Five Eyes intelligence community pledges to pursue encryption backdoors

News by Tom Reeve

International intelligence cooperation organisation Five Eyes says its governments would seek access to encrypted communications through whatever means necessary if tech companies 'impede' access.

Members of the Five Eyes group of countries have pledged to pursue domestic powers in their respective countries enabling them to access encrypted electronic communications in the face of continued opposition from the technology community.

The pledge, which could involve new legislation, was contained in a statement of principles released last week following a meeting of the five countries in Australia attended by the attorneys general and interior ministers of the member countries.

Members of Five Eyes are signatories to the United Kingdom - United States of America Agreement (UKUSA) which now includes the UK, USA, Canada, Australia and New Zealand. Created during the second World War, it was not officially disclosed to the public until 2005.

It is seen as the "pre-eminent forum for collaboration among the five countries on domestic security issues". Associate members include Germany, Denmark, France, the Netherlands, Norway, Belgium, Italy, Spain and Sweden.

In a joint statement, the five members said the growing sophistication of encryption is a challenge to law enforcement and the intelligence services investigating terrorism, organised crime and child sexual abuse.

It warned that technology companies are subject to the law including the requirement to "assist authorities to lawfully access data, including the content of communications". Five Eyes believes that situations in which access to information is not possible due to technical constraints should be rare.

The five governments warned that if technology companies continued to impede them, they would take other measures to obtain access including "technological, enforcement, legislation or other measures to achieve lawful access solutions".

The statement said: "The increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention and informed discussion on the complexity of the issues and interests at stake. Otherwise, court decisions about legitimate access to data are increasingly rendered meaningless, threatening to undermine the systems of justice established in our democratic nations.

"Each of the Five Eyes jurisdictions will consider how best to implement the principles of this statement, including with the voluntary cooperation of industry partners."

Last year, the then-Home Secretary Amber Rudd called on WhatsApp and other secure messaging services to drop end-to-end encryption. Writing in the Daily Telegraph, she said: "Real people often prefer ease of use and a multitude of features to perfect, unbreakable security."

Although the Five Eyes statement did not specify a technological solution to the problem, it is widely understood in the tech community that access to encrypted communications and data implies the creation of backdoors, deliberately engineered flaws in encryption designed to enable law enforcement and intelligence agencies to gain access without the cooperation of the data owner.

Alan Duric, CTO and co-founder at Wire, fears that backdoors would only create a potential point of entry for malicious actors. "Backdoor access to encrypted messaging is nothing but a backward step in security," he said.

He told SC, "Leaving the back door to encrypted messages ajar for malicious actors places businesses at even further risk for hacking attempts, and places sensitive information and intellectual property in danger amidst fears of growing industrial espionage, in particular for companies from the pharmaceutical, automotive and industrial sectors."

Jeff Hudson, CEO at Venafi, told SC that backdoors are a "terrible idea". By calling for backdoors, Five Eyes either does not understand security or does not care about it, he said.

"Our collective ability to secure data as it is transmitted around the internet is the only mechanism we can count on for privacy. Once a backdoor is created, it is almost immediately taken advantage of by criminals and cyber-terrorists and there goes privacy and security," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews