It hardly feels necessary to say the internet has become a safe haven for myriad purposes – both positive and nefarious – an amazing feat, since it’s largely been built with the same tools and standards. Democracy activists in Hong Kong and Iran use specialized tools to circumvent state censorship, employing encryption to remain anonymous from an oppressive security regime. Journalists worldwide, including at The Globe and Mail, use powerful encryption to keep whistle-blowers’ identities secret. Businesses and governments keep files encrypted to defend against hacking efforts from bad actors such as Russia and China, which seek to steal intellectual property and compromise elections.
And so for years investigative and intelligence agencies have sought to access the highly valuable messages people send back and forth to each other online. Strong encryption standards have made that virtually impossible. Messages sent from one iPhone to another or e-mails sent from one Gmail user to another are often unintelligible if intercepted by the cops. So as security agencies dream of getting the keys to the castle, the snoopers’ solutions have been to weaken those strong standards – creating back doors, in effect, to the devices and services we rely on.
Many companies have resisted that pressure. But governments in Washington, London, Canberra and elsewhere have sought to legislate the power to force individuals and companies to decrypt data on their networks and devices.
Canadian law, meanwhile, does not allow for forced decryption and does not mandate back doors. But amid calls to change that, the Trudeau government has scurried to and fro over the past four years on the question of whether Canadians have the right to strong digital privacy tools. As it begins to make the case for its second term, it seems intent on having things both ways.
Not long after the Liberals came to power in 2015, a memo prepared by the RCMP recommended that police and intelligence agencies should build a “new public narrative” to establish support for those kinds of back doors. They warned that without these powers, cybercriminals would be allowed to “go dark” online.
Public Safety Minister Ralph Goodale then launched consultations, asking the public, stakeholders and academics: “What circumstances, if any, should investigators have the ability to compel individuals or companies to assist with decryption?” It felt like a leading question that served to build a case for government-issued back doors.
The idea wasn’t popular. Legal scholars said forcing people to unlock their own devices at the behest of police amounted to an unconstitutional infringement on one’s right to be free from self-incrimination. Privacy advocates said the proposals would risk weakening the very foundation of the internet. Cybersecurity specialists warned it could open up businesses and individuals to cyberattack. The public responses, sent through an online questionnaire, were equally negative.
Perhaps because of that backlash, plans appear to have been shelved. When the Five Eyes intelligence partners – Canada, the United States, the United Kingdom, Australia and New Zealand – met in Ottawa in 2017, Mr. Goodale actually lauded strong encryption to his counterparts. When the countries met a year later in Australia, however, a joint communiqué was more pointed, invoking the threat of terrorism as an impetus to negotiate with businesses to figure out technical solutions to encryption.
It was this year’s meeting that set off alarm bells. The joint statement from the five partners warned of the proliferation of online child sexual exploitation: “Encryption must not be allowed to conceal or facilitate the exploitation of children.” Negotiations with corporations would be imminent and would solve the problem, the countries said.
Mr. Goodale’s office has spent the ensuing weeks assuring privacy advocates that the change in position is not, in fact, a change in position, sending out oblique statements insisting that work with phone manufacturers and internet companies would seek “voluntary” solutions to remove child exploitation from their networks or platforms.
But after being pressed, Mr. Goodale’s office finally offered The Globe a clarification of the government’s position: “The government is not working on new regulations or legislation,” a spokesperson said in an e-mail, nor is it “seeking the voluntary weakening of encryption across platforms by service providers nor are we asking them to modify the manner in which data is coded or transmitted.”
While Mr. Goodale’s office refused a request for an interview to elaborate on what, exactly, was behind the curious language in the communiqué, it did say that when the Five Eyes partners meet with industry leaders this month, “issues around encryption, including end-to-end encryption, will be discussed in this context, along with other important considerations such as privacy.”
While this statement is encouraging, it represents yet another shift in government policy. But it is still rather confusing that Ottawa intends to join its U.S., British and Australian partners – all three of whom have expressed their hostility to strong encryption – to negotiate with those private companies.
If Ottawa is truly committed to the idea of strong encryption and a secure internet, it needs to say so and tell its allies. Meanwhile, it should be incumbent upon the other political parties vying for power in this election to make their positions on the matter known as well.
Keep your Opinions sharp and informed. Get the Opinion newsletter. Sign up today.