Twisted into knots: Canada’s challenges in lawful access to encrypted communications

Statutory considerations

Interception of private communications in Canada is now a tightly regulated process but, as in most constitutional democracies, this was not always the case. In the 1950s, national security domestic intercept warrants were issued by the Prime Minister as an exercise of discretionary power under a Korean War-period instrument, the Emergency Powers Act. ³³ The EPA set out vague statutory standards upon which authorities could engage in surveillance ³⁴ without any independent oversight. ³⁵ Subsequently, in 1954, the Deputy Minister of Justice issued the so-called ‘Varcoe opinion’ in which he concluded that under the then-Official Secrets Act, officials could intercept telephone communications for security purposes with a standard search warrant issued by a justice of the peace. ³⁶

Twenty years later, Parliament legislated the Protection of Privacy Act of 1974, now included as Part VI of the Criminal Code. ³⁷ Part VI governs the interception of ‘private communications’—essentially, any oral communication or telecommunication made or received in Canada in which the originator has a reasonable expectation of privacy. ³⁸ Interception almost always requires advance authorization by a judge, following a process more demanding than that associated with regular search warrants set out elsewhere in the Criminal Code. Under Part VI, the unauthorized interception of a private communication, including by government agencies, is a crime. ³⁹

In 1984, Parliament enacted the CSIS Act establishing CSIS. Before then, the RCMP’s Security Service was responsible for both domestic security intelligence and national security policing. Following a series of scandals and failures by the Security Service in the 1970s and 1980s, the 1981 Report of the Commission of Inquiry Concerning Certain Activities of the Royal Canadian Mounted Police recommended that the responsibility for collecting intelligence be stripped from the RCMP and entrusted to a civilian intelligence agency with a clearly defined legislative mandate. ⁴⁰ This recommendation culminated in the creation of CSIS in 1984. Since then, the use of intrusive investigative tools by this agency, including the interception of communications, requires judicial authorization by a specially designated judge of the Federal Court. The authorization scheme set out in the CSIS Act 30 years ago is technologically neutral—it applies in every instance where a collection measure implicates a target’s reasonable expectation of privacy. The same 1984 provisions (barring one exception expanding the jurisdictional reach of those warranted powers) continue to govern CSIS’s collection and interception effort today. ⁴¹

Constitutional considerations

The same year Parliament passed the CSIS Act, the Supreme Court of Canada decided Hunter v Southam which, to this day, remains the leading case on s 8 of the Charter of Rights and Freedoms. ⁴² Section 8 guarantees ‘everyone has the right to be secure against unreasonable search or seizure’. Since Hunter, courts interpret s 8 as protection against unreasonable invasions of one’s reasonable expectations of privacy. This standard of reasonableness is a normative rather than a descriptive standard, meaning that the growth or introduction of new surveillance techniques should not diminish one’s expectation of privacy. ⁴³

Hunter tell us that a lawful search generally requires ‘(1) prior authorization; (2) granted by a neutral and impartial arbiter capable of acting judicially; (3) based on reasonable and probable grounds to believe that an offence has been committed and there is evidence to be found at the place to be search’. ⁴⁴ The Federal Court affirmed that the Hunter standard applies to CSIS, just as it applies to Canadian law enforcement. ⁴⁵ In the Islamist Terrorism case, for instance, the Court pointed to the injuries that might befall an individual subject to an intelligence investigation and held ‘the investigation of threats to the security of Canada…and the collection of information or intelligence…[is] closer in nature to the purposes of criminal legislation than to the purposes underlying the types of public welfare, regulatory or economic legislation in respect of which low expectations of privacy have been found to exist’. ⁴⁶

Given s 8 and the jurisprudence interpreting it, both the Criminal Code Part VI and the CSIS Act warrant regimes are constitutional necessities. Whether encryption itself affects constitutional expectations remains unclear. That said, in 2014, the Supreme Court recognized the right to remain anonymous as an element of privacy protected by s 8 of the Charter. In R v Spencer, the Court considered a police request for an Internet user’s subscriber information, needed to link the account holder to illegal online activity. The Court held that by linking Mr Spencer to online activities that he wished to undertake anonymously, the police violated his reasonable expectation of privacy. As such, the use of encryption to mask one’s identity could easily be understood as a means of enhancing one’s expectation of privacy. ⁴⁷

Technological change

For decades, security services and the Courts have found ways to adapt both the police Part VI interception and CSIS Act interception regimes to suit the requirements of changing technology. As noted, the CSIS Act system governs all intrusive investigative techniques and thus does not ‘stale date’ with technological change.

