Thoughts

This category identifies postings that are philosophical in nature.

On The Non-Consensual Sharing of Intimate Images of Men

/ Christopher Parsons
dirty sign writing feelings
Photo by Vie Studio on Pexels.com

Canadian parliamentarians in the era of the pandemic have adopted distanced methods of conducting their business. This has seen many Members of Parliament (MPs) use video conferencing platforms so that they can broadcast from their kitchens, living rooms, home offices, and bedrooms. On April 14, 2021 there was an unfortunate situation where a conventionally attractive male MP inadvertently had his conferencing camera on while changing his clothing. Another MP or parliamentary staff member captured an image of his state of undress and subsequently shared it with media organizations. 

This situation raises a question of law and, separately and more broadly, provides an opportunity to highlight the pervasive problems facing Canadian society in terms of addressing sexual violence, the non-consensual sharing of their intimate images (meant in a non-legal sense), and intimate partner abuse.

Facts at Hand

Due to how the parliamentary video system is configured, the only people who could have witnessed this incident were either other MPs or parliamentary staff members on the video conference. This meant that while the meeting was open to the public the actual video stream capturing the MP’s state of undress was (at the time) only visible to a relatively small group of people. At least one member of that small group took a photo of the MP and subsequently shared it. The image has, subsequently, been shared by the press and by individuals on social media, though admittedly with some censorship applied to the image. Unsurprisingly, this led to a number of jokes about the MP, their state of undress, the MP being too transparent, and more. 

Unlike many others, I did not find the non-consensual sharing of the image to be particularly funny. Instead, I quickly and publicly raised the question of whether either the MP or staff member who shared the image, or an offending MP’s party, would be willing to come before the Canadian public and explain why their actions did not contravene Section 162.1 of the Criminal Code of Canada. This part of the Criminal Code makes it a criminal offence for someone to publish an intimate image without consent. I also firmly stated that I was disgusted by the image having been shared and that I thought whomever shared it should be disciplined.

The first question is: did an MP or staffer potentially violate 162.1 in sharing the image, setting aside potential parliamentary privileges that may shield parliamentarians from investigation or charges?

Intimate Images and the Criminal Code of Canada

To potentially be guilty of violating the Criminal Code in sharing this image, the MP’s or parliamentary staffer’s actions must satisfy a set of criteria.

Whomever shared the image certainly knowingly published, distributed, transmitted, or made available “an intimate image of a person knowing that the person depicted in the image did not give their consent to that conduct” (162.2(1)). If the rest of section 162.1 of the Criminal Code is satisfied then that individual is guilty of an offence, which is “liable to imprisonment for a term of not more than five years” (162.1(1)(a)). 

Moving on, per the Code, an intimate image “means a visual recording of a person made by any means including a photographic, film or video recording” (162.1(2)) where the following conditions are met:

(a) in which the person is nude, is exposing his or her genital organs or anal region or her breasts or is engaged in explicit sexual activity; 

(b) in respect of which, at the time of the recording, there were circumstances that gave rise to a reasonable expectation of privacy; and 

(c) in respect of which the person depicted retains a reasonable expectation of privacy at the time the offence is committed.

The MP was certainly nude, satisfying 162.1(2)(a). They were in their own home, which would normally move towards satisfying 162.1(2)(b) but, in this case, the MP was also (unintentionally) broadcasting their image. So, in a sense this may suggest that the MP lacks a reasonable expectation of privacy. However, there are extenuating facts. Members of Parliament are not permitted to take images of screens and, as such, there may be some kind of a reasonable expectation of privacy insofar as MPs can expect that their image will not be captured or shared based on what is broadcast to other MPs but not the public. Attenuating this potential reasonable expectation of privacy is that the MP who’s image was captured was exclusively visible to other MPs and parliamentary staff members, further indicating that this was potentially a kind of a semi-public situation. Canadian courts have tended to take a sympathetic view of what constitutes a reasonable expectation of privacy, though whether they would recognize this situation as meeting the standard would need more substantial assessment than I will provide here.

