The “Five Eyes” Still Can’t See Straight on Encryption
Blog Post
Oct. 15, 2020
Once again, lawmakers from the United States, the United Kingdom, Canada, Australia, and New Zealand (the “Five Eyes” intelligence alliance) have collectively warned about what they claim are the “severe risks” caused by the availability of strong encryption. On Sunday, ministers from these countries, as well as India and Japan, published a statement calling on tech companies to develop mechanisms that would allow law enforcement to access encrypted content, also known as “backdoors.” However, this framing fails to recognize the critical role that encryption plays in protecting users from risks of cyber crime, data theft, and violations of personal privacy.
The arguments made in Sunday’s joint statement are not new, but they are just as dangerous as their predecessors. As much as the latest statement pays lip service to the importance of strong encryption, it also asks companies to weaken encryption in order to “enable law enforcement access to content in a readable and usable format.” End-to-end encryption—the ability to encrypt messages so that they can only be read in plaintext by the sender and recipient, and the most secure form of encryption—is simply not compatible with exceptional access requirements. By pushing companies to “embed the safety of the public in system designs” these lawmakers would ensure that users won’t have access to secure communications. Ordinary citizens use encryption to conduct financial transactions, communicate with colleagues and friends, shop online, or share sensitive information with third-parties like medical professionals. “End-to-end” means that companies who provide the messaging service cannot intercept the communications in the middle and decipher them, which is key to ensuring that malicious third-parties also cannot read those communications. To serve their own interests, the signatories to this joint statement want to weaken the security of millions of everyday users, without considering the consequences.
The Five Country Ministerial has issued similar statements multiple times in the past. This year, they again cited “significant challenges to public safety” posed by encryption—yet another rehashing of the same misguided arguments we have heard from law enforcement in many of these countries before. The nature of the Five Eyes’ intelligence-sharing alliance means that laws to bypass encryption in any one of the countries may provide the others access to some of the data that is collected, so all participants have an incentive to jointly restrict the use of strong encryption. In other words, legislation in one country could provide a backdoor to an encryption backdoor for the other countries. For example, Australia’s Assistance and Access Act could provide Australia’s allies access to encrypted information that they couldn’t acquire under their own domestic laws.
Several of the Five Eyes countries have been pursuing their own attacks against encryption. The U.K.’s intelligence agency, GCHQ, made a proposal that would allow law enforcement to bypass encryption and participant notifications to “silently add a law enforcement participant to a group chat or call.” In May 2019, OTI, in a global coalition letter, explained that the “Ghost Proposal” would undermine encryption and reduce confidence in the security of communications. In October 2019, law enforcement officials in the U.S., the U.K., and Australia made a joint statement criticizing Facebook’s plan to implement end-to-end encrypted messaging, and incorrectly framed encryption as the key tool used by child predators. OTI, with a coalition of more than 100 organizations and experts from around the world, outlined the importance of encryption to privacy, security, and human rights for everyone who uses technology. We have also expressed concerns about the global threats Australia’s Assistance and Access Act 2018 poses to strong encryption, submitting multiple rounds of comments to the Australian Parliamentary Joint Committee on Intelligence and Security. And we have regularly pushed for the recognition of encryption not as a “challenge to public safety” but as a crucial technology to protect the safety of vulnerable groups like journalists, activists, and marginalized communities.
OTI has been an advocate for strong encryption for years, and we have faced attempt after attempt by lawmakers to undermine it. The actions of global lawmakers to pressure tech companies who provide a valuable and essential service to their users are misguided and reckless. We support our allies in civil society and the private sector, as well as many technology and policy experts, who understand the importance of encryption to everyone who uses technology.
*Corrected on November 19, 2020: A previous version of this blog erroneously stated that Germany joined the statement calling on tech companies to develop backdoors. The country was in fact India. We regret the error.