§ Mr. DuncanI beg to move amendment No. 12, in page 13, line 37, leave out—
deposit a key for electronic data withand insertrender electronic data intelligible to the satisfaction of".
§ Mr. Deputy SpeakerWith this it will be convenient to discuss Government amendment No. 4.
§ Mr. DuncanThe amendments are crucial because of the debate that surrounded the origin of the Bill and the concerns of all those in the industry as to what the measure might entail. Those Members familiar with all the issues will know that, as people began to wrestle with the ramifications of e-trade and the revolution that is going on, they were anxious that the Government might demand that the key to the de-encryption of material be deposited with a third party.
The debate on key escrow raged for some time. Foremost among the original proponents of key escrow was my hon. Friend the Member for Esher and Walton (Mr. Taylor). However, the debate has moved on—as has my hon. Friend, who has changed his mind because we have learned much more about the matter. All credit is due to him for that.
It was thus crucial that key escrow should not be included in the Bill. There would be no power for the Government, or for some agency, to demand that the key—as between public and private—for the de-encryption of material could be deposited with a third party. However, we were concerned that key escrow might be introduced through the back door.
We can accept that if someone is transmitting data—for example, a taxpayer who is filling in his tax return and sending it to the Inland Revenue—there must be some provision, and a reasonable expectation, that the data he is sending should be intelligible to the recipient. In the case of private information, some of that data might be encrypted—for good reasons. It would not be acceptable for the sender of that information to say, "I have encrypted the information, but don't worry it's all there. It's tough if all you get on your screen is hieroglyphics that you can't read—it's up to you to work out how to turn it into proper data, which can be read by anyone in the normal way." Therefore I quite understand that this part of the Bill places an obligation on the sender of information to send it in a form that can be properly deciphered and understood by the recipient; otherwise, staff at the Inland Revenue will find that everyone sends them hieroglyphics and says, "I am sure you could decipher it, if only you tried."
However, the wording of clause 13(2)(b) looked a bit dodgy to us. It looked as though a power might suddenly be introduced, on the sly, enabling the Government to demand the deposit of a key. I accept that, if the information is intelligible to the recipient, they effectively have the key already. I also accept that, if they require, and can reasonably require, that information to be intelligible, if the key cannot be given they should be given a power to render that information intelligible. Therefore, I seek from the Minister an assurance that this 175 is not key escrow through the back door—that the powers are very limited, and are confined to a reasonable process by which the receiver of information can establish the means of reading or deciphering the information that is being sent.
We were worried that subsection (2)(b) was too broadly phrased, so the group of amendments before us contains one amendment that I have moved—I shall listen with interest to what the Minister says in response about the scope of these powers and obligations—and one tabled by the Minister, which achieves what we were asking for in subsection (2)(b).
Everyone accepts that key escrow—the obligation to give to a third party the key to the deciphering of material—should not, and must not, be a power in the Bill. Therefore, I seek from the Minister an explanation of the meaning of the clause as it stands, and of Government amendment No. 4. We accept her amendment, but before deciding whether to withdraw ours, we are interested to hear what she has to say about the status of key escrow within the scope of the Bill.
§ Ms HewittIt will help if, before I address Government amendment No. 4 and amendment No. 12, I briefly remind the House of the reasoning that gave rise to clause 13, and especially subsection (2). Clause 13 puts into effect the policy that the Prime Minister has stated, with which the hon. Gentleman agrees—that
no persons will directly or indirectly be required to store their encryption keys with a third party".Those are words that the Prime Minister used in Cambridge in September, when he launched the performance and innovation unit report on electronic commerce. We have honoured those words. As a consequence, we introduced a specific clause to the Bill. I believe that the clause has been welcomed both in the House and by business at large.The clause places a restriction on any conditions of an approval that might be made under part I, or regulations or orders made under any powers in any part of the Bill. No one can be required to deposit any encryption key—that protects the confidentiality of their information—with a third party. A key refers here to anything relating to electronic data which allows access to electronic data, such as a password, or allows the electronic data to be decrypted, such as a private key.
The clause not only rules out a requirement for the physical deposit of a key, but prohibits a requirement for anything to be done that would have the effect of making a key available to another person. That would include the imposition of any key storage technology, which would allow someone else to recreate or gain access to one's key.