However, for the sake of the analysis, let’s imagine that 162.1(2) is satisfied. Does the party who shared the image have a defense if that’s the case? I doubt it. 

The Criminal Code states at 162.1(3) that “[n]o person shall be convicted of an offence under this section if the conduct that forms the subject-matter of the charge serves the public good and does not extend beyond what serves the public good.” I cannot imagine a situation where capturing and sharing the image serves the public good. In clarifying 162.1(3), section 162.1(4) lays out that:

(a) it is a question of law whether the conduct serves the public good and whether there is evidence that the conduct alleged goes beyond what serves the public good, but it is a question of fact whether the conduct does or does not extend beyond what serves the public good; and

(b) the motives of an accused are irrelevant.

I would suspect that if a court was convinced that the elements of 162.1(2) were satisfied then 162.1(4) would not save the offending MP’s or staffer’s behaviour.

Broader Non-Criminal Code Analysis

Even if the person who initially shared the image did not violate the Criminal Code either because of the arcane nature of parliamentary rules, because the image doesn’t meet the definition of 162.1(2), or simply because no criminal charge is brought against them, the act of sharing this image has real-world implications. In essence, while there is an understandable attraction to asking whether someone violated the law we need to broaden our mode of analysis to appreciate the harms of sharing these kinds of images. 

First, it’s useful to remind ourselves that the man who’s image was captured and shared almost immediately apologized for his lack of decorum. As someone who inadvertently engaged in a behaviour that (clearly) ran counter to professional standards he owned up to the mistake and committed to being more studiously careful in the future. 

Second, the man is conventionally attractive and because of this status he, as a man, is generally expected by members of society to roll with the comments: it’s embarrassing but there is an expectation that this is ‘funny’. However, imagine that it had been a woman, or someone who is transgender, or someone undergoing a gender transition who’s image had been captured. Were this the case I am certain that, first, there would be much crueler commentary (revealing structural sexism) and, second, that people would broadly leap up and (rightly) insist that the commentary was wrong and inappropriate. Simply because it was a man who was captured on camera does not make it ‘funny’; the very perception that this incident should be treated as funny reifies some of the challenges facing men who are victims or survivors of sexual harassment, assault, and intimate partner violence. 

When members of society make fun of men who have been the subject of sexual violence, the non-consensual sharing of their intimate images (meant in a non-legal sense), and intimate partner abuse then men more broadly learn that they shouldn’t come forward to report or discuss these kinds of harms on the basis that they aren’t ‘harmed’ in the eyes of society. While less discussed, men are indeed victims and survivors of assault, abuse, sexual blackmail, and harassment. As a society we need to get a lot better at appreciating these forms of violence towards men and in creating a culture where they can come forward without an expectation of them being ‘weak’ or ‘not getting the joke’. I say this while recognizing that, proportionally, women, and members of the lesbian, gay, bisexual, transgender, queer or questioning, and two-spirit (LBGTQ2+) communities suffer from these harms more regularly and disproportionately than straight men. Nonetheless, if we are to develop societies that are more inclusive, that encourage men to develop emotional intelligence and sensitivity, and that broadly combat sexism and the pervasive and pernicious ills of sexual violence then it’s important that we take harms towards men as seriously as we do for other members of society who also suffer from sexual violence, non-consensual sharing of intimate images, and intimate partner abuse.. 

Lesson Drawing

So, was a crime committed? That’s a good question, and I’ll ultimately leave it to lawyers to argue about the nuances of how Canadian case law and the depths of our privacy law intersects with Section 162.1 of the Criminal Code. But while the law is an important point of discussion, the discussion cannot stop and end at the law’s edge. More significantly, the idea that someone thought it was appropriate (and, likely, just funny) to share the image of an unclothed male member of parliament underscores the amount of work that Canadian society–inclusive of Canadian elites–has ahead of it in the ongoing efforts to address sexual violence, non-consensual sharing of intimate images, and intimate partner violence. 

