Understanding the Lawful Access Decryption Requirement
17 Pages Posted: 17 Sep 2012 Last revised: 5 Jul 2015
Date Written: September 17, 2012
Abstract
Canada’s lawful access legislation, Bill C-30, includes a section that imposes decryption requirements on telecommunications service providers. In this paper we analyze these requirements to conclude that they may force service providers to establish key escrow, or decryption key retention, programs. We demonstrate the significance of these requirements by analyzing the implications that such programs could have for online service providers, companies that provide client software to access cloud services, and the subscribers of such online services. The paper concludes by suggesting an amendment to the bill, to ensure that corporations will not have to establish escrows, and by speaking to the dangers of not implementing such an amendment.
Keywords: Canada, encryption, decryption, SSL, security, privacy, policy
Suggested Citation: Suggested Citation