For its part, Part VI of the Criminal Code specifically applies to the interception of ‘private communications’. Private communication includes ‘telecommunication’, a term defined as ‘the emission, transmission or reception of signs, signals, writing, images, sounds or intelligence of any nature by any wire, cable, radio, optical or other electromagnetic system, or by any similar technical system’. ⁴⁸ In Lyons v The Queen, the Supreme Court made clear that Part VI was not ‘“wiretapping” legislation, nor eavesdropping legislation, nor radio regulation. It is the regulation of all these things and “any other device” that may be used to intercept intelligence reasonably expected by the originator not to be intercepted by anyone other than the intended recipient’. ⁴⁹

Later, in R v Telus Communications, ⁵⁰ a plurality of the Supreme Court concluded that “text messages”—a written form of electronic communication—were “telecommunications” for the purposes of Part VI of the Criminal Code. ⁵¹ As such, Part VI’s rules regarding the interception of private communication govern the ‘state acquisition of informational content—the substance, meaning, or purport—of the private communication. It is not just the communication itself that is protected, but any derivative of that communication that would convey its substance or meaning’. ⁵² Part VI likely reaches, therefore, all sorts of transiting, written and electronic communications. ⁵³ Stored communications are governed by other standards—namely, the ‘production orders’ discussed below.

Solicitor general’s enforcement standards

An intercept authorization under Part VI or the CSIS Act permits the state to intercept a private communication lawfully. It does not, however, guarantee that the interceptions will be intelligible.

As noted above, Canada does not have any encryption-specific law. In the absence of formal statutory decryption obligations, authorities rely instead on a more antiquated, narrower and less transparent administrative instrument: the Solicitor General’s Enforcement Standards for Lawful Interception of Telecommunications (SGES). Compliance with the SGES is a condition for obtaining and maintaining wireless telecommunications licences in Canada, and yet the terms of the SGES are not public. ⁵⁴ It is our understanding that the most recent version was updated in 2015. ⁵⁵ However, the only published version of the SGES—of which we are aware—dates to 2008 and was obtained by a Canadian newspaper through a freedom of information request. ⁵⁶

To be sure, authorities must present service providers with a lawful authorization to intercept communications—the SGES does not replace the need for a judicial authorization. But where they do have lawful access to communications, Standard 12 in the 2008 iteration of the SGES requires that ‘[i]f network operators/service providers initiate encoding, compression or encryption of telecommunications traffic, law enforcement agencies require the network operators/service providers to provide intercepted communications en clair’. The commentary on Standard 12 notes:

Law enforcement requires that any type of encryption algorithm that is initiated by the service provider must be provided to the law enforcement agency unencrypted. This would include proprietary compression algorithms that are employed in the network. This does not include end to end encryption that can be employed without the service provider’s knowledge. ⁵⁷

Production of stored records or data

Where the information sought by police is records or data either stored or accessible by a third party, including text messages, SMS messages or emails, police may obtain a production order under s 487.014 of the Criminal Code. Similar to a wiretap authorization, s 487.014 demands that police have reasonable grounds to believe that a crime has been or will be committed, that a document or data is in the identified third party’s possession or control, and that the requested information will afford evidence concerning the commission of that offence. In the case of CSIS, the intelligence officials must present the service provider with a copy of a s 21 CSIS Act warrant specifying the type of communications they are authorized to intercept or obtain.

There is nothing in either provision that stipulates the information produced must be intelligible or ‘en clair’. Some suggest that a s 487.014 order could be issued to compel the production of an encryption key. ⁶² We contend that a strict reading of the Criminal Code would not support such a request as the document or data sought must itself afford evidence of a criminal offence. To argue otherwise would suggest that a production order could be used to compel the production of the passcode to a safe if the safe was believed to contain evidence of an offence. A separate provision of the Criminal Code governs this form of assistance, which we address next.

Assistance orders

Both the Criminal Code and the CSIS Act set out procedures for compelling third parties to assist authorities in carrying out their judicially authorized collection efforts.

Section 487.02 of the Criminal Code specifies that a judge or justice who issues a Part VI authorization may order a person to aid law enforcement if their ‘assistance may reasonably be considered to be required to give effect to the authorization’. Identical language is used in s 22.3 of the CSIS Act to compel any person to assist CSIS in the execution of a s 21 warrant. Under Canadian law ‘persons’ includes a corporation. ⁶³

As noted in the introduction, we know BlackBerry aided the RCMP in their investigation of Montreal organized crime and the murder of Sal Montagne, yet the exact nature of that assistance is unknown. In part, this is a result of the fact that a s 487.02 order need not specify precisely how the named party should exercise their assistance. What is more, courts have provided little guidance on how officials and those presented with an assistance order should understand the scope of what is required to ‘give effect’ to an authorization.

