The Impact of Encryption Technologies on Criminal Investigations in Canada: A Balanced Approach to the “Going Dark” Problem in Light of Self-Incrimination and Privacy Considerations

Abstract

Encryption, a method of concealing information from unwanted eyes, has recently become more prevalent in society, following revelations of massive surveillance conducted by governments and the increasing number of attacks on companies holding their customers’ digitized information. Encryption mechanisms have become more sophisticated and widely used by citizens who wish to keep their personal information private and secure. Conversely, criminals have also been using strong encryption mechanisms to hide their wrongdoing, which has made it harder for law enforcement officials to access evidence. This “going dark” phenomenon has impacted both the seizure of “data at rest” (i.e., data that is saved on a device) and the access to “data in transit” (i.e., communication data that is still being transmitted over a network). By examining the technological underpinning of encryption technology and its beneficial impacts on society, this thesis proposes an analytical framework that would allow law enforcement to compel suspects to decrypt their data or devices in specific situations and under strict conditions. This framework is crafted to reflect the unique Canadian experience with the self-incrimination and to harmonize this principle with the protection against unreasonable search and seizure, both found within the Canadian Charter of Rights and Freedoms. Inspiration is drawn from comparable legal systems found within Australia, the United States, and the United Kingdom, while transnational and international considerations are also examined due to the inherent borderless nature of the internet. Essentially, this thesis submits that alternatives to compelled decryption by suspects should be favoured to address the “going dark” problem and that strong encryption should remain available to the public. It is submitted that Parliament should create a strict framework applicable to compelled decryption which would allow law enforcement access to “data at rest” in its decrypted form, when no other alternative exists. It is also submitted that resorting to “lawful hacking” as a method of circumventing encryption applied to “data in transit” should be examined and regulated by Parliament.