Published on the 13/10/2020 | Written by Heather Wright
Andrew Little, Peter Dutton among signatories…
New Zealand and Australia have renewed their calls for back doors in encrypted products and services to enable law enforcement to access citizen data, claiming end-to-end encryption ‘creates severe risk to public safety’.
The call comes via the Five Eyes intelligence association, which also includes the US, UK and Canada.
New Zealand’s Andrew Little – minister responsible for the Government Communications Security Bureau and NZ Security Intelligence Service – and Peter Dutton, Australia’s Minister for Home Affairs, were both signatories for the new missive, which is also being supported by both India and Japan – two countries outside of the Five Eyes alliance.
“Encryption is an existential anchor of trust in the digital world [but] particular implementations of encryption technology pose significant challenges to public safety.”
They want backdoors added not just to end-to-end encrypted apps such as Facebook Messenger and WhatsApp, but in ‘device encryption, custom encrypted applications and encryption across integrated platforms’.
The signatories argue that end-to-end encryption prevents companies from identifying and responding to violations of their own terms and services, while also preventing law enforcement agencies to access the content to ‘investigate serious crimes and protect national security’.
Those actions, the signatories claim, are enabling illegal content and activity on platforms, including child sexual exploitation and abuse, violent crime, terrorist propaganda and attack planning.
It’s an increasing area of focus for governments the world over.
Law enforcement agencies have long complained about the difficulty encrypted communications poses for criminal investigations.
Australia introduced its controversial Assistance and Access Bill in 2018. The so-called Encryption Bill was rushed through both houses of Federal Parliament on the last day of 2018 and asserts that Australian law enforcement and state watchdog groups can demand tech companies create backdoors in their software to provide authorities with access to users’ encrypted messages.
The United States and Europe are also enacting similar laws – and facing similar outcries about them. The Electronic Frontier Foundation has slammed the proposed US Lawful Access to Encrypted Data Act, saying it is more out of touch than many other recent anti-encryption bills it’s fighting. The US plans have been largely paralysed for now, but the EFF says the action has moved to the European Union. In an article last week, the EFF claims leaked documents show a blueprint for how the EU plans to make anti-encryption laws happen within the next year. It would, says EFF, be ‘a drastically invasive step’.
In New Zealand there is legal responsibility under the Telecommunications Interception Capability and Security Act to provide access with proper warrants – including a requirement to take encryption off – but the legislation applies only to organisations operating in New Zealand.
It’s not the first time Five Eyes has tried to get technology companies to agree to installing encryption backdoors in their products and services. Similar statements were released in 2018 and 2019.
In its 2018 statement, Five Eyes threatened that ‘should governments continue to encounter impediments to lawful access to information necessary to aid the protection of citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions’.
The latest international statement stops short of such threats. Instead it reiterates calls for tech companies to work with governments to ‘embed the safety of the public in system designs’ to enable companies to act against any illegal content and to enable law enforcement to access the data ‘in a readable and usable format’.
While Five Eyes is continuing to rail against end to end encryption, it also admits strong encryption ‘plays a crucial role in protection personal data, privacy, intellectual property, trade secrets and cybersecurity’.
“Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems,” the statement says.
“Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.
“Particular implementations of encryption technology, however, pose significant challenges to public safety.”
Pro-privacy advocates note that providing the backdoors opens the door – literally – for abuse in dictatorial and repressive states and can endanger human rights and democracy defenders.
While Five Eyes says its proposal would include safeguards and oversight for law enforcement access, others argue that you can’t have it both ways – end-to-end encryption either exists, or it doesn’t, and once it is broken, it’s broken for all purposes, good or bad.