Helping Britain to trade electronically |
Inter ForumWinkworth House 83 St Judes Rd Englefield Green Surrey TW20 0DF |
Phone: +44 1784 473 005 Fax: +44 1784 473 006 http://www.interforum.org |
Building Confidence in Electronic Commerce
A Consultation Document
Submission by the Charter & Business Councils of InterForum
March 1999
The Council of InterForum consists of the following organisations.
BT, Cisco, Compaq, Demon, DTI, Entrust, Financial Times, Global One, Hitachi, IBM, ICL, LineOne, Lucent, Miller Freeman, Novell, Nortel Networks, Open Text, Sagesoft, Sequent, Sphinx CST, Staffware, Sun.
Argos, Bass, Boots, Bupa, British Airways, Business Link Network, Commerce Direct, Creative Directions, De Montfort University, DHL, Fed of Small Business, Fitzpatrick plc, H M Treasury, ING Barings, Lloyds Bank, Metropolitan Police, NatWest Group, National Savings, Parcelforce, The Quo Group, Reuters, Royal Bank of Scotland, Sainsbury's, Thomas Cook, Transco, Woolwich Bank.
The combined UK revenue of the council members listed above totals £58.75bn
InterForum is a non-profit organisation, UK based, promoting awareness and understanding of electronic commerce. Our members are companies from the ICT industry, and ICT user companies who serve the public directly. We are leading the electronic business revolution.
We are delighted to have this opportunity to provide input to the Consultation Document. Our comments are brief and to the point. More detailed guidance can be found in our White Papers, which are available at our Web Site, http://www.interforum.org.
The UK government is committed to making the UK the best electronic commerce environment. The first priority in making this a reality is to provide the necessary legal framework. Therefore we fully support the urgency with which the government is approaching this task.
We are impressed with the constructive dialogue with industry that the DTI have established in preparing this legislation. We are pleased that our misgivings about mandatory key escrow have been listened to, and that this aspect of the proposed legislation has now been dropped.
We support much of the content of the bill which is now proposed. However, we remain unconvinced that the licensing scheme for trusted third parties is necessary or workable.
The following sections address some of the key questions in the Consultation Paper, "Building Confidence in Electronic Commerce" (reference URN 99/642).
It is vital that the common signatures, by which people approve and commit to commercial transactions, are recognised as being valid in law. A clear primary statutory instrument, simply allowing electronic signatures to have the same effect in law as paper ones, should enact this.
If there are exceptions, they could be dealt with by secondary instruments. However, it is not clear what these exceptions would be.
For example, in the registration of births, marriages and deaths, today these are signed in the presence of officially appointed registrars, and this would continue. Today, the administration of a death is a slow, costly process because the key documents have to be on paper, even when they are prepared electronically. Electronic death certificates would be much harder to forge, and much speedier to process, than paper ones.
We agree that Spam is a problem, but we don't think legislation is necessary to combat it. Much can already be done by technology to filter it out, and to block the perpetrators. A code of practice for ISP's might help.
We applaud the decision to withdraw the requirement for a mandatory licensing regime. That, coupled with the Key Escrow proposal, would have undermined the very confidence it was trying to create.
We agree with the current proposal, in that any signature can be given legal effect, regardless of who the Certification Authority is, and even if there isn't one. That being the case, it is hard to see the value in having even a voluntary licensing regime.
As the paper points out, businesses and individuals will decide for themselves who to trust, and what risk to bear. There is nothing unusual about that. Certification Authorities will have to compete to earn that trust, and to carry those risks. Organisations that already have a strong trust relationship with their customers will be well placed to enter this market.
We do not believe a government licensing scheme will materially improve confidence. And it is hard to see how it could work in practice, given the global nature of electronic commerce. The buyer, the seller, and the CA will often all be in different countries. The essential requirement is to give the public a good level of protection wherever they are buying from, and to boost the competitiveness of UK businesses whoever they are selling to.
We do not see it as necessary or appropriate for defined liability limits to be set by legislation. We expect these to be set by market forces. In a way, a CA is like an insurance company, offering different levels of cover depending on what premium is to be paid, and spending more or less effort in managing the risk.
We are deliberately advocating a liberal legislative regime, because we believe it is essential if the business environment in the UK is to be strong and positive at the forefront of the electronic commerce revolution. It will allow intermediaries to flourish, unencumbered by bureaucracy and red tape.
But there is more that the government can do. Government itself will be the biggest participant in Electronic Commerce. Intermediaries will be able to establish their trustworthiness more easily if they are already engaged "by appointment to HMG". This will be another opportunity for government to show leadership and imagination.
The rise of electronic crime is one of the greatest threats to the successful construction of the electronic commerce environment. We fully support the need to combat crime, and we are working with government to do what we can to help.
However, electronic crime is also in its infancy, and it is developing rapidly. It is not possible to cater for all the possible crime scenarios in legislation of this sort. Nor is it sensible to attempt to do so within a bill with a different purpose - that of building confidence in electronic commerce. Withdrawing mandatory key escrow is very welcome, as it would have been completely ineffective as a crime fighting measure. We now advocate the development of a separate bill designed to concentrate on electronic crime.
By their very nature, the mechanisms of electronic commerce must be in the public domain. Therefore, criminals have free access to them, and will look for ways of perverting their use for their own ends.
Therefore, the core techniques of electronic crime prevention and detection must not be in the public domain. We must fight technology with technology.
We are confident that the technology and ingenuity exists in the IT industry to develop the necessary tools, techniques and expertise, in partnership with government. Several of us in InterForum are participating in this joint work, and we will be delighted for it to continue. We would recommend this be set up more formally as an ongoing ‘Electronic Crime Task Force’.
Electronic commerce is a global phenomenon. It knows nothing about national borders. It will operate best if there is close harmony amongst all electronic commerce laws enacted nationally and internationally.
The UK is rightly one of the first nations to come forward with this type of legislation. The rest of the world is watching closely. This puts the onus on the UK to come up with mechanisms that can work across borders. We can then have an unusually high expectation that the rest of the world will follow our lead.
InterForum March 1999
Go back to the start of this document.
Go to the library of current responses.
Last Revised: April 20 1999