Commentary on Sections
Part I Cryptography Service Providers
Section 1: Register of approved providers
21.This section places a duty on the Secretary of State to establish and maintain a register of approved providers of cryptography support services, and specifies what information is to be contained in the register. The section also requires the Secretary of State to make arrangements for the public to have access to the register and for any changes to the information in the register to be publicised.
cryptography support services are defined in section 6.
22.The main purpose of the register is to ensure that providers on the register have been independently assessed against particular standards of quality, in order to encourage the use of their services, and hence the development of electronic commerce and electronic communication with Government.
23.Where two people are communicating electronically, it may be necessary for one person to rely on the services provided to the other: for example, where the first person receives a communication which purports to have been signed electronically by the other.
a definition of electronic signature is given in section 7(2).
24.The register is voluntary: no provider is obliged to apply for approval and a provider who is not on the register is at liberty to provide cryptography services.
Section 2: Arrangements for the grant of approvals
25.This section places a duty on the Secretary of State to ensure that there are arrangements in force for granting approval, handling complaints and disputes and modifying or withdrawing approval.
26.Subsection (1) places a duty on the Secretary of State to ensure that there are arrangements for granting approvals for any person providing, or proposing to provide, cryptography support services in the United Kingdom, and applying to be approved.
The provision of cryptography support services in the United Kingdom is described in subsection (10) of section 2.
27.Subsection (2) sets out what the arrangements for approvals are to achieve.
28.Subsection (3) says what the Secretary of State must be satisfied about in order to grant an approval. The Secretary of State is given the power to set requirements (e.g. relating to the technology provided, to the person himself and his background and experience, and the way he provides the technology to the public) by regulation, and also to impose conditions on the approval. Subsection (5) of section 5 provides that the Secretary of State must consult before making regulations imposing requirements. The Secretary of State must also be satisfied that the person is fit and proper to be approved. Relevant factors include any known contraventions of provisions of this legislation, and convictions for offences involving fraud or dishonesty, or engaging in discriminatory practices, or engaging in deceitful, oppressive, unfair or improper business practices.
29.Subsection (4) allows for regulations made by virtue of subsection (3)(a) or (b) to frame the requirement for compliance with these requirements by reference to the opinion of a person specified, either in the regulations or chosen in a manner set out in the regulations.
30.Subsection (5) specifies the nature of the requirements which may be imposed as conditions of an approval, subject to the limits in subsection (6).
31.Subsection (7) provides for the enforcement of any requirement to provide information imposed by the conditions of an approval by the Secretary of State in civil proceedings.
32.Subsections (8) and (9) make provision about the payment of fees.
33.Subsection (10) sets out what is meant by cryptography support services being provided in the United Kingdom.
34.The arrangements for approvals, outlined above, envisage providers requesting approval for one or a number of different cryptography support services. The granting of such an approval would depend on the applicant meeting the conditions specified in the relevant regulations.
Section 3: Delegation of approval functions
35.This section enables the Secretary of State to delegate the approvals functions set out in sections 1 and 2 to any person. Subsection (4) provides that where the functions are delegated to a statutory body or office holder, the statutes relating to their original functions shall be regarded as including the new functions so delegated. Subsection (5) enables the Secretary of State to modify enactments by order, and subsection (6) provides that the order required to do this will be subject to affirmative resolution procedure in both Houses of Parliament.
Section 4: Restrictions on disclosure of information
36.This section protects certain information obtained under Part I, sets out the purposes for which it may be disclosed (e.g. in order to carry out the approvals functions, for a criminal investigation or for those civil proceedings specified in subsection (2)(e)) and makes improper disclosure a criminal offence. It safeguards individual privacy and commercially confidential information, except where disclosure is justifiable.
37.There is no restriction on who may make the disclosure or to whom it may be made, provided that the purpose is proper.
