Canada Wants Software Backdoors, Mandatory Decryption Capability And Records Storage

The new Canadian government is looking to further expand its surveillance powers by requiring decryption capabilities for all services, mandatory storage of both internet and phone records for service providers, backdoors that allow interception, and warrantless access to basic subscriber information.

Bill C-51

Last year, under the previous conservative government, Canada passed a controversial “anti-terrorism” law, called Bill C-51, which gave new powers to the country’s police and intelligence agencies with little oversight.

The bill has been criticized for allowing the country’s domestic spy agency, the Canadian Security Intelligence Service (CSIS), to become a “secret police” by extending its powers beyond simple information gathering. It also allows 17 agencies to share a wide range of information about Canadian citizens, including medical and financial records, with the Canadian intelligence agencies.

Mandatory Decryption

After mandatory decryption and encryption backdoors failed to pick up steam in the United States, but succeeded in the UK with the passing of the “Snoopers’ Charter,” Canada is looking to give this idea a try, too. The government is now asking for feedback on whether it should legally force individuals and organizations to decrypt material.

This implies that either companies would have to forgo using end-to-end encryption that allows users to encrypt communications with their own keys, or they would need to have some kind of backdoor that would allow them to bypass the end-to-end encryption.

Software Backdoors

The government also complained about not being able to intercept some communications, and that it should be allowed to use intercept capability against some service providers. Unlike the phone networks, which have had built-in intercept capabilities for decades, many of the chat or email applications don’t (with some exceptions). That’s even more true for end-to-end encrypted services, where the companies themselves can’t see the private communications between users, which means law enforcement can’t either.

If the government can’t outlaw end-to-end encryption and can’t require companies to use only encryption that can be decrypted, the next best thing is going to be some kind of software backdoor that disables and bypasses an application’s end-to-end encryption. Then the communications could pass through the company’s servers, where law enforcement could intercept it. The government could even get direct access to the backdoor, and then it could use it whenever it wants, with or without a warrant.

However, if something like this passes as law, then it would become public, and more people may start avoiding services that have to abide by this Canadian law. This may be the reason why so many of the western democratic countries are trying to pass such laws almost in unison lately, to make it feel as if the people have no choice but to continue to use the backdoored services.

Security experts have almost unanimously come out against the idea of software backdoors, because they represent a grave security risk. Once there’s a way to bypass encryption, it’s not just governments that can use it, but also other bad actors.

Mandatory Records Storage

The Canadian government is complaining that some services don’t store records long enough, asserting that this is a problem for law enforcement. It also complained that some internet services that are used by Canadians “operate beyond the reach of Canadian law” simply because they have no local headquarters or servers, and thus Canadian law enforcement can’t legally request data from them.

The government seems to be targeting privacy services companies such as VPN providers. Some VPN service providers keep no logs whatsoever, and they may not even have servers in Canada. That means the Canadian government can’t request user data or force them to install backdoors.

The Canadian government seems to be considering a law where it could both mandate that all service providers, including VPN services, store customer records for a longer period of time, and that it should be able to request that data when needed.

Basic Subscriber information

The government argues that it should be allowed to get access to basic subscriber information without a warrant. It gives examples of situations such as as when a person is missing, when there is suspicion of a crime, to further investigate a lead, and so on.

However, these situations could be addressed by a judge assigned for emergency cases. It’s also not clear which agencies would be able to access this information, but presumably the Canadian government would want to eliminate any sort of restrictions for any agency when it comes to accessing basic subscriber information.

Updated, 12/31/2016, 1:04pm PT: The Canadian government seems to have taken down the public comment page for this issue.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • canadianvice
    I've written my MP's so many times about these bills.... it seems apathy is strong, and I'd recon ignorance as well. Eroding our rights through false fear is one of the double aims of the Islamist movement, because they're quite similar to the infrastructure needed to support their own brutal ways.

    Further to that, why are we so eager to lose what we seek to defend in the same idiotic act? Its reason to exist is the defense of our liberties and way of life, but its existence is a major step toward their destruction.

    I know I speak somewhat in hyperbole - but the Gestapo will not catch me at home for my caution, I only pray my fellows are smart enough to do the same. Every power you give government builds up something dirty in the shadows - which they may never use, but God have mercy if power tempts mortal men.

    These programs are ineffectual, supremely expensive, and above all erode rights that are not the government's to butcher. Leave the effects of terrorism to the terrorists, they're far less competent at it than the rats in ties.
  • MichaelElfial
    CANADIANVICE, I agree with you and this makes me feel happy that my country is a bit of a mess - at least the government is not organized enough to do something like this. Anyway, such an act does not bring security for too many reasons - from the cold war it will cause and the steep curve of freedom lost in the race to intercept enemy who will constantly seek new ways, to the waste of resources spent on hopeless frenzy to deal with a complex problem through the most obvious and trivial means. Such laws say only one thing - MPs everywhere from the old Western democracies to the flaky Eastern ones have one ting in common - total lack of adequate thinking and understanding what is real and what is part of their ignorant imagination.
  • chicofehr
    Canada is going copying the UK it seems. VPN and proxy will become necessary in Canada soon if this goes through.
  • thor220
    This is kind of a double whammy. It increases the cost for canadian VPNs and ISP and erodes rights. They will be losing tax dollars from two sources. And people wonder why norwegian countries are doing so well, the IP service boom thanks to laws like this are definitely helping.
  • SockPuppet
    People sure do get stupid when they talk about their "rights", whatever that means.
  • canadianvice
    18952436 said:
    People sure do get stupid when they talk about their "rights", whatever that means.

    They tend to get just a little irritable when the government insists on infringing on those.
  • schwatzz
    Software backdoors will make everything even easier to hack. Hackers will know that there is without a doubt a backdoor in the code and focus on where it will most likely be.
  • CKKwan
    The Chinese did it again!!!!
  • memadmax

    The power syrup has gone to their heads...
  • Virtual_Singularity
    18952166 said:
    Canada is going copying the UK it seems. VPN and proxy will become necessary in Canada soon if this goes through.

    I always laugh when I see the vpn/proxy answer, as if that's what's going to somehow preserve your privacy. To some extent, ok, sure. But overall, using a vpn or proxy server isn't necessarily going to ensure your privacy whatsoever. It's very sad, but that's what things have come to. Even George Orwell couldn't have hoped to imagine just how far stranger reality has proven to be, than the brilliant, tragic, prophetic vision he'd written about in his most famous works.