Public Safety Committee on Oct. 17th, 2016

As a concerned citizen.

Thank you.

Hello, my name is Jesse Schooff. I'm a blogger. I volunteer with OpenMedia and I've also worked as the IT manager of a small company for the last decade.

I'm here today because I'm troubled by many aspects of the anti-terrorism act of 2016, which we call Bill C-51. But the main reason I'm here today to speak is because as an IT professional I'm concerned, and in some ways terrified, by some of the language in the online Canadian security consultations, which I know are not directly related to this committee. But the question was: How can law enforcement and national security agencies reduce the effectiveness of encryption for individuals and organizations involved in crime or threats to the security of Canada, yet not limit the beneficial uses of encryption to those not involved in illegal activities?

The short answer is you can't. The long answer would require more time than would be polite for me to take today, but I can explain by way of analogy. A few years ago the Transportation Security Administration in the United Stated decided that they needed to be able to open passengers' luggage at will without cutting off and thus destroying their luggage locks. The TSA partnered with lock and luggage manufacturers and worked with them to create a TSA master key that could open any lock. It wasn't long before someone created a 3-D printable model of the TSA master key that could be downloaded, distributed on the Internet, and printed, allowing anyone, including criminals, to open any TSA-approved lock.

When we talk about weakening encryption or creating a back door that only the good guys can access, what we're really talking about is deliberately putting bugs into our software. Any IT security expert or computer scientist will tell you that when there's a bug in software, hackers work hard to find that bug and exploit it. Encryption is not just a feature that makes it safe for us to use our credit card on eBay or that keeps racy instant messages private, encryption keeps our data infrastructure safe from hackers, criminals, and even terrorists. Encryption is the brick and mortar that allows enterprise IT to exist.

If government weakens or backdoors encryption, I can say without hyperbole that we put the entirety of our technology infrastructure at serious risk.

Thank you for your time.

Thank you. That's a very good question.

What you're talking about concerns me too, immensely. I consider myself a feminist. Cases like that of Amanda Todd for example—

Wanting does not make it so. Encryption is computer science, it's mathematics, and it is a thing that is either secure from end to end or it has vulnerability built into it. We could mandate that our software has to have back doors built into it, but once again, people will immediately start looking for how they exploit the back door to steal credit card information, to spy on people, to commit all sorts of cybercrime. Any time there is a bug in software that allows people to do something they're not allowed to do, it's immediately exploited.

I wish I had a better answer for you than that, but I don't.

I'm a systems administrator. I'm not the greatest computer security expert that you could talk to on the matter.

Security personnel and law enforcement will either have to rely on brute force using their own hacking methodologies to try to intercept information they're interested in or build in vulnerabilities by design.

From my standpoint, that would be very dangerous.

I can leave this with you if you like.

Good evening.

My name is Laura Tribe. I am the executive director of OpenMedia. As some of you know—I've heard that some of you have already heard from us—we are a digital rights organization that works to keep the Internet open, affordable, and surveillance-free.

Since Bill C-51 was first announced, we've been campaigning alongside many other groups, initially to stop Bill C-51, and now to get it fully repealed. Over the past 20 months, we have seen over 300,000 Canadians speak up against this reckless, dangerous, and ineffective legislation. OpenMedia has set out our detailed concerns about Bill C-51 and many other threats to Canada's digital privacy, including encryption—thank you, Jesse—at saveoursecurity.ca. It's a tool that we've built to encourage as many Canadians as possible to take part in the government's security consultations and ensure that our charter rights are protected.

Our calls for how the government must respect privacy and free expression online are fully outlined in our platform, and we will submit them via written comments to make sure that you get them in full detail, but we do invite you and everyone here to visit saveoursecurity.ca to see our written comments in full.

Tonight, we have three main asks for you, our elected representatives on the committee. The first is to make sure that Bill C-51 gets completely repealed—now. I cannot stress enough how urgent this is. Every single day this legislation remains on the books, innocent Canadians continue to be treated as criminals. Our privacy and security are compromised, and our charter rights are violated. As one of our community members told us recently, repeal it completely, and do it now. If the Liberal government believes some sort of bill is needed, then write a new bill from scratch only after a thorough consultation with legal experts and citizens to ensure Canadian rights and freedoms are preserved.

Second, we ask you to implement strong privacy rules to keep us safe from surveillance. I have here with me, and will leave with you, a copy of “Canada's Privacy Plan”, a positive vision for privacy that we crowdsourced with the help of over 125,000 Canadians. This plan calls for an end to warrantless access to our personal information, a stop to mass surveillance of innocent people—a practice that, just earlier today, the U.K.'s top surveillance court ruled as a breach of our human rights—and accountability, transparency, and oversight for security agencies.

Third, we are asking for a commitment to a transparent process for setting out the results of these consultations. You say you want the public to engage in these consultations, but we are not sure how we are being heard. To be frank, our community is very skeptical. This is particularly critical, given the alarm expressed by experts, including the Privacy Commissioner of Canada, about the skewed, one-sided way in which the government—not the committee—has framed many of these national security issues.

OpenMedia is built on crowdsourcing the voices of our community to find the best positive path forward. I believe in the power of community engagement, but we need a commitment that our voices will not be ignored. What assurances do we, the public, have that our voices are being heard and that this is not an exercise in futility? We will not accept “Trust us” as an answer. From Five Eyes information sharing to invasive StingRay cellphone surveillance, accidental privacy breaches, and backdoor encryption, we have consistently been shown that our digital information is too vulnerable to be left to just trust. More important, we shouldn't have to trust you. We should have laws to protect us and safeguards to prevent abuse. We need real transparency, accountability, and oversight.

On behalf of the OpenMedia community, I challenge you to truly listen to Canadians and save our security. Do not perpetuate a culture of fear. Protect our charter rights and values, and reimagine a world where all Canadians can use the Internet without fear of being watched.

As always, OpenMedia remains committed to delivering the voices of Canadians to our decision-makers. We have done so here today, and we look forward to discussing more with you in the future.

Thank you.

Yes, oversight is a great first step and it's great to see that some progress is being made on that, but the big concern we have is that Bill C-51 introduced so many additional problems that all that oversight is required. It's great to see that we're making progress, but all the while, Bill C-51 is still on the books. That's really the number one concern we're hearing from our community.

It's almost a year to the date since election day. We were told changes would happen. It's great to see that these consultations are taking place, and we asked for them a year ago. We wanted these consultations to happen. We want to be able to take the voices of the public and bring them to the people who make the decisions.

At the end of the day, we can say these things and that legislation is one part and a tiny piece of the puzzle, but it's really hard for us to go back to our community and assure them that it's still worth taking part in these consultations.

They are listening. What we're really looking for is a way to make sure that people know that this isn't just going on the record, but that these public proceedings will be disclosed to the public. How do they know what you have heard? How do they know that the decisions you make reflect the actual input you're getting from Canadians? A real concern we're hearing from our community is that this is an exercise in futility, and that it's already decided.