With so many other ways Canada has declared war on the internet, one lesser known one is the anti-encryption push through Bill C-26.
For years, the five eyes spy agencies have lobbied governments to criminalize encryption, backdoor everything, spy on your every movement, and eliminate citizens constitutionally protected rights to privacy. We saw this back in 2018 where the organizations pushed for backdoor access to everyone’s private communications. That push was renewed in 2019 with similar demands, urging governments to crack down on people’s civil rights in the internet realm and create a 1984-esque surveillance state.
Internationally, those efforts have paid dividends. In 2018, Australia passed their anti-encryption laws. The development has caused considerable chaos in the country. Those anti-encryption laws were then used by the government to crack down on journalism in the country, raiding the offices of outlets publishing politically inconvenient stories. The business community also started to exodus out of the country while the international business community blacklisted the country in response.
Last year, the UK passed their own anti-encryption laws – a move that was hugely controversial and may have contributed to the country struggling economically. Businesses, for their part, threatened to leave the country in response.
The US in 2019 contemplated joining the war on encryption. The off again on again debate was back on in 2022 thanks to the push to resurrect EARN IT.
Sadly, Canada isn’t immune to commit security suicide. In 2019, Canada was was considering joining the war on encryption. Those consideration received pushback from digital rights organizations. We covered developments of this debate in 2023 as well where the government was pushing to resurrect the “Lawful Access” debate of the mid 2000’s and early 2010’s. Eventually, that push came into the form of Bill C-26 which was introduced in 2022 and is currently in the process of making its way out of the House of Commons committee. Mercifully, the bill is moving slowly which means that there is that possibility that it won’t become law in its current form before the next election.
Apparently, there have been calls to fix this legislation to remove backdoors on people’s communications. The government rejected those calls, signalling that the whole point of the bill was to break encryption. From the Globe and Mail:
A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada.
Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada’s networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance.
The government’s decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.
There are already many insecurities in today’s networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP’s cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world’s mobile networks.
So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.
It’s not as if the government wasn’t warned. Citizen Lab researchers presented the 2023 report’s findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada’s telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the ”confidentiality, integrity, or availability” of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications – personal, business, religious, or otherwise.
Canada’s push to create a surveillance state has been happening for decades. I still remember fighting against warrantless wiretapping during the Paul Martin Liberal government in the mid-2000’s. At the time, when the Martin government fell and the Conservatives took over, some people thought that a new party taking power would mean that there would bee a vastly different approach. I was skeptical at the time and received pushback for being too negative on the Harper Conservatives before they had done anything. Those critics were then shocked when the Conservatives then tabled a nearly identical Lawful Access bill shortly after. Unsurprisingly, the criticisms I got at the time suddenly vanished as critics expressed fury at the Harper Conservative government at the time for doing this.
The Harper Conservative government doubled down on their push to create a surveillance state in Canada through Lawful Access. Vic Teows, for instance, became infamous for attacking critics as being either with the government or with the child pornographers. Teows also used the Luca Magnotta case to push the legislation. The scandal plagued Harper Conservative government also tried to use the Amanda Todd case to sell the legislation – a move that Carol Todd was understandably upset about as she noted how she doesn’t think surveillance legislation was a good way to honour her daughters memory. Following the pushback, the Harper Conservative government got pissed off and effectively told her to shut the f*** up by shutting her out of committee due to her lack of support for the surveillance legislation.
Luckily, the scandals proved too much for the Harper Conservative government after being voted out. Along with that, the surveillance legislation died on the orderpaper, leaving Canadians to breathe a sigh of relief. While I had hoped that this debate would finally be over, these recent efforts by the Trudeau Liberal government has become a massive disappointment that we are, once again, in for another round of debating the push for massive government surveillance on Canadian citizens.
While the flavour has changed in these debates for the time being (warrantless wiretapping of all communications vs breaking encryption), the idea of mass government surveillance of people’s communications is generally the same thing.
Obviously, there is the skepticism that the Canadian government can break all encryption. Generally, I agree that this is going to be an extremely tall order at best for the government. Still, the effort to break encryption is going to leave Canadians as a whole less safe online. As a general rule, there is no “safe” backdoor. Deliberately introducing weaknesses to encryption weakens encryption as a whole. Asking for a backdoor that only the “good guys” can use is asking for the practically impossible. This perspective is not even controversial and is more in line with common sense as far as the security community is concerned. Some might even call it stating the blatantly obvious.
Probably the only bit of good news here is that this bill is still a ways off from being passed. It still has to pass third reading, then, later on, handed over to the Canadian senate to go through their own process. With an election due next year, unless this bill picks up significant speed, it will likely share the likely fate of Canada’s privacy reform bill. That is that it will ultimately die on the orderpaper and have to be re-introduced in the next government – assuming that the government at that point wants to partake in this same old song and dance. Given the history of both parties, it’s not out of the question that if a Conservative government were to take power that they would push for the same laws.
At any rate, Canada does have an advantage in the grand scheme of things. We’ve now seen other countries pass similarly disastrous laws. We know that this leads to distrust with Canadian businesses. Businesses in Canada also start looking to uproot and move to other countries where security is respected. Students looking to enter into the security field are discouraged from doing so given the possibility of repercussions from the government (which did happen in Australia). The government also gets new power to crack down on dissent (also a thing that happened in Australia). Thanks to international precedent, we can see the many pitfalls and risks of breaking encryption.
The question is, will Canada continue to repeat the mistakes of trying to break encryption like what happened in other countries? At the moment, we are aware that there is an appetite to do so at least. That should worry Canadian’s across the board.
Justification for all the internet bills is to protect people. East Germany used the same rationale to justify the Berlin Wall. It was BS then and it’s BS now. The purpose of the Bills is to restrict choice and privacy, and to enrich the chosen ones.