Officials in London finally released details last week of an encryption bill several months in the works in Great Britain. The legislation, known as the Electronic Communications Bill (ECB), was immediately the target of heavy criticism.
The bill makes it a criminal offence for companies and individuals to fail to supply data keys for decrypted secure data on request from the UK courts. The penalty, modeled after Section 2 offenses under the UK's Computer Security legislation, could amount a two-year prison sentence.
Because such a penalty would result in protest from the IT industry, however, the government has added the provision that companies or individuals can provide a copy of the decrypted file to the government in place of their data keys. A major flaw in this policy, however, is that there is no way of verifying that the
decrypted file is actually a real copy of the data that is encrypted. Civil libertarians are thus highly critical of the bill.
The proposals allows for public comment until October 8, at which time evidence will be reviewed. If the bill were to miraculously avoid being pummeled throughout the public comments stage, it would be slotted for Parliamentary debate in early November.