The Toronto Star
Friday, May 1, 1998
page E5

Encryption strategy flawed, groups says

by K.K. Campbell, kkc@competitor.net

The Net has accelerated the human ability to communicate. It has also accelerated the ability to snoop.

The global ramp-up of E-mail is ushering in a new "golden era of letter writing" that will surpass the last great era, the late 1800s, and the rise of the post office, another new communications accelerator.

Modern Internet systems were generally designed in "incubator" environments, research-protected and closed-off areas.

Now, as millions more people come online, there are millions of conflicts waiting to erupt. And conflicts create the desire to spy.

Intercepting E-mail and other digital transactions could be the ultimate weapon. Intercepting regular mail and phone conversations is arduous and labour-intensive. But using powerful computers to scoop up unprotected E-mail is a quantum leap in surveillance.

To protect people, programmers and mathematicians have created "encryption" software that can help prevent snooping. The boom in computing power means average folks can today enjoy cryptographic security once only the domain of the CIA and the KGB.

Well, those with a stake in the spying game - spies and cops - don't like that. They want Canadians to be restricted to crypto that can be easily "unlocked" by authorities (through a complex "key" system).

In February, Industry Canada's Task Force on Electronic Commerce released a report, A Cryptography Policy Framework for Electronic Commerce. The document lists cryptographic policy alternatives for federal regulators, some of which have Canada's digerati alarmed.

In deference to law enforcement and national security concerns, the task force says it would consider banning strong crypto products that don't permit the government to listen in. In response, the industry group Electronic Frontier Canada delivered 14 letters opposing government regulation of cryptography from leading Canadian cryptographers. EFC is a federally-incorporated non-profit organization with members in every province and territory. The letters were delivered at a roundtable hosted by Industry Canada.

"These are people who are not politically active. It's extraordinary for them to write these letters", says organization president Dr. David Jones. Canada's leading cryptographers are telling the government that these cop-and-spy alternatives they listed are just technically not feasible."

BAN NOT ENFORCEABLE

The technical issue is critical. Strip away the moral arguments and Chicken Little predictions about the fall of Canadian civilization if strong crypto isn't banned, the fact remains that it couldn't be enforced - without causing outrageous damage to civil liberties.

"The only way this legislation could be remotely workable would be if the government is prepared to prosecute and convict people merely for sending messages that the government cannot read", writes Charles Rackoff, computer science professor at the University of Toronto.

Helmut Jürgenson, computer science professor at the University of Western Ontario, concurs.

"In certain applications, it can be shown that it is mathematically impossible to distinguish clear texts from strong cryptograms. The proposed procedures would therefore not be legally enforceable."

Because encrypted messages can look like random digital noise, Rackoff says Ottawa would have to also make it "against the law to send random bits or noise across a line."

EFC also argues that weakened Canadian crypto will severely damage Canada's nascent electronic-commerce infrastructure.

Jones says financial institutions and high-tech companies, often with federal funding, have sunk "hundreds of millions of dollars in smart cards, such as the Mondex electronic payment system. These cards conduct offline financial transactions and the system is only feasible because of the extremely low cost per transaction. To prevent rampant fraud, strong encryption is essential."

Furthermore, aren't these Industry Canada folks the same ones who keep talking about Canada's high-tech, brain-drain crisis?

While Ottawa can put restrictions on cryptographic product trade (which will be a powerful 21st-century industry, whether Canada is there or not), it can't put restrictions on Canadian cryptographers leaving the country for more progressive economies.

Jones says no one has yet demonstrated encryption has impeded a criminal investigation. However, there are scores of documented cases of improper surveillance and abuse of personal privacy by Canadian law-enforcement agencies.

"Canadians have the right to speak in languages the police don't understand - whether it's Cree or crypto", Jones says.

To read the letters and EFC submissions to Industry Canada, check out (http://www.efc.ca/pages/crypto/)

For the Industry Canada discussion paper, see (http://strategis.ic.gc.ca/crypto)


Copyright © 1998 by The Toronto Star. All Rights Reserved. Reprinted with permission.