Five Eyes Pledge to Force Encryption Backdoors: 'Privacy Is Not Absolute'

A long-running security alliance among the governments of the U.S., U.K., Australia, Canada and New Zealand—also known as the Five Eyes—agreed last week that "privacy is not absolute" and custom techniques should be developed to circumvent encryption.

Following officials' annual meeting, known as the Five Country Ministerial (FCM), it was agreed there is an "increasing gap" between the ability of police to access data and the ability to "acquire and use the content of that data" in the courts. Nations complained end-to-end encryption—used in apps such as WhatsApp and Telegram—is also used by terrorists and criminals.

"The inability of intelligence and law enforcement agencies to lawfully access encrypted data and communications poses challenges to law enforcement agencies' efforts to protect communities," reads the official communiqué released August 29, following the meeting in Australia. "Therefore, we agreed to the urgent need for law enforcement to gain targeted access to data."

A new "statement of principles on access to evidence and encryption" said technology companies should be urged to "voluntarily establish lawful access solutions to their products and services." If that is not possible, however, intelligence agencies may take matters into their own hands.

National Security Agency
A sign for the National Security Agency (NSA), US Cyber Command and Central Security Service, is seen near the visitor's entrance to the headquarters of the National Security Agency (NSA). The U.S. is a member of the Five Eyes partnership that met last week. SAUL LOEB/AFP/Getty Images

"Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions," it was agreed.

In the Five Eyes countries, tailored surveillance laws typically give agencies the legal authority to hack into devices in order to access private data. It is one way of getting around encryption, which works by scrambling the content of information so it can only be viewed by sender and receiver.

According to the principles, the governments are attempting to balance privacy and security. They noted that encryption—a method of protecting communications—remains "vital to the digital economy" and there should be no "interest or intention to weaken encryption mechanisms."

Yet from a policing perspective, encryption remains a problem. The FBI has for years marketed the problem as "Going Dark," claiming that agents are losing visibility into criminal groups.

Cybersecurity experts, however, have long warned that creating "backdoor" access into modern devices naturally weakens the security of all users, no matter the intent of the action. There are no easy answers, cryptographers warn.

"Unlike what much of today's political rhetoric says, strong cryptography is essential for our information security," U.S. security expert Bruce Schneier, a leading voice on encryption issues, warned in a blog post last year. "It's how we protect our information and our networks from hackers, criminals, foreign governments, and terrorists. Security vulnerabilities, whether deliberate backdoor access mechanisms or accidental flaws, make us all less secure."

Technology companies offering end-to-end encrypted products stress that they are unable to access user data. The issue came to a head in 2015 as the Feds battled with Apple over access to an iPhone seized from a suspected terrorist involved in that year's San Bernardino shooting.

The stalemate came two years after a whistleblower, Edward Snowden, leaked details of how technology and social media firms had developed government surveillance links. The unprecedented disclosures also highlighted how the Fives Eyes shared communications data.

Snowden worked for the National Security Agency, which alongside British signals intelligence experts at GCHQ, collects and retains telecommunications and internet data.

In 2018, the encryption problem persists. Now, officials have pledged to take steps to give them greater access to secure data. While rhetoric remains strong—exact plans are unclear.

"Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations," the new principles state. "Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute."

But the release conceded: "Governments should recognize that…there will be situations where access to [encrypted] information is not possible, although such situations should be rare."

An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland. In 2013, a whistleblower leaked key details of its surveillance apparatus. NSA/Handout via REUTERS