In a move aimed at encouraging e-commerce, the Canadian government
today introduced a new policy with relatively loose restrictions on the
export of encryption software.
The new encryption policy, introduced today in a speech by John Manley, Canada's minister of industry, may be more notable for what it lacks: a mandatory requirement for controversial key recovery and powerful
restrictions on strong encryption products.
Encryption software is used to put a digital lock on private communication. To read an encrypted document, the recipient has to have a "key."
The controversy over encryption has been a classic case of business and
privacy interests vs. government.
On one hand, businesses and privacy advocates want to be able to
develop and sell products that are airtight as possible. On the other,
governments--primarily the United States--want to be able to prevent
outsiders from being able to digitally lock out law enforcement officials
from their communication and thwarting efforts to prosecute wired criminals.
Though the White House has loosened its stance on the export of encryption software, it still backs policies that make the practice difficult.
Canada's Manley, on the other hand, specifically said the country "will not implement mandatory key recovery requirements or licensing regimes for certification authorities or trusted third parties."
It does, however "encourage industry to establish responsible practices, such as key recovery techniques for stored data and industry-led accreditation of private sector certification authorities," he added.
The government also pledged to make it easier for Canadian firms to export strong encryption products both by streamlining the export permit process and by making sure Canada's regulations are not tighter than those of competitors in other countries.
"The policy underscores that Canada is open for electronic business," Manley said. "We are encouraging the widespread use of strong encryption and growth of export markets for Canadian technologies."
David Banisar, policy director for the Electronic Privacy Information Center and an
outspoken critic of the United States' tight export restrictions, today
applauded most of Canada's new policy.
"It definitely refutes the U.S.'s attempts to get Canada to restrict crypto
in many ways," Banisar said. "It allows Canadian companies to export
software pretty much of any size."
He added that Canada's policy could help influence more liberal European
rules on encryption exportation. "This won't force the U.S.'s hands, but what
it does is it further isolates the U.S.," he said.
However, Banisar did take exception to a proposal contained in the policy
statement today that says the government will introduce legislation that
specifically makes it "an offense to wrongfully disclose private
encryption key information and to use cryptography to commit or hide
evidence of a crime."
Making cryptography itself a special circumstance in the commission of a
crime is tantamount to adding special penalties for using "basic
instruments of communication" such as a telephone or a pen, Banisar said.
Unlike laws that single out the use of guns or other weapons specifically
designed to produce physical damage, "this is not a technology that creates
crimes," he said. "And because its intended use is going to be essentially
ubiquitous this could be an additional penalty that could apply to any kind
of crime."