The late show

Late changes to RIP Bill are not the way to legislate

Home Office minister Charles Clarke chides Computer Weekly for warning about a business exodus in response to the RIP Bill.

We were told two years ago by financial institutions that, if the UK passed a Draconian law on encryption, they may go offshore. In the past two weeks we received evidence that this is happening.

Last week, the Government introduced amendments to stem business worries over bogus demands to decrypt sensitive data, and reduced the scope for security services to demand encryption keys. That's welcome. So is the creation of a Government-Industry Forum on encryption.

But the amendments were introduced so late that secondary legislation may be needed. That is bad news for corporate lawyers having to advise businesses on whether to move e-commerce operations to countries where decryption keys can't be demanded.

Even if, at five to midnight, the legislation meets the objections business has been voicing for the past 18 months, what does that say about the consultation process?

The Bill gives law-enforcement agencies wide powers to cybertap using ISPs' facilities. But it defines ISPs so broadly that any firm with a web server could be considered one.

So it is important that major corporate IT users, such as financial services companies, are represented in the Forum - particularly by those responsible for their electronic security. It should also include lawyers who are are directly influencing their business decisions.

The Bill has been criticised on civil rights grounds - and may yet be challenged under European law. But the core issue for business is the ability of law-enforcement agencies to set the agenda on e-commerce legislation.

The original e-commerce bill stalled over the Government's desire to include "key escrow" - compulsory lodging of decryption keys with a third party.

The City's threats were not a figment of CW's imagination - Mr Clarke's officials also witnessed them first hand.

Hopefully the late amendments will alleviate the City's fears. But this "last" approach to e-commerce legislation does not look good.

Read more on IT risk management