What is encryption? Why is it important?
All of us, whether we realize it or not, use encryption every day on the Internet. We use it when we shop online, search the web, message friends or use online banking.
Encryption is a method of making our digital communications safe and private. Encrypting communications means that only the sender and the receiver of a message or piece of information can read it – and not any third party. Encryption scrambles the content, whether it’s a message, photo or password, so that it’s not visible to anyone other than the intended recipients.
For example, when you send a photo to a friend on WhatsApp, only you and your friend can see the photo – not anyone from the platform you send it on, or anyone who might want to spy on your messages. The same is true for any type of information: encryption stops people from spying on the things you search for online, and protects sensitive information like medical or banking data being sent online.
Why breaking encryption is a bad idea
Our private data, like personal messages and photos, passwords, social media accounts as well as the financial transactions we make online are rich targets for hackers and criminals. Having this information compromised or stolen leaves us vulnerable to cyber crimes like identity theft, blackmail, and credit card fraud.
Important infrastructure like our energy grids, hospitals and even national security and intelligence communities also depend on computer safety.
It’s impossible for technology companies to give governments backdoor access to encrypted communications without weakening the security of those communications for everyone who uses them. Loopholes in encryption that are designed for the government can become accessible to anyone who reverse-engineers them. Keys can be lost, copied or hacked, giving direct access to our most personal information.
Weakening the protection that encryption provides also reduces trust in the Internet as a safe place to communicate, do business and shop, which has serious economic consequences.
What’s happening with encryption in the other Five Eyes countries?
Australia has passed a highly controversial anti-encryption bill, which gives police greater powers to force companies and websites to insert backdoors to encrypted communications and implant malware.1
The United Kingdom’s intelligence agency GCHQ has proposed a plan to break into encrypted chats, which has been condemned by civil society organizations and tech companies like Apple and WhatsApp. The proposal, called “ghost protocol”, would require service providers to secretly insert government agents into private conversations.2
Senior officials in the U.S. have been meeting to discuss seeking legislation to prohibit companies like Apple, Google and Facebook from using encryption in their products that law enforcement can’t break.3
What’s Canada’s position on encryption?
Historically, the government of Canada has publicly affirmed its support for people and businesses in Canada to have access to the safest and strongest forms of encryption. But that has changed.
As recently as 2017, Canada’s Public Safety Minister was briefed to speak at meetings of other Five Eyes ministers and confirm that “Canada has no intention of undermining the security of the internet by impeding the use of encryption”4
However, a more recent communique in 2019 contained a worrying statement that “tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.”
In statements to the media, the office of the Public Safety Minister continues to assert that the government of Canada is not seeking new legislation.5 However, the government has continued to attend meetings with private companies to discuss encryption alongside Five Eyes partners.
In May 2020, it was revealed that the briefing documents prepared for Public Safety Minister Bill Blair confirmed that Canada’s position is in favour of “mitigating” the challenges of encryption, and that in order to do so, their assessment is that they need to engage key stakeholders and gain the support of prominent voices in industry and academia.6
Many privacy experts in Canada remain suspicious that our government is simply providing empty assurances on this topic, whilst secretly making plans to undermine encryption.7