Five Eyes nations demand encryption 'backdoors' by-design
Tech companies are being urged to implement encryption-bypassing systems into their services by default
Encrypted services developed by tech companies, such as messaging services, should be designed with ‘safety’ embedded into the software by default, in essence defying the principles of end-to-end encryption.
Vendors should retain the ability to act against illegal content, with law enforcement also able to access content in a readable format where authorisation is lawfully issued, according to a statement released by the Five Eyes nations.
Companies should also engage in consultation with governments and other stakeholders to allow legal access to content in a way that’s substantive and genuinely influences design decisions, representatives from the five nations have demanded.
“While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online,” the statement said.
“We reiterate that data protection, respect for privacy and the importance of encryption as technology changes and global Internet standards are developed remain at the forefront of each state’s legal framework.
“However, we challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.”
The governments of the UK, US, Australia, New Zealand and Canada have long-opposed the principles of end-to-end encryption, particularly on messaging platforms such as WhatsApp.
This is because this level of protection means it’s almost impossible to intercept messages, so communications between two individuals on an encrypted messaging platform will remain unreadable by law enforcement should they have an interest in doing so.
In September 2018, for example, tech giants were handed an ‘ultimatum’ whereby they were told to begin implementing backdoors in encrypted products, or their parliaments will begin legislating for this to be a legal requirement.
Last July, meanwhile, Five Eyes released a statement concluding that tech companies should include mechanisms in the design of their encrypted products and services that allows governments to legally access data within. This is in order to allow law enforcement to gather evidence so they can take action against illegal activity, and illegal content.
The Five Eyes statement, co-signed by representatives from India and Japan, has gone yet one step further and called for a set of formal procedures to be implemented across the industry that will render undermining end-to-end encryption the norm.
The statement adds that lacking any means to bypass end-to-end encryption undermines a company’s own ability to identify and respond to violations of their terms of services. By precluding the ability of law enforcement agencies to access content in limited circumstances, there is also the prospect for severe risk to be posed to the public.
The developers of these systems would argue, however, that privacy is one of the main reasons users choose their product in the first place, and that a backdoor can be accessed by anybody with the know-how, not just the authorities.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now