IT West Ltd

From the blog

News from IT West

‘Five Eyes’ Demand Back Door Access To Encrypted Services … Or Else

The frustration of the so-called ‘Five Eyes’ governments in not being allowed access to end-to-end encrypted apps such as WhatsApp has boiled-over into the threat of enforcement via legislative (or other) measures.

Who Are The ‘Five Eyes’?

The so-called ‘Five Eyes’ refers to the intelligence alliance of the governments of the UK, US, Canada, Australia, and New Zealand. Dating back to just after World War 2, the alliance is now secured by the UKUSA Agreement, a treaty for joint cooperation in signals intelligence.

What’s The Problem?

The argument from the government perspective is that end-to-end encryption in apps such as WhatsApp and services such as Google is preventing them from gaining access to conversations of criminals, terrorists and organized crime groups, and that tech companies are refusing to build ‘back doors’ into these services to enable governments to snoop.

The argument from tech companies that use end-to-end encryption in their services is that they are private companies with a duty and responsibility to protect the personal details of their customers, to protect the free speech that takes place on their platforms, and to prevent the likely loss of customers / users and damage to their brand and image if they were known publicly to be allowing government snooping. Also, tech companies argue that if ‘back doors’ are built into supposedly encrypted and secure services, then they are no longer secure or fully encrypted, and they could be accessed by cyber-criminals, thereby posing a security threat to users.

Example

Former Home Secretary Amber Rudd (since replaced by Sajid Javid) was particularly vocal about the subject, and pressed for a back door to be built-in to WhatsApp and other encrypted messaging services after the London terror attacks in 2017 and after it was discovered that terrorist Khalid Masood, who killed four people outside parliament had used WhatsApp a few minutes before he launched his attack.

Also, an assessment by the UK’s National Crime Agency (NCA) earlier this year said that that encryption impacts how effective law enforcement organisations can be in gathering intelligence and collecting evidence. This is particularly topical in the UK now, since Facebook recently refused to give the login details of a murder suspect to police, who are investigating the murder of Lucy McHugh.

Threats From The Five Eyes

The Five Eyes are reported to have warned that if the tech industry does not voluntarily establish lawful access to their products e.g. back doors they may pursue enforcement, via legislative or other measures in order to guarantee entry.

The Five Country Ministerial (FCM) has also concluded that the industry needs to implement functions that prevent illicit and harmful content from being uploaded in the first-place, and build user safety into the design of all online platforms.

What Does This Mean For Your Business?

While it sounds reasonable and understandable that law enforcement and intelligence services would like to be able to have access to encrypted apps and services in the interests of national security in fighting terrorism and reducing crime, building in back doors to encryption means that it’s no longer encrypted and secure. These ‘back-doors’ could also, therefore, be accessed by cyber-criminals, thus causing a security threat to millions of users, most of whom aren’t terrorists or criminals. A security breach (e.g. using a back-door) could also cause major damage to the app / service-providing company in fines, lost customers/revenue and bad publicity.

There is also an argument that the privacy of users of currently encrypted apps and services could be compromised in a ‘big brother’ style way as governments and intelligence agencies are given carte blanche to snoop, and are unlikely to be transparent about just what they are snooping on. Many privacy campaigners feel that we already have enough surveillance e.g. CCTV and the power granted by the Investigatory Powers Act (aka the ‘Snoopers Charter’).

Tech companies have good commercial and other reasons for not budging in their stance, while governments can also provide convincing arguments for the building of back-doors. As with so many other powerful private companies such as the tech companies, it may take the threat of (or actual) imposed regulation and legislation to make them give any ground in an argument that is likely to run further yet.