Electronic Frontier Canada cirulated this letter among top mathematicians and computer scientists. Fourteen of the leading cryptography experts in the country signed letter, or a letter very similar to this. These letters were delivered to Industry Canada on Monday, April 20, 1998 as part of EFC's formal submission.

Dear Ms. McDonald:

We are writing in reference to your call for public comments to the document "A Cryptography Policy Framework for Electronic Commerce -- Building Canada's Information Economy and Society", available on the world-wide web at: http://strategis.ic.gc.ca/crypto

To make clear out credentials, we are some of Canada's leading scientists, engineers, and mathematicians with knowledge and expertise in cryptography, representing both business and academia.

We wish to express our firm opposition to any policy or legislation that would limit or prohibit the manufacture, import/export, or use of strong encryption (without key recovery) for stored data or real-time communications.

In particular, we are firmly opposed to the following proposals, (as detailed in Part 4: Policy Options of the document mentioned above).

1.

"the government could prohibit the manufacture, import, and use of non-key-recovery [encryption] products in Canada."

2.

"Carriers [of real-time telecommunications] would be prohibited from transmitting messages unless in plaintext or encrypted by key-recovery hardware or software."

3.

"The export of strong cryptography would only be permitted if the products had approved key-recovery provisions."

First, it would unreasonably and unconstitutionally infringe upon the right of Canadians to freedom of expression, as guaranteed by the Charter of Rights and Freedoms.

Second, it would unreasonably deny Canadians the opportunity to use strong encryption products to exercise their right to privacy and to protect the confidentiality of their personal communications.

Third, it would unreasonably hinder and interfere with the use of encryption products whose legitimate use is essential to the transition to a wired economy. Strong encryption is essential to the growth and success of electronic commerce.

Any requirement for key-escrow or key-recovery creates an unnecessary risk of unlawful interception of personal communications, or unlawful access to sensitive financial transaction data by criminals.

Fourth, and finally, it would be unenforceable in practice, since the basic mathematical and algorithmic methods for strong encryption (without key recovery) are published and well known and can easily be implemented in software by any bright high-school student with access to a personal computer. Such strong encryption software is already widely available on the Internet, for anyone to download, for free.

Your sincerely,

Scott Vanstone, PhD,

University of Waterloo (co-author, Handbook of Applied Cryptography, CRC Press, 1997)

Charles Rackoff, PhD,

University of Toronto

Carlisle M. Adams, PhD,

Entrust Technologies

Sharon Boeyen,

Senior Consultant, Advanced Security Technology Group, Entrust Technologies

Helmut Jurgensen, PhD,

University of Western Ontario

Alfred Menezes, PhD,

University of Waterloo (co-author, Handbook of Applied Cryptography, CRC Press, 1997)

Robert J. Zuccherato, PhD,

Entrust Technologies

Paul C. van Oorschot, PhD,

(co-author, Handbook of Applied Cryptography, CRC Press, 1997)

Michael J. Wiener,

Senior Cryptologist, Entrust Technologies

Howard Heys, PhD,

Memorial University of Newfoundland

Hugh C. Williams, PhD,

University of Manitoba

Gordon Agnew, PhD,

University of Waterloo

Ian Goldberg,

Researcher, University of California, Berkeley, Internet Security, Authentication, Applications, and Cryptography Research Group

Rob Lambert,

Certicom Corporation

(A few more signatures were faxed in to EFC at the last moment. These will be added to our online list shortly.)