Update: The E-Commerce Bill has finally been published.

It's not as bad as was feared, but it's still plenty bad. Clue: the really dodgy stuff is in Part III. This Part was written by the Home Office, so we wrote to Jack Straw with details of how he would be arrested.
 

Part I: Cryptography Service Providers

Part I creates a regieme by which people who provide cryptography services can voluntarily apply to be registered as a government approved provider. Presumably the government expects only to use approved providers, as anyone who actually cares about computer security wouldn't touch government-approved crypto with a 10 foot pole.

STAND says: this Part is waste paper at best, and at worst a holding  strategy to make licencing compulsory at a later date. We're getting along nicely without it. Parliament should delete the whole section.

This part was specially created for all those of you who know that you can't store data unless the government creates a new legal system to let you. "I'm from the government and I'm here to help". As far as we can see, there's a fair bit of e-commerce going on at the moment too.

Most lawyers reckon that we don't need an Act of Parliament to make contracts made online with electronic signatures legally binding. Of course, if they did turn out to be wrong it would stuff the UK E-Commerce industry, so maybe it's not too bad. What a shame it seems to involve giving the Minister sweeping and barely restricted powers to change Acts of Parliament on her own order (Statutory  Instrument).

STAND says: there should be clearer restrictions on Ministers'  powers, and these powers should then be passed into law but held in abeyance until Parliament, by a simple single resolution, decides that they are indeed needed, whereupon they would be activated. Once this Part is amended like that, Parliament should support it.

The spooks' charter. Here any policeman could show up with some encrypted data and an order to provide the decryption key. If you refuse you go to jail for 2 years. Usually they won't need a judicial warrant; sometimes they won't need  any sort of warrant at all, just their say-so.

The problem is that if you don't actually have they key it is up to you to prove that. If you deleted it, or if you never actually had it, you're in trouble. If the authorities reckon you've got it stashed on a floppy buried in the flowerbeds at Hyde Park Corner, go directly to jail, do not pass Go, do not collect £200.

How can you prove you don't have something? Try slapping your forehead in a manner likely to convince the judge.

The other new power here is that the authorities can order you to keep the disclosure of your key a secret. If you tell anyone at all you'll be going down for up to 5 years for "tipping off". Not only is this disasterous for information security, but it even stops you complaining about unfair treatment. Toddle off to court to demand judicial review of the order to disclose and all you'll get from the Judge is an extended stay in Her Majesty's finest accomodation because telling the judge is illegal!. There is a tame Tribunal to hear complaints and cover them up; you aren't even entitled to legal representation at it.

STAND says, poetically: How does Part III breach the Human Rights Act, let me count the ways...
Unfair offences, reversal of burden of proof, defences that are logically impossible to prove, a wholly inadequate complaints procedure with no appeals,  unneccesarily broad powers, potential to force you to incriminate yourself,  the list goes on.

The police need something to help them to decrypt data in certain  circumstances (and not in others). Part III is not it. Parliament should delete this Part and try to come up with something better when it replays the Interception of Communications Act next year. If it doesn't throw this Part out, the European Court of Human Rights will.

Part IV: Miscellaneous and Supplemental

This is mainly about changing telecommunications licences.

STAND says: we don't know anything about telco licences; if you're  interested you'll have to ask BT or one of those plucky little cable companies.