Five Eyes nations demand encryption 'backdoors' by-design

Tech companies are being urged to implement encryption-bypassing systems into their services by default

Encrypted services developed by tech companies, such as messaging services, should be designed with ‘safety’ embedded into the software by default, in essence defying the principles of end-to-end encryption. 

Vendors should retain the ability to act against illegal content, with law enforcement also able to access content in a readable format where authorisation is lawfully issued, according to a statement released by the Five Eyes nations.

Companies should also engage in consultation with governments and other stakeholders to allow legal access to content in a way that’s substantive and genuinely influences design decisions, representatives from the five nations have demanded. 

“While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online,” the statement said.

“We reiterate that data protection, respect for privacy and the importance of encryption as technology changes and global Internet standards are developed remain at the forefront of each state’s legal framework. 

“However, we challenge the assertion that public safety cannot be protected without compromising privacy or cyber security.  We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.”

The governments of the UK, US, Australia, New Zealand and Canada have long-opposed the principles of end-to-end encryption, particularly on messaging platforms such as WhatsApp.

This is because this level of protection means it’s almost impossible to intercept messages, so communications between two individuals on an encrypted messaging platform will remain unreadable by law enforcement should they have an interest in doing so.

In September 2018, for example, tech giants were handed an ‘ultimatum’ whereby they were told to begin implementing backdoors in encrypted products, or their parliaments will begin legislating for this to be a legal requirement.

Last July, meanwhile, Five Eyes released a statement concluding that tech companies should include mechanisms in the design of their encrypted products and services that allows governments to legally access data within. This is in order to allow law enforcement to gather evidence so they can take action against illegal activity, and illegal content.

The Five Eyes statement, co-signed by representatives from India and Japan, has gone yet one step further and called for a set of formal procedures to be implemented across the industry that will render undermining end-to-end encryption the norm.

The statement adds that lacking any means to bypass end-to-end encryption undermines a company’s own ability to identify and respond to violations of their terms of services. By precluding the ability of law enforcement agencies to access content in limited circumstances, there is also the prospect for severe risk to be posed to the public.

The developers of these systems would argue, however, that privacy is one of the main reasons users choose their product in the first place, and that a backdoor can be accessed by anybody with the know-how, not just the authorities.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

Geico data breach leads to stolen driver’s license numbers
data breaches

Geico data breach leads to stolen driver’s license numbers

21 Apr 2021
UK’s IoT security regulation will also include smartphones
Internet of Things (IoT)

UK’s IoT security regulation will also include smartphones

21 Apr 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021