'Five Eyes' ministers call to weaken encryption

News by Rene Millman

Ministers of Five Eyes nations say backdoor in online communication needed to fight crime, experts warn that such a move could let hackers compromise networks

Five Eyes, the anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States, has come out against the use of end-to-end encryption and asked technology firms to install backdoor access to encrypted communications.

After a two-day summit in London, the ministers from the member countries said the efforts of law enforcement agencies to investigate and prosecute the most serious crimes would be "hampered" if the industry carries out plans to implement end-to-end encryption, "without the necessary safeguards".

"The Five Eyes are united that tech firms should not develop their systems and services, including end-to-end encryption, in ways that empower criminals or put vulnerable people at risk," UK home secretary Priti Patel said in the official announcement on 31 July.

The summit was called to discuss current and emerging threats, which could undermine national and global security.

"Encryption presents a unique challenge. We must ensure that we do not stand by as advances in technology create spaces where criminal activity of the most heinous kind can go undetected and unpunished," United States attorney general William P Barr said, speaking at the conclusion of the two-day conference. 

Industry has agreed to collaborate with the Five Eyes governments on a set of voluntary principles, to be drawn up by the end of September, on the steps they will take to combat child sexual exploitation and abuse, including the growing threat of livestreaming of potentially disruptive events.

Government agencies such as the NCSC has been promoting the use of encryption to protect against eavesdropping. The NCSC has also supported an industry drive towards common standards for secure communication.

Moves to weaken encryption by adding backdoors - vulnerabilities placed deliberately to allow third-party access - have been fiercely resisted by tech companies. They said weakening encryption would render communication security ineffective and increase the likelihood of data breaches. 

Calls to weaken encryption, or to place backdoors, are periodically made by ill-informed politicians, Javvad Malik, security awareness advocate at KnowBe4, told SC Media UK.

"However, no matter how hotly this is debated, it can't change the maths behind encryption, which will either work or not. Weakening encryption will do more harm than good, as it will leave all communication vulnerable and allow bad actors to compromise legitimate traffic," he said.

Kevin Bocek, chief security strategist at Venafi, told SC Media UK that this move from Five Eyes could "irreconcilably damage" the foundations of online trust. 

"It is simply impossible for there to be any kind of weaker encryption or ‘good’ backdoor that is only available law enforcement and not hackers or cyber-terrorists. We’ve seen time and time again that the tools of law enforcement wind up on sale and become cyber-weapons themselves. By messing around with encryption, politicians are putting all online trust in jeopardy," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews