Five Eyes Alliance War Against Encryption: Is Your Privacy Not Private?
Tue, 09/04/2018 – 15:01
The FVEY targets to increase government powers to seek access to otherwise private information when the courts authorized it, a concept known as “lawful access”. Although the involved governments recognize that “Encryption is vital to the digital economy and a secure cyberspace, and to the protection of personal, commercial and government information”, they insist that “the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security”. They go on saying that the same encryption used to protect “personal, commercial and government information” is also used by “criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution”.
The countries’ reasoning is that the same principles have applied to searches of homes and other physical spaces for years, but they face a serious problem. The principles that allow government agencies to search homes don’t give them the ability to access the content of encrypted data.
This argument has been made countless times before with the most notable example in the U.S. being the investigation into the San Bernardino shooting of 2015, when the FBI tried to force Apple to break the encryption on an iPhone owned by one of the shooters. The company refused, saying complying with the request would set precedent and expose flaws in the iPhone’s security that others could exploit.
Despite that, the Five Eyes insist that technology product and service providers have a responsibility to help governments access the data they need. In addition, the ‘Freedom of choice for lawful access solutions’ encourages companies to “voluntarily establish lawful access solutions to their products and services that they create or operate in our countries”. And if they don’t abide by this, the governments “may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
There you have it. The governments are demanding that the tech companies help them voluntarily. Demand and volunteerism are two contradicting terms, which cannot exist in the same sentence. Even their approach to lawful access appears conflicted. Although the communiqué says that “The five countries have no interest or intention to weaken encryption mechanisms”, yet the statement on encryption appears to advocate exactly that. Should encryption be removed during transit to allow Five Eyes access to data, that encryption is weakened.
There have been many other times when concerns about governments forcing tech companies to put backdoors in their products were piqued. The argument is often the same: privacy advocates say encryption is required to allow people to live their lives without invasive government scrutiny, and law enforcement agencies say that offering secure products hinders their investigations. Thus far the privacy advocates have won because it’s simply impossible to guarantee a backdoor would only be used for lawful investigations; anyone could exploit the vulnerability.
Even if the group was careful enough to avoid previous criticisms about their desire for backdoors, the truth is that they are demanding government controlled backdoors even if industry professionals believe that they do not understand the threats to digital privacy. As Jeff Hudson, Venafi CEO commented:
“Simply put: giving the government backdoors to encryption destroys our security and makes communications more vulnerable. Government mandated backdoors will allow cyber criminals to undermine all types of private, secure communications. With all of the rhetoric around the topic of encrypted backdoors, it’s easy to lose sight of the facts—any government that mandates backdoors is no different from the world’s most authoritarian governments. At this moment, citizens in the US, UK and more have basic rights to privacy. But, if governments mandate backdoors that protection goes away.”
The irony is that these encryption technologies, relatively unused during the 2000s, grew exponentially after Edward Snowden’s revelations in 2013. The whistleblower had shown the existence of the massive Internet surveillance system implemented by … the Five Eyes. It is mainly in response to the existence of this vast surveillance system, set up almost without any judicial control that the web giants have begun to massively adopt “end-to-end” encryption.
The Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. The origins of the FVEY can be traced back to the post–World War II period when they developed capabilities like ECHELON to monitor the communications of the former Soviet Union and the Eastern Bloc.
In the long standing war between tech companies and governments over encryption, the latest Five Eyes communiqué and Statement of Principles of Access to Evidence and Encryption add a new chapter.
*** This is a Security Bloggers Network syndicated blog from Rss blog authored by Scott Carter. Read the original post at: https://www.venafi.com/blog/five-eyes-alliance-war-against-encryption-your-privacy-not-private