A recently tabled bill requiring an interception capability for all technology sold by Canadian ISPs and wireless carriers passes would discourage IT investment among enterprises and hurt the Canadian technology sector, industry observers argue.
Bill C-285, or the Modernization of Investigative Techniques Act, was re-tabled by Liberal MP Marlene Jennings last month after originally dying upon the call of the 2006 federal election. The proposed legislation aims to make life easier for law enforcement agencies to wiretap new and emerging technologies, such as BlackBerry smart phones.
But some analysts are arguing that the legislation would have a detrimental impact to tech dependant businesses and keep enterprise security experts up at night.
“We’re getting conflicting messages from the government on this front,” Carmi Levy, an independent technology analyst based in London, Ont., said. “The biggest challenge to wireless adoption has been the confidence in their overall level of security. Now you have this proposed act that would essentially give law enforcement a backdoor into any platform.”
He added that making it easier for law enforcement to tap into wireless transmissions will probably bring those same capabilities into the hands of the cyber criminal community. This is certainly not the business-friendly message you want to be sending out to encourage investment in technology during the recession, Levy said.
“Especially since the very same government has placed organizations in the financial services, health care and public sector under increasing regulatory scrutiny to lock down their own security infrastructure.”
Research In Motion Ltd.’s BlackBerry device has been the technology in the crosshairs for many Canadian law enforcers, who have dubbed the device virtually wiretap proof. The smart phone has even been crowned by police as the device of choice for criminals – some of which are setting up there own secure private networks using BlackBerry Enterprise Server.
Brian O’Higgins, co-founder and CTO of Ottawa-based security firm Third Brigade Inc., said while it’s completely understandable for law enforcement agencies to be concerned about tapability, cyber criminals will always be able to adapt to new laws and flock to more secure emerging technologies.
“In the case of BlackBerry, having a Canadian device which is used around the world, should be law enforcement’s dream,” he said.
Levy added the legislation runs the very real risk of “undermining the value proposition of one of Canada’s most successful companies.”
O’Higgins compared the situation to the emergence of the clipper chip in the early 1990s, an encryption device for voice transmissions promoted by the U.S. Government. “They tried to introduce essentially wiretappable encryption that only law enforcement had access to,” he added.
The initiative – which died by 1996 – intended to protect private communications, but at the same time give government agents the ability to decrypt the information if necessary to law enforcement efforts.
“But the question over who has access and control over the law enforcement mechanisms still remains,” O’Higgins said.
“When you’ve got a single point of failure, one guy can find a way to get access and compromise the government application. And the bad guys – they won’t adopt that encryption technology anyway.”
O’Higgins also drew a comparison between Bill C-285 to the efforts of the Chicago police department trying to prohibit automobiles because of their role as getaway cars for bank robbers.
“There are some things you just can’t fight,” he added.
According to Roberta Fox, president at Mount Albert, Ont.-based telecom consultancy Fox Group Technology, the debate doesn’t just stop at BlackBerry either. She said her corporate clients are starting to roll out unified communication applications with softphones and other converged devices. In most cases, they need to have their information even more secure than on a BlackBerry.
“The world is moving toward IP-based platforms and a packet is a packet is a packet, whether it’s video, voice, data, e-mail or SMS,” Fox said. “It doesn’t really matter what the packet is and that’s makes it difficult to tap into – each one gets routed in a different way.”
While Fox admitted that it is not impossible to tap into IP-based phone communications, it would require a lot of investment from government to make those capabilities widely available to law enforcement.
“It’s a question of whether we want government to afford to do that,” she said.
“While I think legislation has to catch up with today’s technologies and protect the citizens, it also can’t hinder businesses in the process. We need to find a balance.”
Levy suggested instead of moving forward with this legislation, the government would be wise to work more closely with vendors like RIM and others to get a better handle on emerging technologies.
“Otherwise, you run the very real risk of casting a chill over an industry that has spent much of the past decade trying to convince people that it’s secure and they should trust technology to build their business with,” he added.