gfc

The Government invited comments on the consultation paper, in particular with respect to the thirteen questions (referred to by the relevant paragraph numbers in this table) given in Section VII of the paper. The following is a summary of those responses.

Questions

Responses

Notes

Whether the suggested scope of an exclusion from licensing for intra-company TTPs is appropriate (Paragraph 50)

77% agreed

14% disagreed

9% did not comment

 

Whether, in the short term, it would be sufficient for business to rely on agreements under contract regarding the integrity of documents and identification of signatures; or whether it would be helpful for legislation to introduce some form of rebuttable presumption for recognition of signed electronic documents (Paragraph 54)

37% preferred contract

54% preferred rebuttable presumption

9% commented neither way

Most of those that preferred the contract approach also wanted more assurance that the courts would indeed accept electronic signatures

The appropriateness of the proposed arrangements for licensing and regulation (Paragraph 60)

40% agreed with the proposed arrangements

42% disagreed with the proposed arrangements

18% did not comment

Most of those that disagreed would accept a less strict form of regulatory regime.

Views on the proposed conditions (Paragraph 65)

44% agreed with the proposed conditions

29% did not comment

One of the main reasons for disagreement was that the conditions would be too expensive to meet.

What if any, specific exemptions for particular organisations offering encryption services would be appropriate depending on the nature of the services offered? (Paragraph 70)

There were a number of organisations who specifically wanted their own services excluded for confidentiality reasons.

There is some correlation between the responses requesting exclusion and the notion of having a two or more tiered licensing regime e.g. minimum exclusions for CA only type services and maximum exclusion for confidentiality services.

Whether it is thought desirable to licence the provision of encryption services to businesses and citizens wholly outside the UK? (Paragraph 71)

37% agreed

16% disagreed

47% did not comment

One of the most common comments was that that international harmonisation was important.

 

 

Questions

Responses

Notes

Should electronic methods for the delivery of electronic warrants by the central repository and the subsequent delivery of keys by the TTP be introduced? (Paragraph 80)

65% agreed

16% disagreed

19% did not comment.

Those that disagreed did so mainly because they did not approve of the principle of lawful access.

Does the legislation specifically need to refer to other forms of legal access including a civil court order for access to cryptographic keys used to protect information relating to civil matters such as bankruptcy? (Paragraph 82)

44% agreed

21% disagreed with the need to refer to other forms of legislation

35% did not comment

 

Should deliberate (and perhaps wilfully negligent) disclosure of a client s private encryption key be a specific criminal offence, or would existing civil and criminal sanctions suffice? (Paragraph 84)

51% thought that it would be a specific criminal offence

19% thought that existing sanctions would suffice

30% did not comment

Many did not see why this offence should be limited to just private encryption keys.

Whether the principle of strict liability is appropriate in these circumstances? (Paragraph 89)

45% agreed to the need for strict liability

45% disagreed

10% did not comment.

 

Whether, in principle, an independent appeals body (such as a Tribunal) should be created? (Paragraph 91)

47% agreed

14% did not agree

39% did not comment

 

Whether the proposed duties of an independent Tribunal are appropriate? (Paragraph 93)

47% agreed

16% disagreed

37% did not comment

 

Would mandatory ITSEC formal evaluation be appropriate? (Annex C)

21% agreed

44% were against

35% did not comment

Some thought that BS 7799 certification might be more appropriate. Some thought that the use of ITSEC would be acceptable for mandatory licensing, but others thought it was too excessive and expensive.

 

Click here to download this file in Word format

Back to Electronic Commerce Statement

gfc