The issue of regulating functionality leads naturally to the functional requirements for Trusted Third Parties that the DTI document sets out in in appendix E, and in particular no 6, that a TTP should allow access to both incoming and outgoing traffic. This, taken together with the other functional requirements, has the effect of strongly favouring one specific scheme, namely the GCHQ protocol for secure email (also known as the Royal Holloway protocol or CASM). The only other available systems that provide bidirectional traffic access appear to be an IBM system employing tamper-resistant hardware (and thus too expensive for general use) and shared-key schemes such as Kerberos.
This is unacceptable for three reasons. Firstly, the GCHQ protocol is extremely poorly engineered and should not be used. The detailed reasons for this are contained in the paper ``The GCHQ Protocol and its problems'' which is appended and is hereby included. (Quite apart from the specific problems with the GCHQ protocol, I would suggest that the DTI acquire some source of technical advice on cryptography that is of substantially higher grade than has clearly been made available to date. I will expand on this below.)
Secondly, the demand for bidirectional access to traffic will probably negate much of the benefit that might be gained from the use of public key encryption, and is in any case an attempt to increase significantly the surveillance powers of the state. At present, the state can open the mail arriving at my house, but cannot effectively track the letters that I post to other people; similarly, the use of a product such as PGP enables me to send electronic mail messages to other people that even I can no longer read once the plaintext has been erased. Such an increase in state power would of course have to be justified by a ``pressing social need'' under section 8.2 of the European Convention.
GCHQ has been open about wanting British business to use their email protocol; the claim is that if it is widely enough used, then software vendors would incorporate it into their products as a standard feature rather than charging HMG users extra for it. They are being extremely naïve; now that its faults are widely understood the chances of its gaining acceptance as a standard are zero.
The third reason is that by favouring a single product the proposed legislation would directly contravene the OECD guidelines on both choice of cryptographic methods and market driven development of cryptographic methods. It would also be hybrid and thus vulnerable to legal challenge.