Jostling for position on e-commerce

It may seem rather obscure and esoteric and only runs to three pages, but the Government's framework document on cryptography…

It may seem rather obscure and esoteric and only runs to three pages, but the Government's framework document on cryptography and digital signatures, released on Wednesday, is one of the most significant elements in Ireland's bid to become an international centre for electronic commerce. Encryption - the encoding and decoding of computer data which allows it to be sent securely over the Internet - doesn't exactly grab the attention of the general public, and the Department of Public Enterprise understandably used the high profile visit of President Clinton's senior adviser on Internet policy, Mr Ira Magaziner, to add some glamour to the announcement.

But for those who follow the twists and turns of international Internet cryptography debates, the document's import was clear: it stands as a green flag to global industry that the Republic intends to create a welcoming, largely unregulated e-commerce environment.

The document's guidelines appear to make the Republic the least restrictive and therefore the most e-commerce friendly of any country. Specifically, the document takes a more liberal approach to regulating encryption than the United States, whose tight control on the use and export of products has caused widespread industry anger.

Encryption is seen as the foundation on which e-commerce may be built. To date, doubts about the security of information passing over the public Internet has restrained companies from using the global network for the sensitive business-to-business and business/client exchanges that underpin commerce. In addition, the public has expressed fears of sending personal details like credit card information across the Web. Methods for encoding information have existed for some time. A number of software companies design so-called "key encryption" products. The person sending the data and the recipient use special software "keys" to encrypt and decode the data.

READ MORE

But law enforcement agencies in the United States have been wary of the public use of encryption products, warning that terrorists and other criminals could send information using "strong" encryption, that could take, literally, more than a thousand years to crack. Therefore, the US has banned the export of strong encryption products. The US government also wants the ability to access encrypted Internet messages if law enforcement agencies want to unscramble a suspected message using built-in technology to recover the key - a process known as key recovery. While the European Commission has declared its intent not to restrict the use of encryption, it hasn't yet clarified its stance on key recovery. Britain's recently released policy on encryption hints at allowing the use of key recovery in addition to requiring individuals to turn over encrypted data if presented with a search warrant.

Ireland's document suggests a more relaxed approach. According to Mr Eoin O'Dell, of TCD's School of Law, who specialises in Internet issues, the document doesn't mention key recovery in its most potentially controversial section on allowing "lawful access to encrypted data". Also, it appears to give individuals the choice of handing over an unscrambled document if presented with a search warrant, or handing over their encryption keys.

While the document lacks precise details of the actual legislation, he believes that the proposal would not breach Irish freedom of speech or privacy laws. Nonetheless, he agrees that this element of the document is likely to attract opposition from freedom of speech advocates. "Overall, it's very e-commerce friendly," he says.

A spokesman for the Department of Public Enterprise, involved in drafting the document, said the Government decided "not to stop the whole of commerce just for a few bad guys".

Dublin-based encryption software developers Baltimore Technologies hailed the general tenor of the document. "This is a very flexible and liberal document," says chief executive, Mr Fran Rooney. "It shows tremendous vision on behalf of the Irish Government to show an initiative, and to let industry fully exploit the opportunities of e-commerce." However, he would prefer to have the final legislation drop any requirement to hand over keys and hopes the Government will allow the encryption industry to self-regulate.

The Department spokesman says it will be several months before final legislation is drafted and says it will welcome comment from individuals or organisations.

Karlin Lillington

Karlin Lillington

Karlin Lillington, a contributor to The Irish Times, writes about technology