The Five Eyes Alliance, along with India and Japan, have called for technology companies to enable backdoors in their encrypted systems so that law enforcement authorities can access content related to child sexual exploitation and abuse, violent crime, terrorist propaganda, and attack planning.
In a joint statement on the question of end-to-end encryption and public safety, the United States, the UK, Australia, New Zealand, Canada, India, and Japan said technology companies must apply encryption around user communications in a way that allows law enforcement agencies to respond to various crimes such as the exploitation of children and terrorist activities.
The joint statement read that even though the governments support strong encryption which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets, and cyber security, absolute encryption that prevents companies from moderating content and facilitating the investigation and prosecution of offences will only encourage criminals and terrorists.
The alliance urged technology companies to “enable law enforcement access to content in a readable and usable format where authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight” and to “engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.”
The governments added that end-to-end encryption, that precludes lawful access to the content of communications in any circumstances, will also severely undermine companies’ own ability to identify and respond to violations of their terms of service and will prevent them from responding to serious illegal content and activity on their platforms, such as child sexual exploitation and abuse, violent crime, terrorist propaganda, and attack planning.
“In light of these threats, there is increasing consensus across governments and international institutions that action must be taken: while encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online.
“The WePROTECT Global Alliance, NCMEC and a coalition of more than 100 child protection organisations and experts from around the world have all called for action to ensure that measures to increase privacy – including end-to-end encryption – should not come at the expense of children’s safety,” the statement read.
“While this statement focuses on the challenges posed by end-to-end encryption, that commitment applies across the range of encrypted services available, including device encryption, custom encrypted applications and encryption across integrated platforms.
“We challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.”
Commenting on the latest statement issued by the Five Eyes Alliance as well as by India and Japan, Tim Mackey, principal security strategist at Synopsys CyRC, said that while governments are correct in their assessment that criminals are using encryption technologies to further their activities, implementing a legislative remedy to this problem creates a different challenge – laws move slower than technology.
“This means that the legislative remedy could easily turn out to be an exploitable vulnerability that is embedded within all systems and as such very difficult to address,” he added.