I suspect that the MP or parliamentary staffer who shared the image did so without a deep sense of malice in their heart. I half suspect it was a near-thoughtless action. But the very fact that they thought it was appropriate or funny to share this image reveals how sexual harassment and violence structurally pervades Canadian society. Such activities are often legitimized by way of humour and, in doing so, showcase the depths at which these behaviours are normalized. In short, the very sharing of the image serves to remind us of the circumstances of structural sexual violence that we operate in, each and every day. 

How can things ‘move forward’? On the one hand, I hope that the offending MP or staffer comes forward. I would rush to state that I don’t think that this means that the Criminal Code should necessarily be thrown at them! Instead, I think that it’s important for the person to make themselves publicly accountable for censure and take responsibly for their action, as the male MP did for his inappropriate state of dress. I don’t believe that every, or even most, social ills are best solved by turning to the law. 

But more substantively, I think that the best thing that can come from this situation is to hopefully provoke introspection about the biases that we all carry with us concerning sexual violence. Why did we, or our friends or family or colleagues, think that this incident was funny? What does our sense of this being funny reveal about the structural conditions of sexual violence that we operate within? What can we learn from our reactions, and how might we have behaved if we’d applied a bit more introspection? How can we have conversations with other people about sexual violence to better appreciate and understand how pervasive it is in our society, and what roles can and should we assume to combat these kinds of ills?

To be clear, I think that it is the work of each individual to think through these issues either on their own or in conversation with others who express an interest in the conversation. I don’t think that it’s the role of those who have been affected by sexual violence, the non-consensual sharing of their intimate images, and intimate partner abuse to do the labour to educate the rest of the population; they’re obviously free to do so, but cannot and should not be expected to do so.

I truly believe that, on the whole, Canadians really do want to have an inclusive and equitable society. To get closer to this ideal we all have to play a role in opposing, and working to overcome, historical structural and social harms. In part, this means reflecting more seriously on structural sexual harms, inclusive of those directed towards men, and the norms surrounding and often justifying or setting aside these harms. Hopefully this unfortunate parliamentary incident fosters at least some of those conversations and reflections so that something positive can come out of this affair.

Building Trust in Chinese Infrastructure Vendors and Communications Intermediaries

/ Christopher Parsons

Last week I appeared before the Special Committee on Canada-Chinese Relations to testify about the security challenges posed by Chinese infrastructure vendors and communications intermediaries. . I provided oral comments to the committee which were, substantially, a truncated version of the brief I submitted. If so interested, my oral comments are available to download, and what follows in this post is the actual brief which was submitted.

Introduction

  1. I am a senior research associate at the Citizen Lab, Munk School of Global Affairs & Public Policy at the University of Toronto. My research explores the intersection of law, policy, and technology, and focuses on issues of national security, data security, and data privacy. I submit these comments in a professional capacity representing my views and those of the Citizen Lab.