Two special cases are outlined in subsections (2)(a) and (2)(b). They do not in any way limit the prohibition on key escrow, but they do make it clear that that prohibition does not preclude two common-sense requirements.
5.15 pm
Clause 13(2)(b) does not reintroduce key escrow. Instead, it addresses the need to be able to insist on some alternative to key escrow, so that important information 176 that has been encrypted remains accessible, even if the key is lost. It does so because orders made under clause 8 will enable information to be stored electronically, and we need to consider what requirements could be made for people to store information where they had opted not to store their encryption keys with another person.
§ Mr. DuncanWho does the Minister envisage might be able to take advantage of that power under the order? Will it only be public bodies, or agencies of Government, or might it also be private corporations?
§ Ms HewittWe are dealing with situations that might arise, for instance, under orders made under clause 8, and in most cases those orders will, I think, concern other public bodies. However, let us take the situation where there is a statutory requirement to retain important records, such as records of rail safety or of nuclear power stations. If the order made under clause 8 would enable that information, where there is a statutory requirement to keep it, to be kept electronically, one must provide for the possibility that, in years to come, the key that would enable that information to be accessed and rendered intelligible would be lost. The computer that held the key might be destroyed, or the only individual who had the copy of the key might die.
Under clause 13, we have prohibited the imposition, in a clause 8 order, of any requirement that the key to those data be stored with a third party. However, if the holder of the information does not choose to store the key with a third party, the clause 8 order can require him to take other steps—such as placing a second copy of the information in plain text in a bank vault. Some other security measure not involving mandatory key escrow would have to be taken, to protect future access to important data that had been encrypted. That is the point of clause 13(2)(b).
Amendment No. 4 is a Government amendment that I tabled in order to meet the undertakings that I gave during the fourth sitting of the Committee, on 16 December. The amendment means that the arrangements permitted by clause 13(2)(b) relate to the information represented by the data rather than the data themselves. In other words, the requirement could be met by storing a paper copy of that information, or perhaps storing the information in a readable form on a disk, locked in a safe. In other words, there would be a range of alternatives to key escrow, from which the person holding the information could choose, in order to protect against the loss of a key or that key's becoming unusable.
The amendment also confines the arrangements about accessibility to records that are provided for under a statute or subordinate legislation. That would include a paper record specified under other legislation, or electronic records covered by an order made under clause 8. It does not cover circumstances where there may be provisions about communicating data but no provision about keeping a record.
I take the opportunity to clarify a related point, raised in Committee by the hon. Member for Guildford (Mr. St. Aubyn). He asked whether clause 8 could be used to impose electronic storage requirements where there was no current paper storage requirement. The answer is yes. That is reasonable because, as circumstances and processes change, it may well be sensible for people to be 177 required to store electronic records where, in the past, there was a general understanding, but not necessarily a specific requirement, that they should store paper records. The Bill will afford flexibility, as people become accustomed to the electronic way of doing business.
I hope that I can persuade the hon. Member for Rutland and Melton (Mr. Duncan) that amendment No. 12—although well intentioned—is unnecessary because the existing text addresses a perfectly common-sense need in a satisfactory way. Clause 13(2)(a) would allow an order under clause 8 to require the deposit of a key with the intended recipient of an electronic communication. That is the crucial point. It is only the intended recipient who must have the key. In other words, we are not dealing with key escrow which, by definition, involves giving a key to a third party.
As the hon. Member for Rutland and Melton has said, if information were supplied in an encrypted and unintelligible form so that the intended recipient—the Inland Revenue or some other Government Department, for example—did not understand it, the communication, for all practical purposes, would have been frustrated, even though technically the individual might argue that the statutory requirement to provide the information might have been fulfilled.
The Ministry of Agriculture, Fisheries and Food may want to provide that owners of abattoirs could communicate with the Ministry electronically. Because of the sensitivity of the information to be disclosed and the importance of the identity of the sender, the Ministry might insist that such communications were effected using a particular type of technology—perhaps the abattoir owner would use a smart card, or some hardware token. That might have the effect, or purpose, of transferring the encryption key on the smart card for those messages to the Ministry, so that the information could be read. Clearly, it would be odd if the Bill were not to allow such technology to be specified.
