The five eyes spy agencies are continuing to push for backdoor access to encryption. This in the wake of another high profile data breach.
Late last month, Capital One suffered a major data breach where 100 million customers had their personal information compromised. That recent data breach has renewed calls that governments should be working to make data safer with better security.
In light of this, it may be surprising to some that there are those that are working to make data less secure. Arguing that things have gotten a bit too secure, the intelligence organizations of the Five Eyes nations are continuing to push to make data less security. They are renewing calls to get backdoor access to all encrypted data. From Naked Security:
In March, Facebook CEO Mark Zuckerberg announced what he framed as a major, more privacy-focused strategy shift, with end-to-end encryption being a key component. He said at the time that the company would develop a highly secure private communications platform based on Facebook’s Messenger, Instagram, and WhatsApp services.
The prospect is unanimously seen as bad news by the Five Eyes nations. Patel’s warnings come on the heels of a two-day Five Eyes meeting she hosted in London along with Geoffrey Cox, the UK’s Attorney General. In attendance were security and law enforcement officials from the Five Eyes nations who said that they were worried about high-tech companies moving to “deliberately design their systems in a way that precludes any form of access to content, even in cases of the most serious crimes.”
In a communique that reportedly came out of the meeting, the Five Eyes nations called for backdoors:
Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.
The call is a renewed effort from back in September 2018 where the spy agencies, again, demanded backdoor access to all encryption. This renewed call is likely made because there is perceived momentum to make the digital world a less secure place.
Last year, Australia rolled under pressure from these organizations and passed anti-encryption laws in a rushed process. The move was universally condemned in the security community. Unsurprisingly, the laws have wound up becoming a disaster on multiple fronts.
Despite all the evidence, Germany and the UK decided to move forward with their own variations of their war on encryption. This led to the United States, as led by the Trump administration, to follow suit.
For the US part, they specifically want to ban all encryption that they cannot crack. This pretty much puts to rest any lingering thoughts that the government is simply going to target messaging apps. It’s not an effort to crack encryption only on communication networks. It’s not, “encryption under these very narrow set of parameters”. This is all encryption that the government cannot crack without exception.
A probably strategy at this point is that, although momentum is on the spy agencies side, pressure must continue to be used. They already have one country that folded under the pressure. There are already three other countries that are beginning to bend under pressure. There shouldn’t be a risk of those countries stepping back and possibly coming to their senses. Additionally, countries that aren’t on board already need to be pressured into following suit in making technology less secure.
If anything, this should serve as another warning shot for the security community. Although there may have been major victories in the past to making the Internet as a whole a more secure place, one cannot rest on their laurels and assume that common sense will prevail in the end. After all, just look at who took the White House three years ago. Assuming things will automatically work out in the end through common sense, checks and balances didn’t exactly work there.
Drew Wilson on Twitter: @icecube85 and Facebook.