Background

  1. Successive international efforts to globalize trade and supply chains have led to many products being designed, developed, manufactured, or shipped through China. This has, in part, meant that Chinese companies are regularly involved in the creation and distribution of products that are used in the daily lives of billions of people around the world, including products that are integrated into Canadians’ personal lives and the critical infrastructures on which they depend. The Chinese government’s increasing assertiveness on the international stage and its belligerent behaviours, in tandem with opaque national security laws, have led to questioning in many Western countries of the extent to which products which come from China can be trusted. In particular, two questions are regularly raised: might supply chains be used as diplomatic or trade leverage or, alternately, will products produced in, transited through, or operated from China be used to facilitate government intelligence, attack, or influence operations?
  2. For decades there have been constant concerns about managing technology products’ supply chains.[1] In recent years, they have focused on telecommunications equipment, such as that produced by ZTE and Huawei,[2] as well as the ways that social media platforms such as WeChat or TikTok could be surreptitiously used to advance the Chinese government’s interests. As a result of these concerns some of Canada’s allies have formally or informally blocked Chinese telecommunications vendors’ equipment from critical infrastructure. In the United States, military personnel are restricted in which mobile devices they can buy on base and they are advised to not use applications like TikTok, and the Trump administration aggressively sought to modify the terms under which Chinese social media platforms were available in the United States marketplace.
  3. Legislators and some security professionals have worried that ZTE or Huawei products might be deliberately modified to facilitate Chinese intelligence or attack operations, or be drawn into bilateral negotiations or conflicts that could arise with the Chinese government. Further, social media platforms might be used to facilitate surveillance of international users of the applications, or the platforms’ algorithms could be configured to censor content or to conduct imperceptible influence operations.
  4. Just as there are generalized concerns about supply chains there are also profound worries about the state of computer (in)security. Serious computer vulnerabilities are exposed and exploited on a daily basis. State operators take advantage of vulnerabilities in hardware and software alike to facilitate computer network discovery, exploitation, and attack operations, with operations often divided between formal national security organs, branches of national militaries, and informal state-adjacent (and often criminal) operators. Criminal organizations, similarly, discover and take advantage of vulnerabilities in digital systems to conduct identity theft, steal intellectual property for clients or to sell on black markets, use and monetize vulnerabilities in ransomware campaigns, and otherwise engage in socially deleterious activities.
  5. In aggregate, issues of supply chain management and computer insecurity raise baseline questions of trust: how can we trust that equipment or platforms have not been deliberately modified or exploited to the detriment of Canadian interests? And given the state of computer insecurity, how can we rely on technologies with distributed and international development and production teams? In the rest of this submission, I expand on specific trust-related concerns and identify ways to engender trust or, at the very least, make it easier to identify when we should in fact be less trusting of equipment or services which are available to Canadians and Canadian organizations.
Continue reading

Equity, inclusion and Canada’s COVID Alert app

/ Christopher Parsons
Photo by Anton Uniqueton on Pexels.com

The governments of Canada and Ontario announced the release of their COVID Alert exposure notification app on July 31. The application has been developed with privacy protection in mind, and has undergone governmental and private-sector reviews of its security and privacy. It has received high praise from many notable members of Canada’s privacy community, many of whom—myself included—have installed the application.

Despite this, the app still raises concerns of a non-technical nature – particularly when it comes to equity and inclusion.

COVID Alert App 101

COVID Alert can currently be used by residents of Ontario to receive exposure notifications. Canadian residents outside of Ontario can download the app but it won’t gain full functionality until their provincial heath authority joins the project. The application uses the exposure notification framework that was created by Google and Apple, and integrated into the companies’ respective operating systems.

COVID Alert does not collect:

  • Your name or address;
  • Your phone’s contacts;
  • Your health information;
  • The health information of people around you; or
  • Your location.

A smartphone with the app installed will generate random codes every five minutes and transmit them using Bluetooth to any phone within two metres that also has the app installed. Your smartphone will retain a log of all the codes that have been received for 14 days; information is deleted after that period. If the code of a person who has tested positive for COVID-19, and has uploaded their status to a government server, is found to be proximate to your device for 15 minutes or more, your device will notify you. At no point does the app collect any person’s name or the places they have visited; if you receive an exposure notification, neither the app nor the government can tell you who tested positive for COVID-19 or where you were potentially exposed to the disease. (For a more far more detailed overview of how Apple and Google’s exposure notification framework operates, see Hussein Nasser’s explainer video.)

The server will normally retain data for three months when devices contact the server, or up to two years if suspicious activity is identified. Access to these logs are highly restricted to authorized users who are bound to security obligations to protect, and not misuse, the data.

