed by a new statutory authority supervised by the Home Office. "Security consultant" means anyone giving advice about "security precautions in relation to any risk to property" (Sch.2 5(1)a). This has caused a wave of unease through the IT industry as it was realised the wording could catch freelancers such as systems administrators ('sysadmins') who configure and maintain computer access controls, and programmers and consultants who typically work on a wide range of system tasks including information security. Several trade bodies have made enquiries about the Home Office's intentions in the past few weeks but have received no clear reply. Mr.Clarke referred to the presently unregulated status of IT consultants, but said the government did not "currently" intend to prescribe their inclusion in the licensing regime. However he said the DTI would consult with the industry about the adequacy of existing professional practices. Opposition spokesman Nick Hawkins MP (Con) asked if the government would agree to revised wording which would grant IT consultants the clear exemption afforded to accountants, lawyers and management advisers. Mr.Clarke stressed the broad wording of the bill was intentional, and agreed merely to "look" at the wording. Quotes ====== Caspar Bowden, Director of Internet policy think-tank FIPR commented: "In 1999 the government wanted 'key-escrow' - a copy of everyone's encryption keys. The RIP Act 2000 allows seizure of anyone's encryption keys. Do they now want to ban anyone from working with encryption without a license?" "This looks like a tactic to keep the government's options open. Unless there are the same cast iron exemptions for programmers, sysadmins and IT consultants that have been granted to other professions, the government can introduce licensing by order at any time." What Next ? ----------- The Bill has already passed through the House of Lords, and now enters the Committee Stage in the Commons. In the absence of an early government amendment to make necessary changes in the definitions, it must be assumed that the government intends to take power to license IT consultants without further legislation. Notes for Editors ----------------- 1. The Private Security Industry Bill is at http://www.publications.parliament.uk/pa/cm200001/cmbills/067/2001067.pdf 2. The Foundation for Information Policy Research (www.fipr.org), is a non-profit think-tank for Internet policy, governed by an independent Board of Trustees with an Advisory Council of experts. 3. Research topics include: legislation and regulation of electronic commerce and infrastructure, consumer protection, data protection and privacy, copyright, law enforcement and national security, evidence and archiving, electronic government and interaction with business and the citizen, and social inclusion. 4. FIPR's analysis of the RIP Act stimulated media debate, and led to amendments ensuring that people who lose keys or forget passwords are presumed innocent until proven guilty, and preventing casual surveillance of web browsing without a warrant.