Hello, my name is Jesse Schooff. I'm a blogger. I volunteer with OpenMedia and I've also worked as the IT manager of a small company for the last decade.
I'm here today because I'm troubled by many aspects of the anti-terrorism act of 2016, which we call Bill C-51. But the main reason I'm here today to speak is because as an IT professional I'm concerned, and in some ways terrified, by some of the language in the online Canadian security consultations, which I know are not directly related to this committee. But the question was: How can law enforcement and national security agencies reduce the effectiveness of encryption for individuals and organizations involved in crime or threats to the security of Canada, yet not limit the beneficial uses of encryption to those not involved in illegal activities?
The short answer is you can't. The long answer would require more time than would be polite for me to take today, but I can explain by way of analogy. A few years ago the Transportation Security Administration in the United Stated decided that they needed to be able to open passengers' luggage at will without cutting off and thus destroying their luggage locks. The TSA partnered with lock and luggage manufacturers and worked with them to create a TSA master key that could open any lock. It wasn't long before someone created a 3-D printable model of the TSA master key that could be downloaded, distributed on the Internet, and printed, allowing anyone, including criminals, to open any TSA-approved lock.
When we talk about weakening encryption or creating a back door that only the good guys can access, what we're really talking about is deliberately putting bugs into our software. Any IT security expert or computer scientist will tell you that when there's a bug in software, hackers work hard to find that bug and exploit it. Encryption is not just a feature that makes it safe for us to use our credit card on eBay or that keeps racy instant messages private, encryption keeps our data infrastructure safe from hackers, criminals, and even terrorists. Encryption is the brick and mortar that allows enterprise IT to exist.
If government weakens or backdoors encryption, I can say without hyperbole that we put the entirety of our technology infrastructure at serious risk.
Thank you for your time.