Five Eyes nations demand encryption 'backdoors' by-design

Tech companies are being urged to implement encryption-bypassing systems into their services by default

Encrypted services developed by tech companies, such as messaging services, should be designed with ‘safety’ embedded into the software by default, in essence defying the principles of end-to-end encryption. 

Vendors should retain the ability to act against illegal content, with law enforcement also able to access content in a readable format where authorisation is lawfully issued, according to a statement released by the Five Eyes nations.

Companies should also engage in consultation with governments and other stakeholders to allow legal access to content in a way that’s substantive and genuinely influences design decisions, representatives from the five nations have demanded. 

“While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online,” the statement said.

“We reiterate that data protection, respect for privacy and the importance of encryption as technology changes and global Internet standards are developed remain at the forefront of each state’s legal framework. 

“However, we challenge the assertion that public safety cannot be protected without compromising privacy or cyber security.  We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.”

The governments of the UK, US, Australia, New Zealand and Canada have long-opposed the principles of end-to-end encryption, particularly on messaging platforms such as WhatsApp.

This is because this level of protection means it’s almost impossible to intercept messages, so communications between two individuals on an encrypted messaging platform will remain unreadable by law enforcement should they have an interest in doing so.

In September 2018, for example, tech giants were handed an ‘ultimatum’ whereby they were told to begin implementing backdoors in encrypted products, or their parliaments will begin legislating for this to be a legal requirement.

Last July, meanwhile, Five Eyes released a statement concluding that tech companies should include mechanisms in the design of their encrypted products and services that allows governments to legally access data within. This is in order to allow law enforcement to gather evidence so they can take action against illegal activity, and illegal content.

The Five Eyes statement, co-signed by representatives from India and Japan, has gone yet one step further and called for a set of formal procedures to be implemented across the industry that will render undermining end-to-end encryption the norm.

The statement adds that lacking any means to bypass end-to-end encryption undermines a company’s own ability to identify and respond to violations of their terms of services. By precluding the ability of law enforcement agencies to access content in limited circumstances, there is also the prospect for severe risk to be posed to the public.

The developers of these systems would argue, however, that privacy is one of the main reasons users choose their product in the first place, and that a backdoor can be accessed by anybody with the know-how, not just the authorities.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
CMS platforms succumb to KashmirBlack botnet as businesses rush online
Security

CMS platforms succumb to KashmirBlack botnet as businesses rush online

22 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020