[2567] in cryptography@c2.net mail archive
Encryption issue hoists Ottawa onto a tightrope
daemon@ATHENA.MIT.EDU (nobody@nsm.htp.org)
Thu Apr 23 12:00:49 1998
Date: 22 Apr 1998 19:10:32 -0000
To: cryptography@c2.net, cypherpunks@algebra.com
From: nobody@nsm.htp.org
The Globe & Mail
Wednesday, April 22, 1998
Encryption issue hoists Ottawa onto a tightrope
by Geoffrey Rowan, growan@globeandmail.ca
Canadians are good with a secret, but Ottawa may blow it.
Yesterday was the last chance for people to comment on Industry Canada's report, A Cryptography Policy
Framework for Electronic Commerce. It offers possible scenarios for government regulation of cryptographic
hardware and software, which make codes to keep digital files secret.
The government needs to balance the interests of police -- who want to be able to read or listen to any
communication any Canadian might have -- with those of civil libertarians who oppose any snooping, and of
business, which just wants to make a buck.
But one of the scenarios offered in the report is a law that makes it illegal to use an unbreakable code. That would
be more than a tad rough on civil liberties, pointless as a deterrent to crime, and disastrous for Internet commerce
and Canada's fledgling cryptography industry.
For private citizens, such a law would be outrageous in its potential to invade privacy, says Jeff Shallit, a computer
science professor at the University of Waterloo. He's also vice-president of Electronic Frontier Canada, a
non-profit group devoted to ensuring the provisions of the Charter of Rights and Freedoms are preserved in the
digital age.
Besides being wrong-headed, it's unenforceable, Mr. Shallit adds.
"It's certainly possible to pass a law saying anything you send must be sent [uncoded]. But what if I want to speak
in Yiddish with my grandfather, and CSIS doesn't have someone who understands Yiddish? Or what if I want to
speak Navajo, or if I want to send random bits?"
An anticryptography law fails as a deterrent to crime for the simple reason that criminals are unlikely to obey the
law. It is a comparatively simple matter for any technologically adept high-school student to get and use an
unbreakable encryption program.
But this type of law would serve as a huge deterrent to Internet commerce, which is having a hard enough time
getting off the ground as it is. Business still hasn't found the secret to successful mass commerce on the Internet,
and if you remove consumers' ability to encrypt personal and financial information, it never will.
This seems unimaginable from a federal government that says it is committed to making Canada the most
connected nation on Earth by 2000.
But even if Ottawa only outlaws the export of strong cryptography -- as the United States has done -- there would
be painful repercussions for Canadian business.
This country has developed an international reputation for cryptography. The University of Waterloo has produced
an inordinate number of cryptographers, which are kind of the extreme sports version of a mathematician.
Ian Goldberg, for example, is the Waterloo graduate -- now at the University of California at Berkeley -- who
recently broke the code used to encrypt conversations on 80 million cellphones around the world. It took him and a
colleague about 10 hours.
Mississauga-based Certicom Corp., which makes encryption software, was founded by three Waterloo
professors and it has attracted major investment from Microsoft co-founder Paul Allen. Entrust Technologies
Ltd. of Ottawa is also building Canada's reputation as a fertile base for cryptographic talent.
Banning the use of so-called strong cryptography would stifle this industry or at least drive it out of the country.
The United States is already seeing hints of this. Sun Microsystems Inc. of Mountain View, Calif., has set up a
group in Russia to develop strong cryptography to get around U.S. export laws.
Domestically, the U.S. government is faced with the same balancing act as Ottawa. It has been making noises for
months, telling industry to come up with a solution or face regulation of the domestic use of encryption so that
police agencies would be able to understand any communication.
Indeed, when Mr. Goldberg broke the cellphone code, it appeared to have been dumbed down to make it easier for
police agencies to crack.
A strong lobby by U.S. industry has so far held off regulators and there have been signs Washington might ease
export restrictions.
Canada's lack of such restrictions is one reason Certicom recently signed a major licencing deal with a subsidiary
of Nippon Telegraph and Telephone Corp. of Japan. That unit, NTT Electronics Corp., owns a piece of Certicom's
U.S. competitor, RSA Data Security Inc., but it chose Certicom because of this country's kinder cryptography
export policy.
If Canada's policies change and we lose our status as a secret society, such deals will disappear, along with the
promise of a digital land.
Copyright © 1998 by The Globe & Mail. All Rights Reserved. Reprinted with permission.
