Electronic Commerce in Canada

Public Discussion Paper on Setting a Cryptography Policy Framework for Canada

Electronic commerce, the conduct of commercial activities and transactions by means of computer-based information and communications technologies, is at the heart of the information economy and society. By creating the best environment for e-commerce, Canada can become a world leader in this emerging field. The direct benefits of e-commerce for consumers and businesses include:

  • lowering transaction and distribution costs;
  • increasing market access and consumer choice;
  • improving product support and information;
  • growing niche markets; and
  • generating new products, services and business opportunities.

The growth and use of electronic business and commercial transactions will largely depend on creating the right conditions so that consumers and business have confidence and trust that their information and transactions will be safe and secure. They must be reassured about the confidentiality, integrity and authenticity of e-commerce transactions.

Cryptography can help meet these challenges because it provides dependable digital signatures and strong confidentiality services, packaged in a trustworthy, cost-effective, and user-friendly way. Cryptography performs these functions by using digital "keys" (unique combinations of ones and zeros) to encrypt, decrypt and verify information. With cryptography, any type of information — text, data, voice, or images — can be encrypted so that only individuals who hold the right key are able to understand, or decrypt, the message.

Specifically, cryptography provides protection in four key areas:

  1. authentication - proof that parties to a transaction are who they claim to be
  2. non-repudiation - proof that a transaction occurred, or that a message was sent or received (thus one of the parties to the exchange cannot deny that it occurred)
  3. integrity - messages or data cannot be modified without detection
  4. confidentiality - no one but the intended recipient or authorized user can access or read a message or data

Why a New Policy on Cryptography?

There are several reasons why the Government of Canada is undertaking a review of its cryptography policy at this time. The shift from closed to open networks that is now underway poses a number of security challenges including concerns over the authentication of communicating parties, the integrity of data being communicated, the confidentiality of proprietary or personal data, and the assurance that transactions have been authorized by legitimate users. Cryptography is seen as an enabling technology which provides the assurance that consumers and business need in order to have confidence in conducting electronic commerce transactions.

But the very elements that make cryptography attractive for reasons ranging from privacy and human rights to competition and business security can also conceal activities which pose a threat to public safety. Criminals and terrorists can use cryptography to thwart the legally mandated information-gathering abilities of law-enforcement and security agencies. The inability of these agencies to access or to decrypt information could well have a significant impact on the prevention, detection, investigation and prosecution of crime, as well as on Canada s ability to monitor national security threats.

Other countries are also currently examining their encryption policy options. Canada is a global trading nation and an active member of numerous international bodies. Among the factors which must be taken into account in developing a Canadian policy are existing international treaties and agreements, as well as commitments to our allies and the international community. The policy review will also examine the evolving directions of our major trading partners; ensure our industry and economic interests are not disadvantaged, and discourage unnecessary obstacles to global trade and commerce.

Developing a cryptography policy for Canada means weighing multiple objectives such as:

  • achieving secure electronic transactions;
  • accelerating the use of encryption in the private sector;
  • generating jobs and growth through increased international trade and investment;
  • providing lawful access to stored information or real-time communications for security; law enforcement and regulatory purposes; and
  • determining the costs and technical complexity of providing key access; addressing legal, Charter of Rights and Freedoms and jurisdictional issues.

Options for Discussion

In setting a future cryptography policy for Canada, the government is seeking public comment through the means of a discussion paper. This paper, entitled A Cryptography Policy Framework for Electronic Commerce: Building Canada's Information Economy and Society, sets out the various issues and challenges, and requests comment in three areas:

  1. Encryption of Stored Data;
  2. Encryption of Real-Time Communications; and
  3. Export Controls for encryption products.

Each of these areas poses distinct challenges for all stakeholders. The range of possible options suggested for each area clearly indicates that different trade-offs arise.

The federal government is also seeking views on:

  • what should be done to accelerate public access to cryptography services and secure electronic commerce;
  • how to strike a balance among Canada s national security and law enforcement interests, privacy and human rights considerations, and the needs of Canada s business community, including the cryptography industry.

Cryptography and the Federal Government

The government is committed to working closely with the private sector, other levels of government, and other stakeholders to develop and implement policies, standards and protocols for a widespread and seamless electronic commerce system.

The Government of Canada is also looking at ways of using electronic commerce and transactions to conduct business more efficiently and effectively. A Public Key Infrastructure (GOC PKI) initiative is being implemented through the Treasury Board. This initiative will help make electronic transactions the preferred method of doing business in, and with, the federal government by the end of 1998. The government will also be bringing in legislation to legally recognize secure electronic signatures as equal to handwritten signatures and to remove the legal impediments to the use of electronic signatures, evidence and records. Federal departments are increasingly using PKI technologies and establishing certification authorities for electronic applications such as e-mail, data interchange, data base access, and Web interactions.

Implementing a PKI initiative and reviewing Canada's policy on cryptography are among a number of initiatives the Government is undertaking as part of its commitment to making Canada a world-leader in the use of electronic commerce by the year 2000.