The Government’s avowed intent is to make the UK ‘the best environment world-wide in which to trade electronically.’ It plans to show the way by making 100% of Government services available electronically by 2008, and doing 90% of its own routine procurement of goods electronically by 2001. All that means is removing any doubt about the legal validity, and the safety, of electronic transactions.
It’s already possible to authenticate transmitted documents or messages by using an electronic signature – a cryptographical technique that identifies the author of a document. The signature has a second function: it can be used to check that the content of the document or message hasn’t been tampered with. (This technique is sometimes referred to by the acronym ‘PKI’ for ‘Public Key Infrastructure’.)
Under the proposed legislation, electronic signatures on electronicdocuments will be explicitly recognised in law as being equivalent toconventional signatures on paper documents. The Government plans to adjust existing legislation stipulating the use of paper documentation so that signed electronic documents become acceptable substitutes.
For this plan to work, people have to believe electronic documents are as trustworthy as traditional ones. Initially, the Bill proposes a self-regulatory environment for validating the organisations who provide the ‘cryptography services’ used to authenticate messages and safeguard their integrity and confidentiality.
Under the so-called T-Scheme, the Government will maintain a register of those providers who have been independently quality-assured. Ifself-regulation doesn’t work out, the Government could establish astatutory (but still voluntary) scheme.
The Government wants to ensure that the growth of e-commerce doesn’t lead to an e-crime wave. An earlier draft of the Electronic Communications Bill made provision for law enforcement agencies to get their hands on the means to decode people’s messages, but came under fire for its civil rights implications.
Those issues are now to be the subject of a separate Investigatory Powers Bill. The Government has dropped a proposed requirement for everyone to escrow their private keys just in case they were subsequently suspected of a crime.
The e-commerce community has mostly reacted positively to the revisedBill. Chris Potter, a PricewaterhouseCoopers partner specialising ine-commerce, says, ‘At the moment, many organisations have PKIimplementations which are really waiting for an application. By fostering business-to-business e-commerce, this legislation should help them to see significant return on their investment.’
While there are different versions of public key cryptography, the basic idea is that each user has a pair of “keys” – mathematical passwords used in encrypting and decrypting messages. Each pair includes a public key, made generally available, and a corresponding private key, known only to the owner.
The owner can “lock” a message prior to transmission by scrambling itusing an encryption process driven by their own private key – thisscrambling constitutes the signature. The message can then be unscrambled by anyone in possession of the matching public key.
Because the message can only have been scrambled using the private key, the recipient can be confident it’s authentic.
A pair of keys is sometimes used the opposite way round to make messages confidential. If the sender uses the recipient’s public key to scramble a message, it can only be unscrambled with the corresponding private key.
By combining the sender’s and the recipient’s keys, a transmission can be both “signed” and made confidential.
For more details of the Bill, see
For in-depth discussion of public key cryptography, see
For a draft EU Directive on electronic signatures to which the Billrelates, see
New growth opportunities in Aberdeen, North East Scotland, are being invested in by Grant Thornton
If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned
The Financial Reporting Council has issued guidance regarding the annual reporting of 1,200 large and smaller listed companies. The letter highlighted the key issues and improvements that can be made in the 2016 reporting season
Deloitte's north-west Europe foray; BDO, Smith & Williamson investment paths; Shelley Stock Hutter; and Wilkins Kennedy discussed by editor Kevin Reed on our Friday Afternoon Live broadcast