The one reported case that dealt squarely with this issue arose in 2015 when Telus, a Canadian telephone service provider, challenged the legality of an assistance order. The order required Telus to provide all subscriber information associated with call records that the Toronto Police Service were authorized to collect under a Transmission Data Recorder Warrant. ⁶⁴ An Ontario Superior Court judge upheld the order, dismissing Telus’s argument that assistance orders was merely a means of ensuring that the technical aspects of a warrant were carried out. The Court held the wording of s 487.02 ‘is not that narrow’:

The section refers expressly to the fact that the granting of an assistance order is for the purpose of giving ‘effect to’ an authorization. It does not say, for example, that its purpose is to ‘implement’ or ‘execute’ an authorization. In my view, to give effect to an authorization is not to be read as simply requiring the application of technical know-how, such as connecting wires, or flicking switches, or permitting the police to ‘plug into’ a system. ⁶⁵

Of course, we suspect that any company faced with an order that required them to weaken their product or create a technical solution that they do not already possess would challenge the lawfulness of that demand. The Supreme Court considered the question of undue burden on a third-party subject to a production order in another Telus case. In Tele Mobile Company v Ontario, Telus applied for an exemption from two orders requiring them to provide call records in two separate criminal investigations. ⁶⁷ The Court noted

Society as a whole bears responsibility for the maintenance of law and order; co-operation between the public and the police is essential to the effective fulfilment of the already difficult tasks performed by the police. ⁶⁸

A second impediment to using assistance orders to compel third parties to assist police and intelligence officers in overcoming encryption is the effective reach of Canadian courts. Many platform and service providers do not operate ‘brick and mortar’ offices in Canada, putting the effectiveness of any court order in doubt. Once again, this issue arose in the context of a production order—rather than an assistance order—this time in British Columbia.

In 2018, the BC Court of Appeal found in R v Brecknell that the Provincial Court had jurisdiction to issue production orders to a company with only a virtual presence in Canada, and ordered Craigslist to provide account records connected to an offence committed in British Columbia. ⁷² Craigslist is an American company that does not have a physical presence within Canada, and they stored the requested information abroad. The Court of Appeal held that a production order could only be issued against a person in Canada, but found that Craigslist was such a person by virtue of the way it conducted business in this country: ‘in the Internet era it is formalistic and artificial to draw a distinction between physical and virtual presence [in Canada]’. ⁷³ Moreover, the Court cautioned that denying production orders on the basis of such a distinction would encourage criminals to store their information outside of Canada. ⁷⁴

In this case, the issue of the enforceability of the order was not in question. Craigslist agreed to produce the documents if ordered and had a history of complying with Canadian law enforcement. ⁷⁵ In comparison, a provincial court in Newfoundland explicitly refused to follow the precedent set in Brecknell and declined to issue a production order against Facebook because there was no mechanism to enforce it in California. ⁷⁶ There was nothing in the facts in the Newfoundland decision to suggest the US company would ignore a Canadian order, but that exact situation recently arose in Ontario when Facebook refused to produce documents related to a murder investigation. Facebook told Canadian authorities that as an American company who stores its data in the United States, they are under no obligation to comply with a Canadian order. ⁷⁷ We imagine foreign companies would adopt a similar stance if ordered to provide assistance in the form of decryption.

If this holds true, two options remain for Canadian authorities. The first is to seek foreign assistance through the cumbersome Mutual Legal Assistance Treaty (MLAT) process. Parliament enacted the Mutual Legal Assistance in Criminal Matters Act ⁷⁸ in 1988, giving the Minister of Justice the authority to request evidence or assistance in criminal investigations from one of the approximately 40 countries that have an MLAT with Canada. ⁷⁹ Despite the long history of this process, in many contexts the practicality of MLATs is questionable; they are ‘a slow and uncertain mechanism of investigation in an era when information moves instantaneously and may be stored only for a short time’. ⁸⁰ Moreover, for decryption, use of the MLAT process would only be effective if the corresponding nation has laws to compel third parties to decrypt communications or data.

The second option is for authorities to crack the code or find a way to circumvent encryption themselves.

Internal workarounds

The most obvious workaround to encryption is cracking the code or exploiting a flaw in the code when security officials have judicial authorization to collect the underlying information—what we call lawful hacking. ⁸¹ This may have been the RCMP’s solution to accessing BlackBerry Pin to Pin messaging. Law enforcement agencies may also purchase vulnerabilities from an external party with the technological skills to discover and exploit a flaw in the relevant software. ⁸²

Alternatively, authorities can access the plain text messages or voice communications from a device while it is in use. In this way, authorities see and hear the same thing as its user by exploiting a flaw in the phone or computer rather than the encrypted software. ⁸³ It was recently revealed that s 21 warrants may be used to authorize CSIS to do just that. Section 21(3) gives the Court jurisdiction to authorize CSIS to:

to enter any place or open or obtain access to any thing;

In October 2018, a Federal Court judge issued a series of warrants related to an investigation of ISIS that authorized CSIS to remotely install ‘implants’ on a named target’s wireless device. According to the Court’s reasons, the implant allows CSIS to covertly receive copies of what a subject of investigation sees on their computer or wireless device and enables remote searching of the device to obtain images, documents, and emails on an ongoing basis without the user’s knowledge. ⁸⁴ To use this power, CSIS must also have a warrant to access the individual’s communications. ⁸⁵

While we are unaware of any circumstances where law enforcement has undertaken similar measures, we suggest that the use of an implant could be authorized under a ‘general warrant’. ⁸⁶ Under s 487.01, a judge may authorize police to ‘use any device or investigative technique or procedure or do any thing described in the warrant’ if there is no other provision under the Criminal Code or ‘any other Act of Parliament that would provide for a warrant, authorization or order permitting the technique, procedure or device to be used or the thing to be done’.

