Electronic Communications Bill
As widely predicted, the Government has published anElectronic Communications Bill stripped of the controversial clauses containedin the draft Bill published in July relating to law enforcement powers torequire the surrender of encryption keys. However, don’t be surprised ifsomething like them turns up somewhere else, for example in the Regulation ofInvestigatory Powers Bill which the Home Office is likely to introduce inparallel with the Electronic Communications Bill any moment now.
Voluntary Register
The new Bill is split into three parts. The first dealswith the arrangements for registering the providers of cryptography supportservices, such as electronic signature services and confidentiality services.You will recall that the draft Bill included reserve powers for the Governmentto establish and maintain a register of approved providers of cryptographysupport services and that these would be held back until it was clear whether ornot the Alliance for Electronic Business would be successful in establishingsuch a scheme itself without government intervention. The idea behind theregister is that it will be voluntary but will promote minimum standards ofquality and service to be met in relation to cryptography support services.
It was unnerving at the draft stage that there wasnothing that formally indicated that the Government would hold these powers inreserve and there is still nothing to that effect in the Bill itself. However,the DTI has indicated in a press release of 19 November that, if theself-regulatory scheme works, there will be no need to set up a statutory schemeand that part of the Bill relating to the establishment of the statutory schemewill be subject to a ‘sunset clause’ – stating that if a statutory schemehas not been set up within five years then the Government’s power to set oneup would lapse. In other words, the Alliance will have five years in which toset up a non-statutory, self-regulatory scheme and it has already begun work onsuch a scheme known inventively as the ‘T-Scheme’.
Electronic Signatures
Another, and perhaps the most important, aspect of theBill relates to the legal status of electronic signatures. These will be givenexplicit legal recognition on the basis that it will be for the court to decidein a particular case whether an electronic signature has been correctly used andwhat weight it should be given (eg in relation to the authentication andintegrity of a message) against other evidence (see clause 7).
All this features in Part II of the Bill, which alsocontains a power to modify by statutory instrument any legislation which wouldprevent the use of electronic communications or storage in place of paper. Itremains to be seen how this power is to be used, although the DTI has alreadyindicated in a consultation letter entitled ‘Electronic Communication: Changeto the Companies Act 1985’ that it intends to amend that Act to enablecompanies to use electronic means to deliver company communications, to receiveshareholder proxy and voting instructions and to incorporate.
On the face of it this would all seem to make perfectsense. There is no use having e-commerce if everything has to be endorsed inwriting. However, if you like to dwell on things negative then you might arguethat a person should not be forced to receive bills, traffic summonses,repossession orders etc by e-mail. Too bad if your PC is on the blink! You couldhave a point.
Telecoms Licences
Part III contains provisions to allow the modificationof telecoms licences without a reference to the Competition Commission ascurrently required under the Telecommunications Act 1984, s€12. The newlicence modification procedure is set out in a flow chart in the separateexplanatory notes published alongside the Bill.
These proposals on telecoms licences principally affectthose telecoms operators who have individual licences. They will enable licencemodifications which command general, though not unanimous, support in theindustry, or those which are deregulatory, to be implemented without the needfor a complex and expensive Commission enquiry. The overall impact is likely tobe deregulatory.
Key Escrow
No commentary on the Electronic Communications Billwould be complete without mentioning ‘key escrow’. The Government has made agreat show of its intention to drop the controversial provisions which haveplagued the consultation process preceding the publication of this Bill. Keyescrow, you will recall, would have required people wanting to keep theire-mails confidential to deposit copies of their electronic encryption keys withthird parties who would hold the keys on trust subject to powers of lawenforcement agencies to require delivery up under warrant. A mandatory keyescrow system has been explicitly ruled out in the Bill and there is now in factan express prohibition on key escrow requirements. Clause 13 spells out that theAct (ie the Bill), when it comes into force, will not confer any power to imposea requirement on any person to deposit a key for electronic data with anotherperson.
You may feel that this is cause for celebration. Youwould be advised to keep the party on ice at least until the publication of theRegulation of Investigatory Powers Bill which will combine police powers torequire access to encryption keys with broad regulatory powers to interceptcommunications including e-mail. That Bill would place the financial onus onservice providers to adapt their systems in order to allow data carried on themto be intercepted.
E-commerce Directive
Enough has been written about the E-commerce Directiveover the past year, and I do not propose to go into great detail now, except tosay that political agreement was reached on 7 December by the Council ofMinisters on a Common Position for the Directive. This takes the Directive muchfurther down the line towards final adoption. Once the Council’s CommonPosition is formally adopted, a rubber stamp exercise which will take place at aforthcoming Council meeting (probably February 2000), it will be sent to theEuropean Parliament for its second reading under the co-decision procedure.
The Directive has had a fairly bumpy ride, which is notsurprising with such a major piece of legislation of such broad commercialapplication. It upset the consumer lobby when it first appeared in November 1998with its ‘home country control’ approach to the regulation of providers ofonline services. It has had businesses grinding their teeth with its derogationfrom that basic principle for obligations under consumer contracts, but whatelse could it do other than take the middle ground.
As the Directive lurches towards second reading, we canassume with a degree of certainty that a number of key elements will remain.Home country control and the consumer derogation appear firmly established. Weknow that the place of establishment will be defined for the purpose ofidentifying the ‘home country’ as the place where the operator actuallypursues an economic activity through a fixed establishment, irrespective ofwhere Web sites or servers are situated or where the operator may have amailbox. We can also be fairly sure that operators will be required to provideclear basic information concerning their activities such as name, address,e-mail address, trade register number, professional authorisation and membershipof professional bodies where applicable, and VAT number.
Variations on some of the Directive’s proposals havealready appeared at national level. For example, the obligation on Member Statesto remove any prohibitions or restrictions on the use of electronic contracts isreflected in the power proposed under the UK’s Electronic Communications Billto modify by statutory instrument any legislation which would prevent the use ofelectronic communications or storage in place of paper.
The Directive also deals with the liability ofintermediaries, for which read Internet service providers. The proposal is foran exemption from liability for intermediaries where they play a passive role asa ‘mere conduit’ of information from third parties and for a limit onservice providers’ liability for other ‘intermediary’ activity such as thestorage of information. You’ll be able to obtain an injunction against thembut not damages. The Directive also intends to deal to a certain extent with theproblem of spam (ie unsolicited e-mail) and these provisions will have to beread in conjunction with additional requirements under the Distance SellingDirective 97/7/EC.
One area which has not received a great deal ofattention, but is nevertheless an important aspect of the Directive, relates topowers of Member States, on a case-by-case basis, to restrict services suppliedfrom other Member States, where this is necessary to protect the public intereston grounds of protection of minors or other grounds such as race, sex, religionor nationality, including offences to human dignity concerning individuals,public health or security and consumer protection (including the protection ofinvestors). However, such restrictions would have to be proportionate to theirstated objective. A Member State would not be permitted to exercise these powerswithout first asking the home country to take action.