In addition to strong technical safeguards associated with the Apple-Google framework, the federal and Ontario privacy commissioners conducted their own privacy reviews of the app. The app’s developers spent a significant amount of time ensuring it was maximally accessible to Canadianswho may have visual, auditory or other physical impairments. Both the Canadian Centre for Cyber Security and BlackBerry Security have assessed the application’s security, and a formal vulnerability disclosure process for the application has been created. Finally, the Canadian government has established an Advisory Council composed of members of industry, academia and civil society, and is developing a framework to define and evaluate the app’s effectiveness, which will include an audit by the Office of the Privacy Commissioner of Canada and Health Canada later this year. If the app if found to be ineffective it will be decommissioned.

Considering all of this, the Canadian government and its provincial partner are to be congratulated on learning from many of the lessons of their international peers by collecting a minimum amount of data, developing a secure app and subjecting themselves and the Covid Alert app to substantial accountability checks.

Access and Equity Issues Remain

As I wrote at the onset of the pandemic, any COVID-19 apps must be developed with social inclusivity in mind. Technologies are inherently political in nature and their design, in part, defines what is and isn’t normal behaviour, what its use cases are, and what social norms govern its use. Inclusive policy design should accompany technologies that are intended to be used throughout society; at minimum, policy-makers should ask: Who is this technology designed for? What is this technology specifically intended to do or change in society? Who is included or excluded from using this technology? And, how might this technology detrimentally affect some members of society? It is this set of questions that brings some of the limitations of the COVID Alert app to the fore.

The COVID Alert application is designed for Canadians who own sufficiently recent smartphones; this means that people lacking such smartphones are excluded from using the app. A June 2020 study from Ryerson University’s Cybersecure Policy Exchange showed that 26 per cent of households earning less than $20,000, and about the same percentage of people over 60 years old, lack a smartphone. Similarly, people who identify as Black, Indigenous and people of colour tend to be less affluent and, as such, are less likely to own smartphones capable of installing the application. All of the aforementioned groups — the less economically advantaged, the elderly and racialized communities — have tended to disproportionately suffer the effects of COVID-19.

The COVID Alert app is designed to achieve positive social goods — to mitigate the spread of disease — but there are live questions about an app’s ability to accomplish this goal. A team from Oxford University developed a model in April 2020 that found that approximately 60 per cent of the U.K.’s general population would need to install an app for it to be fully effective; this measures out to approximately 80 per cent of all smartphone users in that country. A lower adoption rate may still potentially help to inhibit the spread of COVID-19, but at less dramatic rates.

Beyond questions of the actual efficacy of any given app, there are also potential unintended consequences that might disproportionately affect those who enjoy less privilege in Canadian society. First, carding is a pernicious problem in Canada and there is a risk that law enforcement officers, or other public officers, might demand to see a person’s app to assess whether that person has been exposed to COVID-19. With an unlocked device in hand, officers could search through the device for potentially incriminating materials they otherwise would not have been able to access; these kinds of activities would be a continuation of the enhanced and often illegal searches that Black-identifying Canadians are often subjected to. A recent report from the Canadian Civil Liberties Association found that law enforcement agencies have disproportionately applied law throughout the pandemic to “Black, Indigenous, and other racialized groups, those with precarious housing, recent immigrants, youth, members of the LGBTQ2S community, and certain religious minorities.” It is reasonable to worry that over-policing will extend to so-called “exposure checks” that then turn into smartphone fishing expeditions.

Second, private organizations, such as businesses, may also demand that individuals reveal their COVID-19 exposure status before entering workplaces. Some individuals, such as those who cannot afford a sufficiently up-to-date smartphone or who have lost their phone and cannot afford to replace it, may be denied access to employment. Similarly, if showing one’s COVID-19 status is a prerequisite to entering a shop, these same people may be denied access to grocery stores, pharmacies or other essential businesses.

