TAKE ACTION

Canada, with other G7 nations, continues to push to weaken our access to strong, reliable encryption, after decades of being supportive of strong encryption. We need encryption to safeguard our data, our online transactions, our communications, and to protect the lives of journalists and human rights activists. Watch the video to learn more and please take action. You can also see the transcript, read bonus text, and consult sources below for more details.

Transcript & sources

Canada must protect encryption!

Hi! My name is Anne and I work with the International Civil Liberties Monitoring Group.

Today, I want to warn you about Canada’s recent attempts to weaken encryption, and make the case for actually strengthening it.

First, what is encryption?

Encryption is a process of encoding information which allows only authorized parties to access the original information. It’s used by governments, corporations and the public at large: in computers, bluetooth devices, hard drives and cloud storage, and to protect personal and health records. When you buy something online or transfer money, you use encryption. When you chat with your friends over the WhatsApp or Signal apps, that’s protected by encryption.

Canada has signed on to joint statements with other governments that aim to pressure companies to weaken encryption. They claim their goal is to find a legal way around encryption to respond to issues such as terrorist propaganda and attack planning. As a coalition that monitors the negative impact of the “War on Terror” on civil liberties, it’s not the first time we’ve seen “terrorism” being used to justify weakening privacy protections, and consequently undermining dissent, freedom of speech and other rights.

The arguments made by governments, law enforcement and intelligence agencies to circumvent encryption are not new, but they remain false and dangerous.

Bonus text: Hundreds of digital and human rights experts and organizations around the world have denounced those arguments & continue to oppose attempts to weaken encryption.

There are three main myths about encryption that governments and agencies keep peddling.

Let’s look at the myths one by one in detail and debunk them!

Myth 1. Encryption technology is making the world “go dark”

Canadian law enforcement like to complain that people – and criminals – are “going dark.” “Going dark” is meant to describe people who use encryption to hide their activities, making them inaccessible to law enforcement.

This is false – law enforcement can access most devices and more information than ever before.

Today, law enforcement agencies subscribe to services that monitor social media, to collect cell phone data, and deploy malware to intrude into computers, smartphones and network equipment.

Bonus text: They can also avail themselves of the massive information databases which are retained by the Communications Security Establishment (Canada’s NSA) and its allies. In past decades, these kinds of surveillance capabilities would have required deploying hundreds or thousands of agents. Today, it only takes a handful of government officials using sophisticated technology.

We know they are collecting more information about us than ever before. Are they having trouble accessing information about criminal activity, though? While Public Safety Canada says yes, reports from the Attorney General of Canada, the House Public Safety Committee and the RCMP itself all show that despite some challenges, investigations aren’t being hindered. They also make clear that, regardless of these minor challenges, it’s important that Canadians have access to strong encryption.

Bonus text: The Attorney General of Canada, and their provincial counterparts, are obliged to table annual electronic interception reports. Not a single report from 2005 to 2016 has shown that encryption has prevented interceptions from taking place.

In 2016, privacy expert, Christopher Parsons of the Citizen Lab, analyzed CBC and Toronto Star articles showcasing partial information provided to reporters by the RCMP. The Mounties were attempting to show that encryption was hindering their investigations. Parsons’ analysis revealed that the RCMP was not, in fact, substantially prevented in conducting their investigations. Instead, it showed the breadth of resourcing available to the RCMP in the face of investigative challenges.

In the US, as far back as 2016 the FBI admitted to being able to unlock most devices it needs to get into. There are even box kits you can buy on ebay that helps break into password locked iphones.

Furthermore, in 2020, a D.C.-based civil society organization found that many US law enforcement agencies use mobile device forensic tools (MDFTs) that can collect texts, emails, and photos stored on phones; data regarding when texts and emails were sent and where photos were taken; and where the phone users have been, and when. The report also revealed a pattern of uncontrolled and indiscriminate searches conducted by law enforcement using MDFTs.

Despite all this, law enforcement agencies like the RCMP and the FBI continue to complain about an imaginary lack of access to our private information.

Myth 2. It’s just one little backdoor, it doesn’t weaken encryption

False. A backdoor would allow government officials to observe otherwise encrypted information and communication. We’ve seen this before as “lawful access”, “exceptional access” and, in a more recent attempt at a euphemism, “regulated encryption”. It will render encryption obsolete.

There is no technical way to create an encryption system that is secure against everyone except authorized state agencies. Once a backdoor is created, there is no way to make sure that only the “good guys” walk through it.

Even if only state agencies could use those backdoors, this should still concern us. The nature of international intelligence-sharing means that laws to bypass encryption in one country may lead to other governments having access to the data that is collected. Weakened encryption anywhere puts us all in danger.

Bonus text: There is an unwavering consensus within the technical community that creating exceptional access for law enforcement is not possible without creating collateral risk to the security, civil liberties, or economic interests of users. As the computer security expert Bruce Schneier has explained, it is fundamentally impossible for technologists to build a system “that only works for people of a certain citizenship, or with a particular morality, or only in the presence of a specified legal document.”

In 2020, US officials accused the Chinese tech company Huawei of spying on behalf of China by using encryption backdoors that were only meant to be used by law enforcement agencies. The company has denied the allegations. In any case, it is really puzzling that US officials would accuse Huawei of such activities while at the same time push for tech companies to install similar backdoors.

As experts have said, any encryption backdoor or equivalent processes effectively end personal privacy.