Section 5: Regulations under Part I
38.This section makes further provision relating to the regulations the Secretary of State may make under Part I and contains standard provisions commonly accorded to powers to make subordinate legislation, such as an ability to make supplementary provision. The regulations will be subject to affirmative resolution procedure in both Houses of Parliament the first time the Secretary of State exercises his powers to make regulations under this Part. They will subsequently be subject to negative resolution procedure in both Houses of Parliament.
prescribed is defined in this Part as meaning prescribed by regulations made by the Secretary of State, or determined in such a manner as may be provided for in any such regulations.
Section 6: Provision of cryptography support services
39.This section provides for the interpretation of various terms used in Part I of the Act.
The cryptography support services that may be approved under the arrangements described above are defined to include those relating to:
confidentiality, i.e. securing that such electronic communications or data can be accessed, or can be put into an intelligible form (defined in section 15(3)), only by certain persons;
securing that the authenticity or integrity (both defined in section 15(2) of electronic communications or data is capable of being ascertained, i.e. relating to an electronic signature.
40.Subsection (2) makes it clear that the approval scheme for cryptography support services includes only those services that primarily involve a continuing relationship between the supplier of the service and the customer. The scheme does not cover the supply of an item (whether software or hardware) unless such a supply is integral to the provision of the service itself.
41.Cryptography support services, falling within the scope of this section, would include registration and certification in relation to certificates, time-stamping of certificates or documents, key generation and management, key-storage and providing directories of certificates.
Part II Facilitation of electronic commerce, data storage, etc.
Section 7: Electronic signatures and related certificates
42.This section provides for the admissibility of electronic signatures and related certificates in legal proceedings.
43.It will be for the court to decide in a particular case whether an electronic signature has been correctly used and what weight it should be given (e.g. in relation to the authentication or integrity of a message) against other evidence. Some businesses have contracted with each other about how they are to treat each other's electronic communications. Section 7 does not cast any doubt on such arrangements.
44.Subsection (1) allows an electronic signature, or its certification, to be admissible as evidence in respect of any question regarding the authenticity or integrity of an electronic communication or data. Authenticity and integrity are both defined in section 15(2):
references to the authenticity of any communication or data are references to any one or more of the following—
(i)whether the communication or data comes from a particular person or other source;
(ii)whether it is accurately timed and dated;
(iii)whether it is intended to have legal effect.
references to the integrity of any communication or data are references to whether there has been any tampering with or other modification of the communication or data.
45.Subsection (2) defines an electronic signature for the purposes of the section.
46.Subsection (3) explains what is meant by certified in this context.
Section 8: Power to modify legislation
47.This power is designed to remove restrictions arising from other legislation which prevent the use of electronic communications or storage in place of paper, and to enable the use of electronic communications or storage of electronic data to be regulated where it is already allowed. Its potential application in such cases means that it is narrower in scope than section 7, which applies wherever electronic signatures are used, including those cases where there is no legislative impediment to the electronic option. The power can be used selectively to offer the electronic alternative to those who want it.
48.There are a large number of provisions in statutes on many different topics, which require the use of paper or which might be interpreted to require this. Many of these cases involve communication with Government Departments by businesses or individuals - including submitting information or applying for licences or permits. Other cases concern communications between businesses and individuals, where there is a statutory requirement that the communication should be on paper. The power can be used in any of these cases, and is not limited to the provision of written information:
document is defined in section 15(1) to include a map, plan, design, drawing, picture or other image;
communication is defined in section 15(1) to include a communication comprising sounds or images or both and a communication effecting a payment.
49.Some examples of the way in which the power could be used relate to the Companies Act 1985. On 5 March 1999 the DTI consulted about whether the Act should be changed to enable companies to use electronic means to deliver company communications, to receive shareholder proxy and voting instructions and to incorporate. The consultation letter “Electronic Communication: Change To The Companies Act 1985” is available from DTI’s Company Law and Investigations Directorate, telephone 020 7215 0409. A draft order, which the Government proposes to make under this power, was published for consultation in February 2000 and is available by phoning the same telephone number and at www.dti.gov.uk/cld.condocs.htm
50.The Government will also ensure a co-ordinated approach among Departments and issue guidance for their use. This accords with the observation in the Performance and Innovation Unit report e-commerce@its.best.uk (para 10.45) that “A significant degree of co-ordination will be needed to ensure that measures to acknowledge legal equivalence of written and digital signatures marches in step between departments”. This role has been assigned to the Central IT Unit in the Cabinet Office, which provides the policy lead for developing Information Age Government under the Modernising Government agenda. The Cabinet Office is developing guidelines to ensure that Departments follow a consistent approach.