Some Canadians may regard the aforementioned risks as merely theoretical, or as too high a bar to climb in a time of crisis. Such a response, however, misses the very point: the potential harms are linked to implicit social biases and structural inequality that means some in Canadian society have to worry about these risks, whereas others do not. When Canadian leaders assert that they want to build more inclusive societies, the aforementioned issues associated with the COVID app lay bare social inequity and demonstrate the need for government to explain how it expects to ameliorate these inequities through policy and law. Ignoring these inequities is not an option for a truly inclusive society.

COVID Alert and Inclusive Policy

In the excellent accessibility documentation that accompanies the COVID Alert app, the Canadian Digital Service acknowledges that:

“Some people may have phones or operating systems that do not support downloading the app. And some people may not have smart phones at all. Many people may not have affordable access to the Internet, and the app needs an Internet connection at least once a day to work. … COVID Alert is one part of our public health effort to limit COVID-19. The app does not replace manual contact tracing by local public health authorities. Manual contact tracing is available to everyone in Canada, along with other important resources.”

This acknowledgement is important, and positive, insofar as it showcases that the developers recognize the app’s shortcomings and make clear that other resources are available to Canadians to mitigate the spread of COVID-19. But the governments of Canada and Ontario can go much further to address these limitations, as well as the potential harms linked with the COVID Alert app.

First, governments of Canada can pass legislation that bars public officials, as well as private individuals or organizations, from demanding that individuals install the application or compelling individuals to disclose any information from their COVID-19 app. This legislation could make it a criminal offence to issue such a request in order to prevent police, social workers, landlords, retail staff or others from conducting “exposure checks” that can be used to discriminate against minority populations or less advantaged members of society. Not only would such legislation bar bad behaviour by punishing individuals who inappropriately access information on smartphones, but it might increase trust in the application by firmly giving individuals genuine control over the information held in the app.

Second, the federal and provincial governments can rapidly explain how they will ensure that there is equity in the kinds of health responses that are provided to all Canadians, including those who are less affluent or privileged. Given that governments are unlikely to supply less-advantaged residents of Canada with smartphones that can run the COVID-19 app or subsidize their purchase, the government could explain what other policies will be implemented to ensure that all Canadians enjoy health monitoring; this might, as an example, include increased availability of testing in less affluent communities, focused public outreach conducted through local health authorities and community groups, or broader efforts to meaningfully invest in the social determinants of health that are known to increase health resiliency.

Third, and relatedly, the governments should rapidly release information about how, specifically, the federal and provincial departments of health will assess the success or efficacy of the COVID Alert app. Canadians deserve to know how the government is modelling success and failure, and how the government is accounting for the fact that many less affluent and older residents of Canada lack smartphones capable of installing the COVID Alert app. Without clear success or failure criteria, the COVID Alert app risks becoming a prop in “pandemic theatre” as opposed to a demonstrably effective tool to mitigate the spread of the disease. Given that public and private groups had time to assess the app’s privacy and security properties, it is shocking that health officials have yet to explain how the app’s utility should be measured.

In summary, the technical teams that developed the application, the bodies responsible for assessing the app’s security, and the privacy commissioners’ offices have all performed admirably. The overlapping accountability regimes surrounding the app should provide confidence to Canadians that the app itself will not be used to nefariously collect data, and the app will be decommissioned once shown to be ineffective or no longer needed. But more is needed. Governments that have committed to inclusive policy design must go beyond making the design of the technology accessible, to making it accessible for all people to either safely access and use, or to have access to equivalent public health protections. Governments in Canada must focus on building up trust and proving that public health efforts are being designed to protect all residents of Canada, and especially those most detrimentally affected by the pandemic. The time for action is now.

(This article was first published by First Policy Response.)

The Information Security Cultures of Journalism

/ Christopher Parsons
(Photo by Charles Deluvio on Unsplash)

I’ve had the pleasure to work with a series of colleagues over the past few years to assess and better understand the nature of security practices which are adopted by journalists around the world. Past outputs from this work have included a number of talk, an academic article by one of my co-authors Lokman Tsui, as well as a Columbia Journalism Review article by Joshua Oliver. Most recently, a collection of us have published an article entitled, “The Information Security Cultures of Journalism” with Digital Journalism.

