Understanding the Lawful Access Decryption Requirement

17 Pages Posted: 17 Sep 2012 Last revised: 5 Jul 2015

See all articles by Kevin McArthur

Kevin McArthur

Independent

Christopher A. Parsons

University of Toronto, Munk School of Global Affairs, Citizen Lab

Date Written: September 17, 2012

Abstract

Canada’s lawful access legislation, Bill C-30, includes a section that imposes decryption requirements on telecommunications service providers. In this paper we analyze these requirements to conclude that they may force service providers to establish key escrow, or decryption key retention, programs. We demonstrate the significance of these requirements by analyzing the implications that such programs could have for online service providers, companies that provide client software to access cloud services, and the subscribers of such online services. The paper concludes by suggesting an amendment to the bill, to ensure that corporations will not have to establish escrows, and by speaking to the dangers of not implementing such an amendment.

Keywords: Canada, encryption, decryption, SSL, security, privacy, policy

Suggested Citation

McArthur, Kevin and Parsons, Christopher A., Understanding the Lawful Access Decryption Requirement (September 17, 2012). Available at SSRN: https://ssrn.com/abstract=2148060 or http://dx.doi.org/10.2139/ssrn.2148060

Kevin McArthur

Independent ( email )

No Address Available

Christopher A. Parsons (Contact Author)

University of Toronto, Munk School of Global Affairs, Citizen Lab ( email )

Toronto, Ontario
Canada

Register to save articles to
your library

Register

Paper statistics

Downloads
217
rank
135,506
Abstract Views
2,445
PlumX Metrics