51.There are, however, many communications where paper is not currently required by law - for example the vast majority of contracts fall into this category. People will remain free to undertake transactions of this kind using whatever form of communication they wish.
52.Subsection (1) gives the appropriate Minister the power to modify, by order made by statutory instrument, the provisions of any enactment or subordinate legislation, or instruments made under such legislation, for which he is responsible. He may authorise or facilitate the use of electronic communications or electronic storage (instead of other methods of communication or storage) for any purpose mentioned in subsection (2). This power is limited by subsection (3) which places a duty on the Minister not to make such an order unless he considers that authorising the option of electronic communication or storage will not result in arrangements for record-keeping that are less satisfactory than before. It is also limited by subsection (6).
enactment is defined in section 15 and includes future legislation;
record is defined in section 15 to include an electronic record;
the appropriate Minister is defined in section 9 (1).
53.Subsection (2) describes the purposes for which modification by an order may be made.
54.Subsections (4) and (5) specify the types of provision about electronic communications or the use of electronic storage that may be made in an order under this section.
55.Subsection (6) provides that an order under this section cannot require the use of electronic communications or electronic storage. However, when someone has previously chosen the electronic option, the variation or withdrawal of such a choice may be subject to a period of notice specified in the order.
56.Subsection (7) provides that this section does not apply to matters under the care and management of the Commissioners of Inland Revenue or the Commissioners of Customs and Excise. Such matters are already covered in sections 132 and 133 of the Finance Act 1999.
Section 9: Supplemental provision about section 8 orders
57.This section says who may make section 8 orders, and sets out supplementary provisions relating to such orders; it contains standard provisions commonly accorded to powers to make subordinate legislation, such as an ability to make supplementary provision.
58.Subsections (3) and (4) provide that the regulations made under section 8 will be subject to a choice of either affirmative or negative resolution procedure in both Houses of Parliament. The Government intends to use affirmative resolution at least for the first order, so that the general principles can be debated. Subsection (7) provides for the power to be exercised by the Scottish Ministers, with the consent of the Secretary of State, in relation to Scottish devolved matters. Scottish legislation is brought within the ambit of the power by virtue of the definitions of enactment and subordinate legislation in section 15.
Section 10: Modifications in relation to Welsh matters
59.This section provides for the power in section 8 to be exercised by the National Assembly for Wales, to the extent set out in subsections (3) and (4). That power is to be exercisable with the consent of the Secretary of State.
Part III Miscellaneous and supplemental
Section 11: Modification of licences by the Director
60.The EC Telecommunications Services Licensing Directive (97/13/EC) requires licensing for telecommunications to be non-discriminatory. In practice this means that modifications usually need to be made to all licences of a particular type at the same time. However, the current licence modification procedure, as detailed under section 12 of the Telecommunications Act 1984, requires the Director General of Telecommunications (DGT) to obtain the written consent of an individual licence holder if he wishes to proceed with a modification without reference to the Competition Commission (CC). Thus if the DGT wishes to make a licence modification without reference to the CC, he must now obtain written consent from all those whose licences are to be modified. Given that there are a large number of individual licensees - over 400 - gaining this consent is an unduly difficult requirement. For example, some licensees may feel they have insufficient interest to bother to answer the DGT’s letter. This could lead to licences becoming silted up with out of date requirements, as well as preventing the DGT from responding appropriately to new developments.