Section 487.01 was introducing in 1993 to give law enforcement the option of using new techniques and technologies that were not provided for in the Criminal Code, a fact the applicant must establish when seeking the warrant. Authorities must also satisfy the Court that issuance is ‘in the best interests of the administration of justice’. ⁸⁷ A general warrant alone, however, would not be sufficient. Law enforcement would also need to obtain a Part IV authorization to use an implant to circumvent encryption and intercept ongoing ‘private communications’ from the target’s device.

The challenge with using internal workarounds to collect evidence is the same problem that plagued the RCMP’s investigation into the Montreal mafia. In Canada, the accused has a right to the disclosure of all relevant information in the possession of the Crown. ⁸⁸ This obligation is not limited to material that will be introduced as evidence, and there is no distinction between inculpatory and exculpatory information. The constitutional premise for the ‘Stinchcombe rule’ is that failure to disclose information in the Crown’s possession impedes an accused’s ability to make full answer and defence which is a fundamental principle of justice protected by s 7 of the Charter. ⁸⁹ Therefore, ‘[u]nless the information is clearly irrelevant, privileged, or its disclosure is otherwise governed by law, the Crown must disclose to the accused all material in its possession’. ⁹⁰

Both the common law and s 37 of the Canada Evidence Act recognize a public interest privilege. ⁹¹ This privilege may be invoked on a case-by-case basis to withhold information related to police investigative techniques where its release could undermine current and future investigations or put officers and civilians at risk. ⁹² Under both the common law and statutory scheme, to order the non-disclosure of relevant information, the trial judge must be satisfied that on balance, the public interest in protecting the material outweighs the public interest in its release. However, where the information at issue is tied directly to the innocence of the accused, as was purportedly the case in Mirarchi, the balance will favour its disclosure.

CSE and vulnerabilities

A final option available to law enforcement and CSIS is to request assistance from Canada’s signals intelligence agency, CSE. When the RCMP or CSIS obtain an authorization to intercept communications that same authorization gives CSE the legal authority to assist the requesting agency in executing the warrant. Whatever terms or conditions imposed on the RCMP or CSIS apply equally to CSE, but the blanket restriction otherwise preventing CSE from directing its collection efforts at Canadians is lifted.

In 2019, CSE released its Equities Management Framework and publicly acknowledged that its analysts seek to ‘identify vulnerabilities in information systems and technologies’ and use them to leverage ‘unique insights for intelligence gathering’. ⁹³ The Establishment made clear that the decision to retain or release identified vulnerabilities is evaluated at least once every 12 months; that decision is based on a series of factors and guided by defined principles. ⁹⁴ Some of the factors include an assessment of the expected intelligence value; the level of technical expertise required to exploit the vulnerability; who else has the capacity to use it against Canadians; whether an ally shared the vulnerability; and the severity of damage that could be caused if a threat actor successfully exploits the vulnerability. ⁹⁵

Still, if CSE used a discovered vulnerability to decrypt communications, that fact, and potentially the vulnerability itself, would be subject to Stinchcombe disclosure in a criminal proceeding unless the Attorney-General could justify withholding it based on (most commonly) another Canada Evidence Act privilege: national security privilege. Section 38 of the Canada Evidence Act sets out a regime for preventing the release of sensitive information that if disclosed, could injure international relations, national defence or national security. Unlike s 37 public interest privilege, which is considered by the trial judge, s 38 claims are adjudicated by a designated judge of the Federal Court in entirely separate proceedings, often assisted by amicus curiae. That judge is then asked to balance the relevant public interests without the full knowledge of the criminal proceedings. Given the risk that non-disclosure may prompt the criminal trial judge to stay the criminal charges, this Federal Court balancing process may result in the sensitive technique being released where, as in Mirarchi, understanding that technique is required to test the accuracy of the communication at issue in the trial.

Lawful hacking may, therefore, be a one-time only solution—once deployed in a criminal investigation, the technique may well end up revealed in open court. In these circumstances, intelligence services may be reluctant to assist law enforcement in decryption efforts for fear that their own intelligence gathering activities, dependent on vulnerabilities, will be degraded by disclosure.