I assure the hon. Member for Rutland and Melton that this is not key escrow. There is nothing sinister behind this measure. It is for the protection of the citizen that technologies sometimes may be specified in a clause 8 order that are sufficiently secure to protect the confidentiality and integrity of the information being communicated. The technology might involve encryption mechanisms where encryption keys—sometimes referred to as session keys—are shared between the counter-parties.
Amendment No. 12 would have a similar effect. Since the intended recipient would need to be satisfied about how he was to render the data intelligible, the clause 8 order would have to address that need. It still would be possible to require that a person used a particular technology or went through a particular process; therefore the requirement might well be met in the most obvious way by the deposit of an encryption key with the intended recipient.
I know that the hon. Member for Rutland and Melton wants to ensure that the drafting of the Bill is as simple as possible. However, in this case, the existing drafting is clearer than his amendment. On the basis of that 178 explanation and my assurances on mandatory key escrow, I hope that the hon. Gentleman will feel able to withdraw his amendment.
§ Mr. DuncanI am grateful to the Minister for her assurances, and I agree that the key words in the Bill are "intended recipient". On the basis of her assurances, I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Amendment made: No. 4, in page 13, line 42, leave out "of making the data" and insert—
that the information contained in a record kept in pursuance of any provision made by or under any enactment or subordinate legislation becomes".—[Ms Hewitt.]Order for Third Reading read.
§ Ms HewittI beg to move, That the Bill be now read the Third time.
The Bill will help make the UK the best place in the world for e-commerce, and puts in place the right legal framework. It is fitting that this modernising Bill should be one of the first new laws of the 21st century. Just as this country led the world in the first industrial revolution, we are determined that we will be winners in the new knowledge-driven economy.
The Bill will lay sound foundations for Britain to become a dynamic, knowledge-based economy. Bill Gates described the Bill as "the model for Europe". We plan, through the Bill, to be one of the first countries to implement the EU electronic signature directive, so that British firms can benefit from the emerging online single market. A few days ago, Intel announced a %150 million investment to establish a major server farm in the Thames valley to meet the growing need for internet access across Europe. That and many other such inward investments are confirming the UK's position as Europe's e-commerce hub.
The Bill is the result of an extensive process of consultation with business and the IT industry.
§ Mr. DuncanAnd us.
§ Ms HewittThere was some help on points of detail from the Opposition—particularly in Committee.
The Government have made extensive changes to the policy inherited from the last Administration. This process of widespread consultation has resulted in a genuine partnership in this area between Government and industry. I hope to see many of the Bill's objectives being achieved by self-regulation, so that we will not need to commence part I.
Part I is designed to build confidence in those offering cryptography services. Those services allow people to verify who has sent an electronic communication, or to keep commercial information or credit card details secret. The widespread availability of high-quality services to the public and to business will be crucial in building people's trust in doing business online, and allaying many people's fears of the new medium.
179 I am working with the Alliance for Electronic Business, which has drawn up a self-regulatory approval scheme—known as the T scheme—that is designed to ensure minimum standards of quality and service. Our strong preference is for self-regulation, with the statutory powers in part I held in reserve in case self-regulation fails to deliver. I am confident that, if the Alliance for Electronic Business delivers what it is currently planning to deliver, we will not need to commence part 1. That is why these powers are subject to a sunset clause and will lapse if not used within five years.
The Bill will allow people to place greater reliance on electronic signatures by making such signatures, and the processes through which they are created and certified, admissible as evidence in court. Clause 7 will enable the vast majority of contracts, where there is no specific statutory requirement as to their form, to be carried out electronically.
There are many other cases—estimated to be as many as 40,000—often involving dealings with Government, where there are specific legal barriers to doing things electronically. Clause 8 will give the Government the power to sweep away the obstacles in existing laws that insist on the use of paper, postage and formalities such as sealing wherever it makes sense to do so, and to give people the electronic option. The paper option will remain for those who want it, but increasingly, people and businesses will want to take advantage of the speed and flexibility that electronic communication offers. We have set targets for delivering Government services online, and I have deposited a memorandum in the Library, giving more detail on how we intend to use this power.
Finally, the Bill will improve the procedures for modifying telecommunications licences, which are increasingly outdated in a highly competitive marketplace.
