In a move aimed at encouraging e-commerce, the Canadian government today introduced a new policy with relatively loose restrictions on the export of encryption software.
The new encryption policy, introduced today in a speech by John Manley, Canada's minister of industry, may be more notable for what it lacks: a mandatory requirement for controversial key recovery and powerful restrictions on strong encryption products.
Encryption software is used to put a digital lock on private communication. To read an encrypted document, the recipient has to have a "key."
The controversy over encryption has been a classic case of business and privacy interests vs. government.
On one hand, businesses and privacy advocates want to be able to develop and sell products that are airtight as possible. On the other, governments--primarily the United States--want to be able to prevent outsiders from being able to digitally lock out law enforcement officials from their communication and thwarting efforts to prosecute wired criminals.
Canada's Manley, on the other hand, specifically said the country "will not implement mandatory key recovery requirements or licensing regimes for certification authorities or trusted third parties."
It does, however "encourage industry to establish responsible practices, such as key recovery techniques for stored data and industry-led accreditation of private sector certification authorities," he added.
The government also pledged to make it easier for Canadian firms to export strong encryption products both by streamlining the export permit process and by making sure Canada's regulations are not tighter than those of competitors in other countries.
"The policy underscores that Canada is open for electronic business," Manley said. "We are encouraging the widespread use of strong encryption and growth of export markets for Canadian technologies."
David Banisar, policy director for the Electronic Privacy Information Center and an outspoken critic of the United States' tight export restrictions, today applauded most of Canada's new policy.
"It definitely refutes the U.S.'s attempts to get Canada to restrict crypto in many ways," Banisar said. "It allows Canadian companies to export software pretty much of any size."
He added that Canada's policy could help influence more liberal European rules on encryption exportation. "This won't force the U.S.'s hands, but what it does is it further isolates the U.S.," he said.
However, Banisar did take exception to a proposal contained in the policy statement today that says the government will introduce legislation that specifically makes it "an offense to wrongfully disclose private encryption key information and to use cryptography to commit or hide evidence of a crime."
Making cryptography itself a special circumstance in the commission of a crime is tantamount to adding special penalties for using "basic instruments of communication" such as a telephone or a pen, Banisar said.
Unlike laws that single out the use of guns or other weapons specifically designed to produce physical damage, "this is not a technology that creates crimes," he said. "And because its intended use is going to be essentially ubiquitous this could be an additional penalty that could apply to any kind of crime."