Chapter 3: Lawful Access Challenges
Special Report on the Lawful Access to Communications by Security and Intelligence Organizations

Table of Contents

How Security Organizations Intercept Communications

102. *** ^{Footnote 233} According to the RCMP, lawful access tools and equipment do not introduce any changes to the network itself; rather these tools are designed to capture data that is either already collected and stored by the CSP as part of their day-to-day business activities or accessible to the CSP by virtue of the type of service provided, such as Internet services. ^{Footnote 234}

103. Data is segregated to ensure that a requesting agency only receives the data it is lawfully authorized to see. ^{Footnote 235} *** ^{Footnote 236} ***

*** ^{Footnote 237} ***

104. Intercept capability does not provide exceptional access, or a “backdoor,” to encrypted content. In a system that is intercept capable, the RCMP or CSIS can obtain or intercept the communications from a CSP’s network, but that does not necessarily mean that they are able to read it, as encryption often makes content undecipherable. Some cybersecurity experts and privacy advocates, however, view lawful intercept capability in and of itself as a “backdoor.”

Intercept capability and “backdoors”

Policy debates about how to respond to the challenge of encryption have included proposals that the government could require companies to create exceptional access to encryption programs, or backdoors, for security and intelligence organizations. CCCS defines a backdoor as an “undocumented, private, or less detectable-way of gaining remote access to a computer, bypassing authentication measures, and obtaining access to plaintext.” ^{Footnote 238}

The Citizen Lab states, “[o]nce a backdoor is created, there is no practical guarantee that only state agencies will walk through it. This fundamental flaw makes exceptional access systems an inherent threat to persons who rely on encrypted communications products.” ^{Footnote 239} This view is echoed by many cybersecurity experts. ^{Footnote 240}

CSE told the Committee that it also has a concern with backdoors. While it noted that “there are means of creating technical solutions which are currently considered secure,” ^{Footnote 241} it stated that it would have a concern with legislation compelling CSP’s or software providers to implement backdoors, which could compromise the cybersecurity more generally. ^{Footnote 242}

According to the RCMP, backdoors “create vulnerabilities and can weaken the overall security of a network; they create valid security concerns given the potential for these vulnerabilities to be exploited by criminals or other hostile actors. Recognizing the need to protect sensitive information and maintain individuals’ right to privacy, the RCMP does not advocate for the creation of ‘backdoors’ into CSP’s networks. Instead, it would be safer and more beneficial for law enforcement and national security agencies to be able to leverage the information already accessible by CSPs.” ^{Footnote 243}

Some cybersecurity experts and privacy advocates, however, consider lawful intercept capability a backdoor, citing that there is “no such thing as a security backdoor that is only for the ‘good guys.’” ^{Footnote 244} Others similarly contend that while it might be argued that “surveillance technology can be built securely and without risk of penetration by hostile forces,” the “track record is not encouraging.” ^{Footnote 245}

Neither CSIS or RCMP view intercept capability as a backdoor, because it does not compromise encryption platforms or software. They instead regard the judicially authorized practice of using tools built into a CSP’s system, which are encryption neutral, as using the “front door.”

105. In the absence of legislation for intercept capability, CSIS and the RCMP rely on *** cooperation of CSPs to build and maintain intercept capability. Funding is required to develop and implement intercept solutions, *** ^{Footnote 246} CSIS and the RCMP pay the majority of these costs — which also benefit provincial and municipal police agencies — without a formal mandate to do so. ^{Footnote 247} In 2022, CSIS and the RCMP spent a combined $*** in development and maintenance, and a combined total of $*** in operational costs billed by the CSPs to national security and law enforcement agencies across Canada. ^{Footnote 248}

106. According to CSIS and the RCMP, only ***% of CSP networks in Canada have a technical solution in place to allow for the lawfully authorized interception of communications and related data, and thus would be considered intercept capable, as shown in Table 3.4. The table does not, however, account for differences in the size of networks (i.e., not all networks are equal in terms of market share and users). According to the Canadian Radio-television and Telecommunications Commission, Canada’s five largest CSPs make up more than 87 percent of revenue share. ^{Footnote 249} ***

Table 3.4: Summary of Lawful Interception Capabilities ^{Footnote 250}
Service Category	Number of CSPs	Total Number of networks	Number of individually operated networks (services): Good: Lawful Intercept Capable	Number of individually operated networks (services): Caution: Partially Capable or Under Developed	Number of individually operated networks (services): Bad: Lawful Intercept Gap
***	***	***	***	***	***

Footnotes

Footnote 233

RCMP, “RCMP factual accuracy submission — NSICOP Lawful Access Draft Report,” December 20, 2024.

Return to footnote 233 referrer

Footnote 234

RCMP, “RCMP's Response to NSICOP’s Review of the lawful access to communications by security and intelligence organizations (RFI) #4,” October 18, 2024.

Return to footnote 234 referrer

Footnote 235

CSIS and RCMP, “Not Going Dark: Protecting our collection authorities in a digital world,” April 18, 2024.

Return to footnote 235 referrer

Footnote 236

***

Return to footnote 236 referrer

Footnote 237

***

Return to footnote 237 referrer

Footnote 238

CCCS, “Glossary,” undated.

Return to footnote 238 referrer

Footnote 239

Lex Gill, Tamir Israel, and Christopher Parsons, Shining a Light on the Encryption Debate: A Canadian Field Guide, 2018.

Return to footnote 239 referrer

Footnote 240

Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner, “Keys under doormats: Mandating insecurity by requiring government access to all data and communications,” Massachusetts Institute of Technology Press, July 6, 2015; and Susan Landau, “CALEA Was a National Security Disaster Waiting to Happen,” Lawfare, November 13, 2024.

Return to footnote 240 referrer

Footnote 241