Electronic Frontier Canada cirulated this letter among top mathematicians and computer scientists. Fourteen of the leading cryptography experts in the country signed letter, or a letter very similar to this. These letters were delivered to Industry Canada on Monday, April 20, 1998 as part of EFC's formal submission.

March 20, 1998
Helen McDonald
Director General, Policy Development
Task Force on Electronic Commerce
Industry Canada
20th Floor, 300 Slater Street
Ottawa, ON   K1A 0C8

Dear Ms. McDonald:

We are writing in reference to your call for public comments to the document "A Cryptography Policy Framework for Electronic Commerce -- Building Canada's Information Economy and Society", available on the world-wide web at: http://strategis.ic.gc.ca/crypto

To make clear out credentials, we are some of Canada's leading scientists, engineers, and mathematicians with knowledge and expertise in cryptography, representing both business and academia.

We wish to express our firm opposition to any policy or legislation that would limit or prohibit the manufacture, import/export, or use of strong encryption (without key recovery) for stored data or real-time communications.

In particular, we are firmly opposed to the following proposals, (as detailed in Part 4: Policy Options of the document mentioned above).

1.
"the government could prohibit the manufacture, import, and use of non-key-recovery [encryption] products in Canada."

2.
"Carriers [of real-time telecommunications] would be prohibited from transmitting messages unless in plaintext or encrypted by key-recovery hardware or software."

3.
"The export of strong cryptography would only be permitted if the products had approved key-recovery provisions."
It is our informed opinion that such policy or legislation would be unconstitutional, harmful to Canadian society, detrimental to the Canadian economy, and, in the end, simply unenforceable.

First, it would unreasonably and unconstitutionally infringe upon the right of Canadians to freedom of expression, as guaranteed by the Charter of Rights and Freedoms.

Second, it would unreasonably deny Canadians the opportunity to use strong encryption products to exercise their right to privacy and to protect the confidentiality of their personal communications.

Third, it would unreasonably hinder and interfere with the use of encryption products whose legitimate use is essential to the transition to a wired economy. Strong encryption is essential to the growth and success of electronic commerce.

Any requirement for key-escrow or key-recovery creates an unnecessary risk of unlawful interception of personal communications, or unlawful access to sensitive financial transaction data by criminals.

Fourth, and finally, it would be unenforceable in practice, since the basic mathematical and algorithmic methods for strong encryption (without key recovery) are published and well known and can easily be implemented in software by any bright high-school student with access to a personal computer. Such strong encryption software is already widely available on the Internet, for anyone to download, for free.

Your sincerely,





The following people signed letters similar to the one above:

Scott Vanstone, PhD,
University of Waterloo (co-author, Handbook of Applied Cryptography, CRC Press, 1997)
Charles Rackoff, PhD,
University of Toronto
Carlisle M. Adams, PhD,
Entrust Technologies
Sharon Boeyen,
Senior Consultant, Advanced Security Technology Group, Entrust Technologies
Helmut Jurgensen, PhD,
University of Western Ontario
Alfred Menezes, PhD,
University of Waterloo (co-author, Handbook of Applied Cryptography, CRC Press, 1997)
Robert J. Zuccherato, PhD,
Entrust Technologies
Paul C. van Oorschot, PhD,
(co-author, Handbook of Applied Cryptography, CRC Press, 1997)
Michael J. Wiener,
Senior Cryptologist, Entrust Technologies
Howard Heys, PhD,
Memorial University of Newfoundland
Hugh C. Williams, PhD,
University of Manitoba
Gordon Agnew, PhD,
University of Waterloo
Ian Goldberg,
Researcher, University of California, Berkeley, Internet Security, Authentication, Applications, and Cryptography Research Group
Rob Lambert,
Certicom Corporation

(A few more signatures were faxed in to EFC at the last moment. These will be added to our online list shortly.)