The Bill will modernise our legislative framework, so that the law can adapt flexibly to the extraordinary new opportunities that are opening up with electronic commerce. It is an enabling Bill which ensures that the law does not get in the way of new technology and new business. It is a Bill that has the overwhelming support of business, and does not divide us in the House, to which I commend it.
§ Mr. DuncanWe have always supported the principle of the Bill—in particular, the introduction of a proper framework of law for electronic signatures. Those of us who understand business are ready champions of the development of e-commerce. The Minister will admit that we have helped things on their way.
There are issues and uncertainties which will need to be addressed, and this is not the end of the matter. As we look to EU directives, there will be many complicated areas to be studied and legislated upon, and cases to complement the Bill before us today. As the House knows, we do not want part I ever to be invoked. We would rather not have seen it in the Bill, because we want a regime of voluntary control to be introduced.
180 I am aware that the Government want this to be the first Bill to receive Royal Assent in the new millennium. Thanks to us and the Minister, it will be. We forced its publication in draft form in the summer and, following the summer recess, we forced the removal of half its pages to make it smaller and better. We have been constructive throughout and are pleased to share in its improvement and in its progress. No single party can claim credit for the Bill. We are pleased to support it.
§ Mr. CotterWe, too, welcome the Bill and the prospect of its early implementation. Unlike the hon. Member for Rutland and Melton (Mr. Duncan), I do not promise the Minister a box of chocolates, but perhaps a box of All Sorts with a few comments and plaudits here and there.
Many people, including Liberal Democrats, have welcomed the concept of a light-touch Bill and we congratulate the Government on introducing one. However, along with others, I reiterate a concern that was expressed in Committee. When the Home Office makes its input into electronic communications, I hope that the Minister will, as she and the Department of Trade and Industry have promised, use a light touch rather than the heavy hand of bureaucracy.
As with other Bills, the question of impact assessment has arisen, and the Minister will know that I am concerned about that. The matter was touched on in Committee when indicative costings were provided for the possible arrangements under part I. I do not want to argue strongly about the accuracy of the costs—after all, they were called indicative costs. For example, a figure of £30,000 or £50,000 was given for a medium-sized company. However, as I said in another debate, there is a feeling of dissatisfaction about impact assessments in this and other Bills. I am sure that we shall be interested to hear from the Alliance for Electronic Business, which will soon provide some costs. I should like to know when that will be.
An important point was raised about part II. Departments need to examine outdated definitions, such as the words "writing or signature". On Second Reading and in Committee, it emerged that, as the Bill stands, it is up to individual Departments to update their own legislation as they see fit. That may lead to inconsistencies and confusion, so perhaps the Government should be more proactive. The Department of Trade and Industry should issue time targets and templates to ensure that Departments do what is required.
I know that the Minister will consider it her duty to prod colleagues and generally to promote what the Bill stands for with all Departments. However, I appreciate that she is aware of the many problems that may be faced in order making under the Bill.
Social exclusion is another important issue. The Government have stated that they are concerned to ensure that there is the widest possible access to the technologies. I applaud it when the Minister refers to IT for All, information and communication technologies learning centres, and other schemes. However, Liberal Democrats, like everyone else, are considering a changing scenario, with digital and other means being developed.
181 I, like others, have heard about the Government initiative for the provision of low-cost computers for low-income families. How is that scheme going? Although the Minister may not be able to answer this afternoon—
§ Mr. Deputy SpeakerOrder. The hon. Gentleman must understand that, on Third Reading, he is limited to discussing the contents of the Bill. Even though he may think that other issues are connected with the Bill, he cannot raise them. He must talk about what is in the Bill.
§ Mr. CotterI stand corrected—thank you, Mr. Deputy Speaker.
In conclusion, the Bill is important to ensure that we as a country address the issues of e-commerce. The Minister is aware of the points that I have made and other issues might be raised on another occasion. I hope that we can advance together to make the climate suitable for business—and small business, in particular—to conduct its affairs.
§ Mr. St. AubynI too wish the Bill well and congratulate the Minister on her handling of it. However, my hon. Friend the Member for Rutland and Melton (Mr. Duncan) ably assisted the Bill to reach this stage when he encouraged the removal of the inappropriate clauses that were originally in it.
