Summary
- Encryption legality: Sending encrypted messages is legal, but exporting advanced cryptographic technology is regulated
- American law enforcement: Probably cannot obtain decrypted data due to the Fifth Amendment, though it's an open question
- Canadian law enforcement: Can obtain decrypted data given reasonable grounds and when you are not under investigation (i.e. it's for the purpose of investigating someone else)
Legality of Encryption
As pointed out in the comments, encryption is used daily by many in North America. This happens when browsing the internet, using Skype, electronic banking, etc. In Western countries at least, sending encrypted messages is generally legal.
What is regulated, however, is the export of the crypto-technology itself. This is handled through the Wassenaar Arrangement, an arrangement between 40+ countries, of which Canada and the US are a part. The arrangement deals with the exports of conventional arms and dual-use technologies, including cryptographic technologies. The relevant portion is Control List 5, part 2. It contains an exception in Note 3, essentially stating that widely available cryptographic technologies are left uncontrolled.
American Law Enforcement
As pointed out in the comments, the American perspective has already been addressed on this site. Briefly summarizing Mark's and cpast's answers there:
While the issue has not yet reached the Supreme Court, it appears requesting decrypted data violates the Fifth Amendment. There may be an exception though, when the document's general contents are already known.
Canadian Law Enforcement
In Canada, The general way to compel someone to give documents or data is through a Production Order defined in § 487.014 of the Criminal Code. There are a few types of production orders, but I'll cite the general one:
(1) Subject to [the more specific production orders], on ex parte application made by a peace officer or public officer, a justice or judge may order a person to produce a document that is a copy of a document that is in their possession or control when they receive the order, or to prepare and produce a document containing data that is in their possession or control at that time.
(2) Before making the order, the justice or judge must be satisfied [...] that there are reasonable grounds to believe that (a) an offence has been or will be committed under this or any other Act of Parliament; and (b) the document or data is in the person’s possession or control and will afford evidence respecting the commission of the offence.
There is no specific reference to decryption here, but I believe (1) implies it must be done: if you are able to decrypt a message, you are in possession/control of the data. However:
(4) A person who is under investigation for the offence referred to in subsection (2) may not be made subject to an order.
Because the suspect cannot be subject to the order, the main use case of production orders is to compel third parties to produce documents/data that would aid in prosecution of the suspect.
The third party is afforded some protection under § 487.0196. They cannot refuse the order on the basis of self-incrimination but if the compelled documents/data happen to incriminate the third party in some other offence, that evidence is not admissible against them (except for cases of perjury). Note that this is very similar to the provisions provided for in Charter sections 11(c) and 13.
Self Incrimination Note
Tangentially, this answer touched on a key difference in self-incrimination law between Canada and the US. In the US, you can plead the Fifth in any criminal proceeding. In Canada, you can only do so in your own, though what you reveal otherwise is not later admissible against you.