61.Section 11 accordingly enables the DGT to proceed with licence modifications without reference to the CC providing that he does not receive objections from any licensees whose licences are to be modified. The section will also enable the DGT to proceed with a licence modification without reference to the CC in cases where he considers the licence modification to be deregulatory according to specified criteria.
62.The section operates by making modifications to the existing section 12 of the Telecommunications Act 1984 (the 1984 Act) (which sets out the procedure for making modifications) and inserting a new section 12A (setting out the criteria for making modifications).
63.Subsection (1) provides that notice of a modification, in addition to its being published, must be given to every “relevant licensee” (defined in the new section 12(6E), inserted by subsection (3)).
64.Subsection (2) replaces section 12(4) of the Telecommunications Act 1984 with two new subsections (4A) and (4B). subsection (4A) provides that class licences (i.e. general authorisations, which are deemed to be granted to all those within a particular “class of persons” - e.g. every person in the UK - normally with no fee or registration involved) may be modified despite outstanding representations, provided that no objections come from persons benefiting from the class licence. Subsection (4B) paves the way for the criteria in section 12A which must be satisfied before a modification is made in the case of a licence granted to a particular person.
65.Subsection (3) inserts six new subsections in section 12 of the 1984 Act:
Subsections (6A) and (6B), requiring the reasons for the making of a licence modification to be published.
Subsection (6C), enabling the DGT to publish the names of companies objecting to a modification, without their consent, and to publish non- confidential details of objections and representations received.
Subsections (6D) and (6E), which provide definitions.
Subsection (6F) which makes clear that this procedure does not apply if a licence is modified by revocation and reissue.
66.Subsection (4) inserts a new section 12A into the 1984 Act, which sets out the criteria for modifications to be made. This is illustrated in the flow-chart below.
Subsection 12A(4) provides that the modification may be made to licences issued since the making of a proposal for that modification, so long as the persons whose licences are modified have been given reasonable opportunity to object and have not done so.
67.Subsection (5) makes consequential amendments.
Figure 1 below provides a diagrammatic representation of the revised licence modification procedure.
Section 12: Appeals against modifications of licences
68.This section provides for an appeal under section 46B of the Telecommunications Act 1984 against licence modification decisions under section 12 of a licence granted to a particular person. (Section 46B provides for appeals against a range of regulatory decisions on wider grounds than those provided by judicial review.)
Section 14: Prohibition on key escrow requirements
69.This section limits the powers given by this Act to any Minister of the Crown, the Scottish Ministers, the National Assembly for Wales, or any person appointed under section 3, such that these powers may not impose requirements on a person to deposit a key for electronic data with any other person. Subsection (2) makes clear that a key may be required to be deposited with a person to whom the communication is sent and that alternative arrangements to key-storage may be required to prevent the loss of data or the ability to decode it. Subsection (3) defines a key for the purposes of this section, making use of the definition of being put into an intelligible form given in section 15 (3).
Section 15: General interpretation
70.This section provides for the interpretation of various terms used throughout the Act.
71.Subsection (1) inter alia defines:
electronic communication to mean a communication transmitted (whether from one person to another, from one device to another or from a person to a device or vice versa) by means of a telecommunication system (within the meaning of the Telecommunications Act 1984), or by other means but while in an electronic form.
Section 4(1) of the Telecommunications Act 1984 says
In this Act telecommunication system means a system for the conveyance, through the agency of electric, magnetic, electro-magnetic, electro-chemical or electro-mechanical energy of-
(a)speech, music and other sounds;
(b)visual images;
(c)signals serving for the impartation (whether as between persons and persons, things and things or persons and things) of any matter otherwise than in the form of sounds or visual images; or
(d)signals serving for the actuation or control of machinery or apparatus.
subordinate legislation as having the same meaning as in the Interpretation Act 1978, and also including corresponding secondary legislation made under Acts of the Scottish Parliament and certain statutory rules in Northern Ireland.
Section 21(1) of the Interpretation Act 1978 provides that subordinate legislation means Orders in Council, orders, rules, regulations, schemes, warrants, byelaws and other instruments made or to be made under any Act.