I express the wish that, in another place, some of the issues that have been debated and the two new clauses that could not be considered today will be taken up. If the Bill is to succeed, it must deal with the tax implications of cross-border trade. In its wider remit, it will not succeed unless that is done even if the undertakings that the Minister has given are taken on board by her colleagues in the Treasury and are dealt with in the next Finance Bill. Nor will it succeed in its objective of broadening e-commerce if the law of contract and the state in which the law applies have not been clarified.
We have supported the Minister so much on the Bill because we congratulate her on her fights with the Lord Chancellor's Department and with the finance team on the issue of which country's law should apply to contracts. We are concerned by the passage of the Brussels convention and we urge her to stop any suggestion that it should apply to e-commerce. We are also worried by the idea that the country of destination should be invoked in the Financial Services and Markets Bill. Therefore, with her colleagues in other Departments, we hope that she will consider the implications of trying to change the way in which the law is applied. We believe that, almost without exception, the country of origin should be the basis on which cross-border trade is regulated. If we adopt that stance, we should do so as the United Kingdom legislature and not by following the lead from Brussels and Europe.
We did not become the financial centre of Europe by following the lead from Brussels. We did that by following our own lead—deciding what we thought was best for the financial services industry. It is only by following our own sense of what is best for the e-commerce industry that we shall create the centre for e-commerce in Europe to which we all aspire.
182 Before the Bill reaches the Lords, the Minister should consider adopting unilaterally the principle behind new clause 2. A report to the Select Committee by the Minister every year would do much to enhance her role and her negotiating power with other Departments. She would be able to tell them that she has to come to the House to defend the decisions and explain why, if they get it wrong, it will be to the detriment of the regulation of cryptography support services. She would be able to explain why new tax burdens, such as IR35, and new regulatory burdens, such as the temp-to-perm rules for temporary staff employment agencies, would add to the cost of developing e-commerce in this country. I know that that is an argument that the Minister supports and I hope that she wins it with her colleagues in the Government.
That principle would also act as a spur to other Departments to implement the terms of the Bill when they try to reform and update other legislation. We were told that 40,000 pieces of legislation need updating to incorporate electronic signatures. However, there are no teeth in the Bill to ensure that the Minister's colleagues do their job to ensure that e-commerce can march ahead as fast as we all want it to.
§ Mr. AllanFirst, I congratulate the Minister for Small Business and E-Commerce on having accepted many of the amendments tabled in Committee. That Committee was one of the more useful that I have attended: there was genuine dialogue between both sides and Government Back Benchers chipped in—all too often that does not happen. In addition, we managed to create a relatively jargon-free environment. As a result, we have a clearer Bill at the end of the process than we had at the start of it.
It has emerged clearly from Committee and Report that the legislative framework surrounding electronic communications is changing rapidly. The Bill has been referred to as the first Government legislation of the new millennium, but I wonder whether such issues will in future be dealt with by other means. For example, the Minister has referred to international agreements on taxation, which will probably be well outwith the powers of the UK Parliament. I should be interested to learn more about that dimension in the context of e-commerce and electronic communications.
The Bill specifically covers the subject of industry self-regulation. The Minister referred to the T scheme, which will provide an interesting template for future progress. In Committee, it became apparent that industry self-regulation might be the only mechanism that can respond sufficiently quickly and with sufficient technical ability to achieve the objectives that we have set out.
Finally, I repeat a point made by my hon. Friend the Member for Weston-super-Mare (Mr. Cotter). There are now two Home Office Ministers on the Treasury Bench—
§ Mr. AllanSorry—the Under-Secretary of State for Northern Ireland, used to be a Home Office Minister.
183 The Liberal Democrats are concerned that, although the Bill represents one step forward, Home Office legislation to be considered later in the Session might represent a couple of steps in another direction. Crooks have always used whatever form of communication they can get their hands on, but we must ensure that we do not cut off our nose to spite our face and start blaming their medium of communication for the fact that crooks exist.
The Minister for Small Business and E-Commerce wants to enhance e-commerce and does not want unnecessary restrictions imposed on it or business scared away by other domestic requirements, even those that are, quite properly, designed to further law and order. I am sure that she will enter future negotiations in that spirit, so that Britain becomes the place where server farms—a sort of farm that does not normally require subsidy—become one of this country's main import and domestic earnings providers.
Question put and agreed to.
Bill read the Third time, and passed.