US terrorist attacks revive costly plans that will "deliver no
benefit"
The Government is set to bring back the key escrow powers dropped
from the Regulation of Investigatory Powers legislation in the late
1990s after they were discredited by businesses and civil liberties
groups.
Senior government sources confirmed to Computer Weekly that former
home secretary Jack Straw - now foreign secretary - and his
successor, David Blunkett, have discussed the issue following the
11 September attacks on the US.
The source said that key escrow was likely to be introduced as a
result of the terrorist threat. "We are definitely considering
this. David and Jack believe it was wrong to drop these powers and
now is the time to do something about it."
But the plan is certain to cause disquiet among businesses and
civil liberties groups. When the idea was first proposed three
years ago they successfuly argued that key escrow, which requires
organisations to hand over encryption keys to an approved agency,
would weaken security and damage trade.
"A lot of people were developing contingency plans to leave the UK
if they thought it was going to impose unnecessary commercial
burdens on them. They were concerned about weakening of security,"
said Peter Sommer, security expert at the London School of
Economics.
One large company privately told Computer Weekly at the time that
it was so worried about the Government's key escrow plans that it
would consider pulling out of the UK if they went ahead.
Foreign secretary Straw gave the first indication of the change of
view last week in an interview on BBC Radio Four when he said that
"naive" campaigners against stronger Internet surveillance laws had
hurt the fight against terrorism.
He suggested that with stronger powers the security services might
have detected some of the 11 suicide hijackers who are now known to
have passed through the UK on their way to the US.
He told the Today programme, "It wasn't Big Brother government, it
was government trying to put in place increased powers so that we
could preserve and sustain our democracy against this new kind of
threat.
"We needed to take powers so that we could de-encrypt commercially
encrypted e-mails and other communications because we knew that
terrorists were going to use this.
"What happened? Large parts of the industry, backed by some people
who I think will now recognise they were very naive, in retrospect,
said 'You mustn't do that'."
The Confederation of British Industry, one of the groups originally
opposed to the de-encryption proposals reacted with caution.
A spokesman said, "That debate took place in very different
circumstances from now so we would want to consult members to see
if their views had changed."
Reports from the US this week said that the hijackers had not used
encryption to co-ordinate the attacks, although they had sent
e-mails in Arabic and English from cybercafes in Florida.
Sommer said the argument that key escrow would combat terrorists
made no sense when there were already so many encryption products
on the market.
"Key escrow failed in 1998 because the law enforcement 'access to
keys' argument made no sense when you realised that there were
encryption products out there for terrorists to use. It required
companies to go through complex loopholes for really no benefit,"
he said.
Downing Street said all relevant legislation to do with terrorism
was being examined to see if it needed toughening up, but refused
to confirm or deny that the Regulation of Investigatory Powers was
part of that trawl.