Tuesday, April 03, 2012

House committee looking to require telcos and device manufacturers to decrypt communications

Bill C-30, with warrantless access to subscriber data and real-time internet monitoring, is the tip of the iceberg if the recommendations of the House Committee on Justice and Human Rights are followed. In a report just issued, The State of Organized Crime [PDF], the committee recommends changes to the law to require telcos to provide access to unencrypted communications:

RECOMMENDATION

The Committee recommends that the Government of Canada pursue legislation requiring telecommunications service providers and telecommunications device manufacturers to build the ability to intercept telecommunications into their equipment and networks.

RECOMMENDATION

The Committee recommends that the Government of Canada introduce legislation requiring telecommunications service providers and telecommunications device manufacturers to decrypt legally intercepted communications or to provide assistance to law enforcement agencies in this regard.

From the Motreal Gazette:

Proposal would force telecoms to decrypt messages

Telecommunications companies would be forced to decrypt messages for law-enforcement agencies if the federal government legislates recommendations outlined in a report by a House standing committee.

"Law-enforcement agencies are way behind, or have been way behind, in the ability to deal with the new modes of communications," said Conservative MP Dave MacKenzie, chair of the House standing committee on justice and human rights.

The report, the State of Organized Crime, states that although telecommunications can be intercepted, the service providers don't always release standardized information to law-enforcement agencies.

The committee argues that federal legislation could address this lack of standards by furthering ideas found in Bill C-30, the online surveillance bill.

"When you're dealing with organized crime, they're very well-funded and wellorganized .... They move communications abilities around in different ways: passing cellphones around is just the very beginning," said MacKenzie.

NDP MP Jack Harris added: "There has to be some sort of modernization of the law with respect to surveillance. We've got laws with respect to telephone surveillance and some of those laws should apply to use of other electronic devices, whether they be cellphones, emails and things like that."

The committee wants federal legislation requiring both telecommunications service providers and their manufacturers "to decrypt legally intercepted communications or to provide assistance to law enforcement agencies in this regard."

Under the committee's plan, all telecommunications companies would have to have access to decryption techniques or tools - something that wasn't provided for in Bill C-30.

Bill C-30 would require service providers to have the ability to intercept communications on their networks and to provide this information in the form specified by law enforcement.

Typically, law enforcement would want encrypted data decrypted to facilitate use of the information gathered.

Encryption is often used by organizations - both lawful and criminal - to protect the transmission of sensitive and private information.

As it stands, some service providers do not have the tools or techniques to decrypt these communications, exempting them from the requirement to provide decrypted information to police.

Although Harris said he believes that surveillance methods need to be updated, he has doubts about making decryption abilities mandatory.

"It certainly may be impractical and perhaps technologically infeasible," he said.

Telecommunication companies seemed to share that worry.

"Our primary concern in this area has always been the capacity of industry to implement any new requirements and who bears the cost," said Bell Canada spokesperson Jacqueline Michelis.

Should the recommendation become legislated, telecommunications manufacturers also would be affected.


Updated (April 4, 2012) - Apparently the article has been removed from the Gazette, Vancouver Sun and other PostMedia sites ...


Michael Geist adds:

The report includes a dissenting opinion from the NDP on the lawful access recommendations. There does not appear to be a similar dissent from the Liberals, who were represented on the committee by Irwin Cotler. Postmedia covered the release of the report but the article is no longer available on its media sites. The article included specific comments from Bell that suggest its primary concern associated with these demands boils down to questions of who will bear the costs. A company spokesperson stated "our primary concern in this area has always been the capacity of industry to implement any new requirements and who bears the cost." That is a troubling position for many Canadians who rightly expect their telecom companies to also be concerned with the privacy of their customers. After the outcry in February over Bill C-30, many also expected the government to be open to change on lawful access, yet this report suggests that the changes may not be what many were anticipating.

5 comments:

Anonymous said...

This is ludicrous! Please someone explain to the politicians how encryption works. Do they really think that given the "right tools" telcos can decrypt everything? Good luck with that.

Anonymous said...

I've heard this brought up a number of times in a number of forums. What I don't understand is how they can make it mandatory? Strong encryption techniques are essentially unbreakable and have no weakness other than a brute force attack. Unless you have the keys, of course, some encryptions could take decades to crack using this method. I found a quote on-line talking about 4096-bit RSA encryption, "It would take the combined processing power of every computer in the world thousands of years to crack 4096-bit encryption."

The best they can hope for is mandated back-doors, which essentially breaks the encryption and can't be enforced for foreign-own encryption companies. So, I think what they're really looking for, in the long term, is to make encryption illegal for consumer use. One step closer to communism, welcome to Can-China. And organized crime...BAH!!! Child pornographers...YA RIGHT!!! They're looking to catch copyright infringers...plain and simple!! Everyone knows C-11 is toothless unless they can spy on what we're doing.

Will said...

To me this smells like an all out assault on privacy.

Anonymous said...

This is ridiculous. Does anyone know what a company such as RIM already provides for a lawful access request? Do they in fact decrypt anything for law enforcement or no? Again, we need to be careful what the government is allowed access to.

Anonymous said...

Let's take this one step further and look at the fact that encryption is a form of digital lock.

Under proposed bill C-11, this would be illegal. If evidence is obtained illegally, wouldn't it be thrown out of court?