Just because Uncle Sam doesn’t want us to have it doesn’t mean it isn’t good for Canada.
Pretty Good Privacy–a set of programs used to encrypt e-mail, images, and other data–has created a storm of controversy south of the border while the Canadian government has taken a far more balanced approach to this technology.
First, an explanation.
PGP uses a set of mathematically-related public and private keys in a system called asymmetric cryptography. In its simplest form, users who wish to receive encrypted information distribute their public key freely. People sending private information use the public key to encrypt that information which only the recipient alone can decrypt using their private key.
This is an extremely secure system, but there are a few ways to breach PGP security. The most common and simple way is to watch someone type in the password used to access their private key stored on disk or computer. Another theoretical method involves cracking the encrypted message using sophisticated algorithms and powerful but expensive computing hardware, but this has never been done. Governments can use neither of these methods efficiently, they claim, which is why they and many policing agencies are gravely concerned about PGP’s widespread availability.
Philip Zimmermann first published PGP in 1991 in response to U.S. Senate Bill 266. The omnibus anti-crime bill required that all encryption technology incorporate back doors to unencrypted information that the U.S. government alone would be privy to. While the bill did not pass, the public quickly realized the importance of such encryption technology through the media. After a period of rapid proliferation for PGP, the U.S. government began investigating Zimmermann under the International Traffic in Arms Regulations, which governs the export of things like bombs, chemical weapons and encryption software.
Zimmermann testified in his own defence before the U.S. Senate Subcommittee on Science, Technology, and Space of the US Senate Committee on Commerce, Science, and Transportation.
"I did it because I wanted cryptography available to the American public before it became illegal to use it," he said. "I gave it away for free so that it would achieve wide dispersal and inoculate the body politic."
However, Canada has taken a different approach. In 1998, then Federal Minister of Industry John Manley announced that Canadians would not need to incorporate mandatory key recovery in their encryption products, which would supposedly give the government access to protected communication.
Electronic Frontier Canada President Dave Jones supported the minister’s decision.
"Industry Canada is essentially saying that, domestically, you can pretty much do whatever you want with cryptography," said Jones.
David Banisar, of the Electronic Privacy Information Center in Washington, D.C., concurred.
"The U.S. has sent a number of delegations to Canada, a number of times, to try and convince them to go with a restrictive view," said Banisar. "The Canadians clearly said they were not interested."
As it stands, the governments of Canada and the United States remain divided about encryption policy. Some users see things more clearly.
When Microsoft’s Hotmail service was compromised in 1999 and an unknown number of personal e-mail were accounts violated, many people realized their concept of Internet security needed revision. They did not realize that the e-mail sent from work may be monitored by their employers, or that e-mail accounts could be so easily compromised.
To prevent eavesdropping, the Privacy Commissioner of Canada recommends a number of preventative steps that include using PGP. Along with common sense measures, encryption can help keep snoops out of your data.
PGP downloads, links and sites
MIT Distribution Center for PGP
Free non-commercial PGP distributions for most computing platforms and installation instructions.
web.mit.edu/network/pgp.html
Network Associates
PGP product information page for commercial PGP installations and PGP-enabled server software.
www.pgp.com
International PGP Homepage
News, resources, downloads, FAQs and information about PGP, GnuPG and related projects.
www.pgpi.org
GNU Privacy Guard
Open Source PGP implementation compatible with the OpenPGP Internet standard. Installation instructions are included to incorporate other standard encryption technologies.
www.gnupg.org
Electronic Frontier Canada
Information technology rights and freedoms advocacy group based in Canada.
www.efc.ca
Privacy in Cyberspace-A surfer’s guide
Internet privacy tips and other information published by the Privacy Commissioner of Canada.
www.privcom.gc.ca/information/ar/02_04_04_e.asp#009