Electronic Frontier Canada, together with other members of the Global Internet Liberty Campaign (GILC) -- a coalition of nearly 50 human rights, civil liberties, consumer protection, and computer user groups from more than 15 countries around the world -- today issued an open statement calling for the removal of cryptography controls from the Wassenaar Arrangement, an international agreement that governs the proliferation of offensive military technology. The statement was sent to technical expert representatives of the 33 nations who are signatories to the Wassenaar Arrangement and which is about to be reviewed and renegotiated. (Other signatories to Wassenaar include most European countries, Australia, New Zealand, Japan, and the United States.)
"Cryptography is not a weapon", says David Jones, who is also a computer science professor at McMaster University where he teaches in the Theme School on Science, Technology, and Public Policy. "Cryptography is a defensive technology that allows data to be 'scrambled' using a secret key and can be used to to protect sensitive personal, medical, or financial information. Restrictions on encryption hardware and software have no place in an international arms control agreement."
In compliance with the current version of the Wassenaar Arrangement, the Canadian government prohibits the export of strong encryption products. As a result, Canadian high-tech companies like Entrust, Certicom, Timestep, and KyberPASS are all prevented from selling to foreign customers hardware and software products that offer the best level of privacy and security. A provision known as the 'General Software Note', however, specifies that "public domain" software can be freely exported. "Paradoxically, our government enforces a policy that says we can't sell the fruit of our labours, but on the other hand, we can give it away for free", remarks Jones. "This strikes me as a bizarre foreign policy. Instead of exporting encryption products we end up exporting jobs to other countries that are less restrictive."
Earlier this year, GILC released a report that found, in fact, very few countries impose controls on the use, manufacture, or distribution of encryption products. The report cited the disproportionate influence of various national security agencies in the United States to explain that country's efforts to expand law enforcement authority and restrict the use of encryption.
In today's statement, Electronic Frontier Canada and the Global Internet Liberty Campaign, argued that controls on cryptography can only serve to increase the vulnerability of the information infrastructures on which society is increasingly dependent. The group called upon the assembled delegates of the national signatories to the Wassenaar Arrangement to "recognize the negative impact of existing controls over cryptography products and to remove such restrictions from future revisions of the Arrangement."