With the release two weeks ago of its consultation paper on electronic signatures, contracts and what it terms "related matters" (find it at www.ecommercegov.ie), the Government has set in place the crucial foundation stone for one of the most liberal and welcoming international regimes for electronic commerce.
In addition - and vitally important - the document also proposes a regulatory environment that should prompt the non-Orwellian growth of that most nebulous and potentially insidious of objects, an "information society". A wrong step in either of these areas would irrevocably stunt all the potential that technology offers "a small State on the periphery of Europe" (as the favourite Government speech cliche goes).
That's assuming the stone will be set in concrete by legislation in the coming months without having its key provisions altered in any debilitating way. Pressure may come both from internal and external - read, American or British - sources to change the document because it bravely goes where these neighbouring giants have not gone in a hugely important area, security and privacy issues.
These are the bulk of the "related matters" referred to in the document's title. Perhaps the framers of the document used such vagaries to draw as little attention as possible to the potential controversy of the stance they've taken on these issues. "Related matters" now stands in for the word "encryption", which was present in the title of the original framework document, but those who know the importance of this issue won't be fooled. Encryption is a red flag for many in law enforcement, especially its more clandestine branches, and is a heated topic for many others precisely because of this.
The American and British governments have been embroiled in angry confrontations over encryption with industry (both the technology industry and business in general) and privacy advocates like the American Civil Liberties Union, and the Electronic Privacy Information Center (in the US) and Cyber-Rights and Cyber-Liberties and Privacy International (in Britain).
The gist of the argument is whether the right to privacy, expressed as the ability to encode computer documents and e-mail messages, is outweighed by the need for law enforcement to gain access to suspect encoded material. Encryption technologies now allow material to be encoded with methods that theoretically would take hundreds, even thousands, of years to crack.
The specific point of contention has been whether citizens should be required to turn over the electronic "keys" that enable them to lock and unlock coded text. This could be demanded without someone ever having committed a crime (a system known as "key escrow", in which all vendors would have to file with law enforcement agencies a copy of all keys issued to users of their products).
Alternatively - when key escrow proposals consistently received scathing attacks from individuals and industry - it was suggested that law enforcement could require individuals either to hand over their keys ("key recovery") or offer a plain text printout of the suspect documents, if an appropriate warrant were produced. The latter proposal was part of the original Irish framework document for the current proposals.
Many arguments exist for why neither of these approaches should or could be contemplated in a democracy. Key escrow is clearly an invitation to abuse, offering horrific possibilities for secretive "fishing expeditions" for evidence.
Key recovery moves beyond accepted approaches to obtaining evidence, where suspect objects can be demanded by warrant, but it is then law enforcement's job to find the incriminating elements of that evidence, not for the suspect to help convert them into incriminating form.
One US senior court judge noted recently that, given government and law enforcement's ability to utilise technology to snoop unlawfully on citizens, citizens (and businesses) must have the ability to retain privacy through the free availability and unrestricted use of encryption. Anyone interested in the broader arguments for these issues can pursue them at EPIC's website, www.epic.org, which supplies links to documents on various sides of the issue.
Section 20 of the Government's consultation paper deals with "Lawful Access" and has five short subsections that lay out circumstances and procedures under which items can be seized by warrant. It allows for material to be searched for and examined and, if suspect, taken away. The five sections are written in legalese, but as for all sections, the document contains a condensed explanatory note for the text.
The explanation is the significant element in the document. It states: "This is not an enabler of mandatory key escrow or key recovery as the Government recognises industry's concerns that making these a feature of the e-commerce regulatory landscape could hinder the development and growth of electronic commerce in Ireland."
On the other hand, this policy is not explicitly stated within the proposed language of the section. But a spokesman for the Department of Public Enterprise insists: "It is certainly not our intention that Section 20 lead to mandatory key escrow or key recovery."
If so, it will want to consult with technology law experts, to make the section watertight in this regard, or critics will fear - as they do with proposed e-commerce legislation in Britain - a "back-door" return of escrow and recovery.
But overall, it's clear that the explanatory statement exists to quell any concerns that the Government will adopt the policies of the US or Britain. It's also a cocky attempt to attract e-commerce businesses that might otherwise go to either of those countries. The stance certainly will raise the eyebrows of our neighbours to the right and the left across the waters for a range of reasons, not least the wider political questions of terrorism and security.
For all these reasons, the Government should be praised for doing the right thing and the brave thing. The anti-encryption brigade can be deeply persuasive especially when it draws forth the spectres of global terrorism and child pornography. But it is wrong to establish a Big Brother society that sacrifices the privacy rights of the majority to make it easier to capture a minority of wrongdoers.
This State seems to be one of the few willing to stand up and explicitly back privacy over intrusion. That's good for society and e-commerce. Let's hope the legislation goes through in a final version that copperfastens this stance.
Karlin Lillington is at klillington@irish-times.ie
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)