Five Eyes nations demand encryption 'backdoors' by-design

Tech companies are being urged to implement encryption-bypassing systems into their services by default

Encrypted services developed by tech companies, such as messaging services, should be designed with ‘safety’ embedded into the software by default, in essence defying the principles of end-to-end encryption. 

Vendors should retain the ability to act against illegal content, with law enforcement also able to access content in a readable format where authorisation is lawfully issued, according to a statement released by the Five Eyes nations.

Companies should also engage in consultation with governments and other stakeholders to allow legal access to content in a way that’s substantive and genuinely influences design decisions, representatives from the five nations have demanded. 

“While encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online,” the statement said.

“We reiterate that data protection, respect for privacy and the importance of encryption as technology changes and global Internet standards are developed remain at the forefront of each state’s legal framework. 

“However, we challenge the assertion that public safety cannot be protected without compromising privacy or cyber security.  We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.”

The governments of the UK, US, Australia, New Zealand and Canada have long-opposed the principles of end-to-end encryption, particularly on messaging platforms such as WhatsApp.

This is because this level of protection means it’s almost impossible to intercept messages, so communications between two individuals on an encrypted messaging platform will remain unreadable by law enforcement should they have an interest in doing so.

In September 2018, for example, tech giants were handed an ‘ultimatum’ whereby they were told to begin implementing backdoors in encrypted products, or their parliaments will begin legislating for this to be a legal requirement.

Last July, meanwhile, Five Eyes released a statement concluding that tech companies should include mechanisms in the design of their encrypted products and services that allows governments to legally access data within. This is in order to allow law enforcement to gather evidence so they can take action against illegal activity, and illegal content.

The Five Eyes statement, co-signed by representatives from India and Japan, has gone yet one step further and called for a set of formal procedures to be implemented across the industry that will render undermining end-to-end encryption the norm.

The statement adds that lacking any means to bypass end-to-end encryption undermines a company’s own ability to identify and respond to violations of their terms of services. By precluding the ability of law enforcement agencies to access content in limited circumstances, there is also the prospect for severe risk to be posed to the public.

The developers of these systems would argue, however, that privacy is one of the main reasons users choose their product in the first place, and that a backdoor can be accessed by anybody with the know-how, not just the authorities.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Cisco lands $1 billion defense IT contract
Security

Cisco lands $1 billion defense IT contract

15 Jun 2021
REvil hacking group attacks US nuclear weapons contractor
ransomware

REvil hacking group attacks US nuclear weapons contractor

15 Jun 2021
Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021
Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌
Google Docs

Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌

14 Jun 2021

Most Popular

GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021
WWDC 2021: Apple unveils iOS 15, macOS Monterey and more
iOS

WWDC 2021: Apple unveils iOS 15, macOS Monterey and more

8 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021