Section 1: Register of approved providers
This section places a duty on the Secretary of State to establish and maintain a register of approved providers of cryptography support services, and specifies what information is to be contained in the register. The section also requires the Secretary of State to make arrangements for the public to have access to the register and for any changes to the information in the register to be publicized.
Cryptography support services are defined in section 6.
The main purpose of the register is to ensure that providers on the register have been independently assessed against particular standards of quality, in order to encourage the use of their services, and hence the development of electronic commerce and electronic communication with Government.
Where two people are communicating electronically, it may be necessary for one person to rely on the services provided to the other: for example, where the first person receives a communication which purports to have been signed electronically by the other.
Definition of electronic signature is given in section 7(2).
The register is voluntary: no provider is obliged to apply for approval and a provider who is not on the register is at liberty to provide cryptography services
This section is very straight forward it informs us that a registration has to provided to the extent that all persons or person who will provide assistance to the development of the cryptography support services area and associated
Section 2: Arrangements for the grant of approvals
This section places a duty on the Secretary of State to ensure that there are arrangements in force for granting approval, handling complaints and disputes and modifying or withdrawing approval.
Places a duty on the Secretary of State to ensure that there are arrangements for granting approvals for any person providing or proposing to provide, cryptography support services in the United Kingdom.
The provision of cryptography support services in the United Kingdom is described in subsection.
Says what the Secretary of State must be satisfied about in order to grant an approval. The Secretary of State is given the power to set requirements (e.g. relating to the technology provided, to the person himself and his background and experience, and the way he provides the technology to the public) by regulation, and also to impose conditions on the approval.
The Secretary of State must also be satisfied that the person is fit and proper to be approved. Relevant factors include any known contraventions of provisions of this legislation, and convictions for offences involving fraud or dishonesty, or engaging in discriminatory practices, or engaging in deceitful, oppressive, unfair or improper business practices.
Requirement for compliance with these requirements by reference to the opinion of a person specified, either in the regulations or chosen in a manner set out in the regulations.
The arrangements for approvals, outlined above, envisage providers requesting approval for one or a number of different cryptography support services. The granting of such an approval would depend on the applicant meeting the conditions specified in the relevant regulations.
In general this section confirms to section 1 that a person and persons will be able to provide the necessary information and also the persons will be fit for purpose and all transaction will be performed in the correct business.
Section 3: Delegation of approval functions
This section enables the Secretary of State to delegate the approvals functions set out in sections 1 and 2 to any person. Subsection (4) provides that where the functions are delegated to a statutory body or office holder, the statutes relating to their original functions shall be regarded as including the new functions so delegated. Subsection (5) enables the Secretary of State to modify enactments by order, and subsection (6) provides that the order required to do this will be subject to affirmative resolution procedure in both Houses of Parliament.
This section is very straight forward it informs us that state has the ability to delegate the items mentioned in sections 1 and 2.
Section 4: Restrictions on disclosure of information
This section protects certain information obtained under Part I, sets out the purposes for which it may be disclosed (e.g. in order to carry out the approvals functions, for a criminal investigation or for those civil proceedings specified in subsection (2)(e)) and makes improper disclosure a criminal offence. It safeguards individual privacy and commercially confidential information, except where disclosure is justifiable.
There is no restriction on who may make the disclosure or to whom it may be made, provided that the purpose is proper.
This section has informed us that disclosure of information will be restricted subjected to certain conditions.
Section 5: Regulations under Part I
This section makes further provision relating to the regulations the Secretary of State may make under Part I and contains standard provisions commonly accorded to powers to make subordinate legislation, such as an ability to make supplementary provision.
The regulations will be subject to affirmative resolution procedure in both Houses of Parliament the first time the Secretary of State exercises his powers to make regulations under this Part. They will subsequently be subject to negative resolution procedure in both Houses of Parliament.
- prescribed is defined in this Part as meaning prescribed by regulations made by the Secretary of State, or determined in such a manner as may be provided for in any such regulations.
This section indicates that it can make subordinate legislation, such as an ability to make supplementary provision to Part 1 if required.
Section 6: Provision of cryptography support services
The cryptography support services that may be approved under the arrangements described above are defined to include those relating to: confidentiality, i.e. securing that such electronic communications or data can be accessed, or can be put into an intelligible form (defined in section 15(3)), only by certain persons; securing that the authenticity or integrity (both defined in section 15(2) of electronic communications or data is capable of being ascertained, i.e. relating to an electronic signature.
Subsection (2) makes it clear that the approval scheme for cryptography support services includes only those services that primarily involve a continuing relationship between the supplier of the service and the customer. The scheme does not cover the supply of an item (whether software or hardware) unless such a supply is integral to the provision of the service itself.
Cryptography support services, falling within the scope of this section, would include registration and certification in relation to certificates, time-stamping of certificates or documents, key generation and management, key-storage and providing directories of certificates.
This section provides for the interpretation of various terms used in Part I of the Act.
- http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1964/cukpga_19640075_en_1 (opsi.gov.uk)
- P != NP and Security (emergentchaos.com)
- Vulnerability in commercial quanto cryptography (scienceblog.com)