3. If you’ve done nothing wrong, you’ve got nothing to hide

False. First, just because you haven’t committed a crime, it doesn’t mean you don’t have private information that should remain confidential, like health records or intimate conversations. It definitely doesn’t mean you should give up your right to privacy! Private information can be misused, leaked or hacked.

Bonus text: Bits of unrelated information could form a web of suspicion in the eyes of someone looking for a criminal. And we don’t only carry around information about ourselves on our phones, but about our family, friends, colleagues and community. We need to protect them as well.

Second, encryption breaking tools are never only accessible or used by the “good guys”. And even if they were, the Pegasus scandal is a reminder that not all governments are “good” and that “good governments” can act badly. Pegasus is a hacking software developed by tech company NSO Group, which says they only sell to governments “with good human rights records”. Although the Israeli company insists Pegasus is only intended for use against criminals and terrorists, a massive investigation has revealed that human rights activists, journalists and lawyers across the world have been targeted.

Bonus text: This includes members of journalist Jamal Kashoggi’s inner circle. Kashoggi was murdered by Saudi government agents because of his critical reporting. Reports show that journalists in Hungary, France, Lebanon and Mexico have also been targeted, along with human rights activists in Saudi Arabia.

Clearly, we need more protection from government surveillance; not less.

In Canada, government agents have abused their powers to conduct surveillance on those who are not suspected of actual wrongdoing, including women’s rights organizations, Indigenous land defenders, children’s rights and anti-poverty advocates, the labour sector, leftists, anarchists, anti-capitalists, university professors, communists, anti-war groups, student movement and campus groups, Muslims, anti-racist groups, environmental activists, journalists, charities critical of the government, protesters of all types, and Canadians in general. Imagine how much worse it could be without strong encryption.

Bonus text: If countries like Canada impose exceptional access, countries with even more problematic human rights records or histories of abuse are likely to follow suit, and it may be difficult in principle to deny such attempts. Even if a state succeeds in preserving exceptional access to itself, or to filter foreign requests to global service providers through its domestic laws, foreign state agencies denied direct access could try to exploit the vulnerabilities created by whichever backdoor mechanism was ultimately adopted. Source p 65+

Finally, national security needs encryption.

Bonus text: Strong encryption is used to shield sensitive government data, it preserves the confidentiality of law enforcements’ and intelligence agencies’ investigations, protects essential critical infrastructures, and is essential for military communications and operations.

Canada’s Parliamentary Committee on Public Safety and National Security endorsed a definition of strong encryption as including: “encryption algorithms for which no weaknesses or vulnerabilities are known or have been injected, as well as computer applications that do not deliberately contain weaknesses designed to undermine the effectiveness of the aforementioned algorithms.”

Oh! And did you know that Canada used to want to protect encryption?

Bonus text: The Government of Canada has historically opposed the calls of its western allies to undermine encryption protocols. In 2017, former Public Safety Minister Ralph Goodale stated that: “Encryption […] safeguards our cybersecurity and our fundamental rights and freedoms. Canada has no intention of undermining the security of the internet by impeding the use of encryption.” Source p 330 (or 000436)

In 2019, former Public Safety Minister Ralph Goodale and his Five Eyes colleagues in Australia, New Zealand, the UK, and the US agreed, stating that they: “…are committed to strong encryption, which enables commerce, improves cyber security, and protects the privacy of our citizens’ data. We are committed to protecting our citizens from harm.” Source

Shortly after that though, Minister Goodale started calling for companies to inject communications insecurities into their applications. He even cast the security experts and privacy advocates who defend strong encryption as supportive of pedophiles. Source

Bonus text: We’ve heard this before. Vic Toews, the former Public Safety minister in the Harper government, also accused those who opposed such invasions of privacy of siding with child pornographers. Canadians didn’t fall for that trap then, and went on to also oppose the weakening of encryption proposed in the government’s national security consultation in 2017.

In September 2021, Canada and the rest of the G7 met in London, where the group reasserted its commitment to undermine encryption.

In October 2021, US whistleblower Edward Snowden joined the Global Encryption Coalition to launch a campaign to protect encryption. He warned that, “If you weaken encryption, people will die.”

Bonus text: The UN Human Rights Commissioner, Zeid Ra’ad Al Hussein echoed his statement by saying: “Encryption tools are widely used around the world, including by human rights defenders, civil society, journalists, whistle-blowers and political dissidents facing persecution and harassment … It is neither fanciful nor an exaggeration to say that, without encryption tools, lives may be endangered.”

Interfering with the availability of strong encryption will impact our right to security, our right to silence, as well the right to be secure against unreasonable search and seizure. It will also impact our freedom of expression, thought, peaceful assembly and association, as well as equality rights.

The Canadian government must reverse its irresponsible position on encryption if it wants to credibly promote itself as being a champion and defender of human rights.

As of the end of 2021, the federal government continues to attack encryption in Canada. Take action today by sending a message to the Prime Minister and new Minister of Public Safety to restore Canada’s previous principled position on encryption, and publicly support strong encryption to protect the safety and privacy of all Canadians.

Take action today by sending a message to the Prime Minister and the Minister of Public Safety at iclmg.ca.

For sources and more examples to support our message, see the transcript and links below the video.

ICLMG is a Canadian coalition of 45 national civil society groups that came together after the adoption of the Anti-Terrorism Act of 2001 to protect civil liberties from the negative impact of the so-called war on terror. To see more videos like this one and support our work of protecting civil liberties in general, please visit iclmg.ca/donate or patreon.com/iclmg and get rewards.

Thank you!