UK Policy on Licensing TTPs Proposed, Criticised

The UK's Minister of Science and Technology released a proposed policy on licensing of Trusted Third Parties (TTPs) on March 21. The document is posted here. Ross Anderson of Cambridge University quickly made a copy available here and issued a brief but sharp critique, asserting that the new policy would outlaw PGP servers and leave countries that refused to escrow keys out of international electronic commerce. Brian Gladman of Trusted Information Systems (TIS) registered similar concerns, though he feels some portions of the document have merit. He has posted a copy of the document as a web form that embeds both comments and a questionnaire that permits readers to register their own reactions, see here. Alternatively, comments may be e-mailed to

Earlier, on March 18, TIS announced that a consortium of TIS, Microsoft, and IABG would provide "integrated technology that will both encrypt/decrypt data, and provide a way to recover the data should the original encryption key be lost." The pilot project is part of a study of confidentiality services led by IABG of Germany and sponsored by the European Commission. It intends to demonstrate a framework for strong encryption and key recovery that could be a basis for a secure electronic business infrastructure in Europe. TIS Key Recovery Centers located in France (Bull Engineering), Switzerland (R3 Security Engineering), Netherlands (Philips Crypto), Germany (IABG) and the UK (DRA-Malvern will act as TTPs.