Global Internet Liberty Campaign
Statement on Canadian Crypto Policy
April 20, 1998
Director General, Policy Development
Task Force on Electronic Commerce
20th Floor, 300 Slater Street
Ottawa, Ontario K1A 0C8
Dear Ms. McDonald:
We are writing in reference to your call for public comments to the document
"A Cryptography Policy Framework for Electronic Commerce --
Building Canada's Information Economy and Society",
available on the world-wide web at:
We, the undersigned,
are members of the Global Internet Liberty Campaign (GILC)
a coalition of international organizations that is committed to
defending civil liberties and human rights on the Internet.
One of the principles we have identified as being important
for fundamental human rights, such as freedom of expression,
freedom of association, and the right to privacy,
is that people around the world
who are using computer networks must be able to encrypt
their communications and information without government interference
We wish to express our firm opposition to any policy or legislation
that would limit or prohibit the manufacture, import/export, or use
of strong encryption (without key recovery) for stored data or
In particular, we are firmly opposed to the following proposals,
(as detailed in Part 4: Policy Options of the document mentioned above).
It is our informed opinion that such policy or legislation would be
contrary to international human rights treaties,
harmful to Canadian society,
detrimental to the Canadian economy,
and, in the end, simply unenforceable.
- "the government could prohibit the manufacture, import, and use
of non-key-recovery [encryption] products in Canada."
- "Carriers [of real-time telecommunications] would be prohibited from
transmitting messages unless in plaintext or encrypted by key-recovery
hardware or software."
- "The export of strong cryptography would only be permitted
if the products had approved key-recovery provisions."
Freedom of expression, freedom of association, and the right to privacy
are explicitly protected by Canadian and international law,
the Charter of Rights and Freedoms
the Universal Declaration of Human Rights
and the International Covenant on Civil and Political Rights
First, the policy mentioned above
would unreasonably infringe upon and interfere with
the right of Canadians to exercise their
freedom of expression and freedom of association.
As we move towards a global economy,
and especially in a country as large as Canada,
individuals, associations, unions, and corporations
need to be able to communicate and share information
with each other over long distances
while still protecting their privacy.
Second, it would unreasonably deny Canadians the opportunity to use
strong encryption products to exercise their right to privacy and
to protect the confidentiality of their personal communications
and the security of their financial transactions.
Third, it would unreasonably hinder and interfere with the use of
encryption products whose legitimate use is essential to the transition
to a wired economy. Strong encryption is essential to the growth and
success of electronic commerce.
Any requirement for key-escrow or key-recovery creates an inherent and
unnecessary risk of unlawful interception of personal communications,
or unlawful access to sensitive financial transaction data by criminals.
Consumer confidence is crucial to the success of electronic commerce
and reliance on weak or vulnerable methods would pose an enormous
obstacle to growth.
These risks have been well documented by leading experts in cryptography
and computer network communication
Fourth, it would be unenforceable in practice,
since the basic mathematical and algorithmic methods for strong encryption
(without key recovery) are published and well known and can easily
be implemented in software by any bright high-school student with
access to a personal computer. Such strong encryption software is
already widely available on the Internet, for anyone to download, for free.
Finally, we note that very few countries favour the development of
key-escrow or key-recovery techniques and infrastructures.
Instead, the recent international trend is to liberalize cryptography policies.
In a survey we conducted earlier this year
we found that virtually all countries allow the use, manufacture,
sale, and distribution of encryption products without restriction.
The Organization for Economic Cooperation and Development (OECD)
and the Ministers of the European Union
have also made clear their support for the development
and widespread use of strong cryptographic techniques.
- l'Association pour la Promotion d'Internet en Polynésie Française (l'APIPF)
- Associazione per la Libertà nella Comunicazione Elettronica Interattiva (ALCEI) (Electronic Frontiers Italy)
- Campaign Against Censorship of the Internet in Britain (CACIB)
- Center for Democracy and Technology (CDT)
- Citoyens et Internautes Tous Associés pour la Défense des Liberté (CITADEL) (Electronic Frontier France)
- Computer Professionals for Social Responsibility
- Cyber-Rights & Cyber-Liberties, UK
- Derechos Human Rights (DHR)
- Digital Citizens Foundation Netherlands (DB-NL)
- Electronic Frontiers Australia (EFA)
- Electronic Frontier Canada (EFC)
- Electronic Frontier Foundation (EFF)
- Electronic Privacy Information Center (EPIC)
- engagierte Computer ExpertInnen (eCE), Austria
- Equipo Nizkor, Spain
- Förderverein Informationstechnik und Gesellschaft (FITUG), Germany
- Fronteras Electrónicas España (FrEE), Spain
- Human Rights Watch (HRW)
- Index on Censorship
- Internet Society (ISOC)
- Privacy International
- Quintessenz, Austria
- Global Internet Liberty Campaign (GILC),
( http://www.gilc.org/ ).
The Global Internet Liberty Campaign was formed at the annual meeting
of the Internet Society (ISOC) in Montreal in June 1996.
- GILC Resolution in Support of the Freedom to use Cryptography, September 1996,
( http://www.gilc.org/crypto/oecd-resolution.html )
- The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, May 1997,
( http://www.crypto.com/key_study/report.shtml )
This is a very influential paper by some of the top cryptographers
in the world:
Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh,
Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann,
Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier.
- IETF Statement on Cryptographic Technology and the Internet (RFC-1984), August 1996,
( http://info.internet.isi.edu/in-notes/rfc/files/rfc1984.txt )
This statement was prepared by the Internet Engineering Task Force (IETF)
and in particular the Internet Architecture Board (IAB) and the Internet
Engineering Steering Group (IESG) which oversee and develop the architecture
and standards for the Internet.
- GILC Crypto Survey, Cryptography and Liberty:
An International Survey of Encryption Policy, February 1998,
( http://www.gilc.org/crypto/crypto-survey.html )
A survey of crypto policies in almost 80 countries
has found that most countries do not restrict the use of encryption.
- The OECD Cryptography Policy Guidelines, March 1997,
( http://www.oecd.org/dsti/sti/it/secur/prod/e-crypto.htm )
- European Union's Ministerial Declaration on Global Information Networks, July 1997,
( http://www2.echo.lu/bonn/final.html )