Chapter 4: Government Response — The Government’s Response to Lawful Access Challenges — 43^rd Parliament (2019 to 2021)
Special Report on the Lawful Access to Communications by Security and Intelligence Organizations

The Government’s Response to Lawful Access Challenges

43^rd Parliament (2019 to 2021)

151. In October 2020, the Minister of Public Safety and Emergency Preparedness joined his counterparts in the other Five Eyes countries, India, and Japan to publish the “International Statement: End-to-end Encryption and Public Safety,” led by the U.K. ^{Footnote 340} The International Statement was largely a response to Facebook’s March 2019 announcement of its plan to implement end-to-end encryption across its platforms, including Facebook Messenger. ^{Footnote 341} The statement noted that end-to-end encryption impedes police investigations and undermines a company’s “own ability to identify and respond to … illegal content and activity on its platform, including … terrorist propaganda and attack planning.” The statement urged companies to focus “on reasonable, technically feasible solutions” to enable them to read and identify illegal content on their platforms and take action, thereby “facilitating the investigation and prosecution of offences” including by being able to produce “content in a readable and useable format” when presented with a warrant. ^{Footnote 342}

152. In November 2020, the government approved a plan for the Minister of Public Safety and Emergency Preparedness to lead public and stakeholder consultations to support the development of a government policy position on end-to-end encryption and lawful access. ^{Footnote 343} The consultations were intended to inform the government about how to respond to the challenge of encryption as part of its broader strategy to promote Canadian prosperity in a digital world, while protecting privacy and public safety. ^{Footnote 344} According to Public Safety, these consultations ultimately did not proceed because of “stakeholder fatigue” and a concern that proceeding would have had a potentially “adverse effect on responses.” ^{Footnote 345}

153. As noted in Chapter 3, in spring 2021, Canada and the U.S. began formal negotiations towards a Data Access Agreement under the framework of the U.S. CLOUD Act. ^{Footnote 346} Such an agreement would allow law enforcement and security agencies with the requisite authorization to request data, including communications content, from the other country’s CSPs directly, ^{Footnote 347} as shown in Figure 4.1 below. To date, the U.S. has concluded agreements with the U.K. in 2019 and Australia in 2021. ^{Footnote 348} A Canada-U.S. agreement would allow Canada to serve Canadian court orders for stored data or interception directly to U.S. companies as long as the Canadian court order did not “intentionally target” a U.S. person or a person in the U.S., and it would “not be unlawful” for the U.S. companies to comply. ^{Footnote 349} The reverse would also hold, so a U.S. request could not intentionally target a Canadian person or a person in Canada. *** ^{Footnote 350}