Abstract:

This article is an exploratory study of the influence of beat and employment status on the information security culture of journalism (security-related values, mental models, and practices that are shared across the profession). The study is based on semi-structured interviews with 16 journalists based in Canada in staff or freelance positions working on investigative or non-investigative beats. We find that journalism has a multitude of security cultures that are influenced by beat and employment status. The perceived need for information security is tied to perceptions of sensitivity for a particular story or source. Beat affects how journalists perceive and experience information security threats. Investigative journalists are concerned with surveillance and legal threats from state actors including law enforcement and intelligence agencies. Non-investigative journalists are more concerned with surveillance, harassment, and legal actions from companies or individuals. Employment status influences the perceived ability of journalists to effectively implement information security. Based on these results we discuss how journalists and news organisations can develop effective security cultures and raise information security standards.

We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus

/ Christopher Parsons
(Photo by Maxim Hopman on Unsplash)

Over the past several months I’ve had the distinct honour to work with, and learn from, a number of close colleagues and friends on the topic of surveillance and censorship that takes place on WeChat. We have published a report with the Citizen Lab entitled, “We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus.” The report undertook a mixed methods approach to understand how non-China registered WeChat accounts were subjected to surveillance which was, then, used to develop a censorship list that is applied to users who have registered their accounts in China. Specifically, the report:

  • Presents results from technical experiments which reveal that WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.
  • Documents and images transmitted entirely among non-China-registered accounts undergo content surveillance wherein these files are analyzed for content that is politically sensitive in China.
  • Upon analysis, files deemed politically sensitive are used to invisibly train and build up WeChat’s Chinese political censorship system.
  • From public information, it is unclear how Tencent uses non-Chinese-registered users’ data to enable content blocking or which policy rationale permits the sharing of data used for blocking between international and China regions of WeChat.
  • Tencent’s responses to data access requests failed to clarify how data from international users is used to enable political censorship of the platform in China.

You can download the report as a pdf, or read it on the Web in its entirety at the Citizen Lab’s website. There is also a corresponding FAQ to quickly answer questions that you may have about the report.

Canada’s New and Irresponsible Encryption Policy: How the Government of Canada’s New Policy Threatens Charter Rights, Cybersecurity, Economic Growth, and Foreign Policy

/ Christopher Parsons

Photo by Marco Verch (CC BY 2.0) https://flic.kr/p/RjMXMP

The Government of Canada has historically opposed the calls of its western allies to undermine the encryption protocols and associated applications that secure Canadians’ communications and devices from criminal and illicit activities. In particular, over the past two years the Minister of Public Safety, Ralph Goodale, has communicated to Canada’s Five Eyes allies that Canada will neither adopt or advance an irresponsible encryption policy that would compel private companies to deliberately inject weaknesses into cryptographic algorithms or the applications that facilitate encrypted communications. This year, however, the tide may have turned, with the Minister apparently deciding to adopt the very irresponsible encryption policy position he had previously steadfastly opposed. To be clear, should the Government of Canada, along with its allies, compel private companies to deliberately sabotage strong and robust encryption protocols and systems, then basic rights and freedoms, cybersecurity, economic development, and foreign policy goals will all be jeopardized.

This article begins by briefly outlining the history and recent developments in the Canadian government’s thinking about strong encryption. Next, the article showcases how government agencies have failed to produce reliable information which supports the Minister’s position that encryption is significantly contributing to public safety risks. After outlining the government’s deficient rationales for calling for the weakening of strong encryption, the article shifts to discuss the rights which are enabled and secured as private companies integrate strong encryption into their devices and services, as well as why deliberately weakening encryption will lead to a series of deeply problematic policy outcomes. The article concludes by summarizing why it is important that the Canadian government walk back from its newly adopted irresponsible encryption policy.

Continue reading