FYI.

This story is over 5 years old.

Tech

Canada Needs to Revive the Encryption Debate It Had in the 1990s

We still aren't talking about encryption.
Image: Shutterstock

In the wake of a court battle between Apple and the FBI, American lawmakers have been considering a new policy on encryption, on the basis that strong technological protections are making it difficult for law enforcement and intelligence agencies to solve crime.

Such a policy, which would mandate a so-called backdoor in encryption software, would inevitably compromise the security of all communications, privacy advocates have argued. And yet, given the gravity of the situation, in Canada there has been no similar debate. At least, not recently.

Advertisement

Though largely forgotten today, the Canadian federal government actually did have an encryption debate of its own in the late 1990s. It brought law enforcement together with experts to discuss encryption's role in a then-early internet, and the potential impacts on national security and public safety that might arise from encryption's use.

What's most fascinating is how closely the arguments from two decades prior mirror those that are being made today. Though technology has come a long way since then, looking back at Canada's own debate shows that some of the arguments being made today by politicians and law enforcement in the US are still stuck in the past.

"We all came to the conclusion that [legislation] would be the death-knell for […] secure communications online," said Ann Cavoukian, who served as the Information and Privacy Commissioner of Ontario from 1997 to 2014. "We thought it had died, and here it is again."

18 law enforcement agencies, including the RCMP and CSIS, even called for "mandatory access" to encryption keys

US lawmakers and experts previously engaged in a pair of fierce cryptographic fights that came to a head in 1994: the first, over the passing of the Communications Assistance for Law Enforcement Act, or CALEA, an American wiretapping law that dictates when and how telecommunications companies have to assist law enforcement and intelligence agencies engage in electronic surveillance; and the second, over a US-government backed encryption scheme called Clipper, a special computer chip that, when installed in a phone, would give the National Security Agency backdoor access to otherwise encrypted communications.

Advertisement

Ultimately, CALEA passed—with compromises—and the Clipper chip was scrapped. It was in this context, the aftermath of the Crypto Wars to the south, that the Canadian government decided to have its own debate.

In January 1999, a Senate Special Committee on Terrorism and Public Safety released a report on threats to public safety and national security, and listed encryption as an emerging issue. Based on interviews with law enforcement, academics, telecommunications companies and members of the financial community, the committee reiterated many of the same arguments that can still be heard today: that encryption is making law enforcement's job harder; that backdoors built into encryption mechanisms for government use could just as easily be used by criminals; and that undermining encryption would compromise the security of financial systems too.

18 law enforcement agencies, including the RCMP and CSIS, even called for "mandatory access" to encryption keys used to protect stored data and data in transit. In what has become an oft-used turn-of-phrase, police argued that "they do not seek increased investigative capabilities through mandatory key access or otherwise, but instead seek only to restore and maintain their existing investigative capabilities."

In the end, no cryptography policy was proposed, and the committee recommended law enforcement and intelligence agencies seek other methods to overcome the obstacle of encryption. However, the committee did recommend amending the Criminal Code "to provide lawful access to encryption keys by law enforcement and security intelligence organizations and to criminalize encryption when used in the commission of a crime."

These recommendations were never adopted. It's not clear why, but it's likely that the government chose to follow the lead of countries such as the US, which had backed down from similar schemes.

As the RCMP previously told Motherboard, there is no power in the Criminal Code specific to encryption. According to Scott Bardsley, press secretary for Public Safety Minister Ralph Goodale's office, police can either compel a third party to decrypt data with judicial authorization, or they may attempt to decrypt the data themselves.

When asked if the Canadian government was planning on revisiting the encryption debate, Barsdley would only tell Motherboard that "broad public consultations on national security issues" are planned in the "medium term." But Cavoukian would be happy if there was no debate at all.

"I would prefer no discussion, because if there's no discussion, you're not resurrecting the discussion of the 90s," she said. "To me, we put the issue to bed."