By Robert Bateman
Governments across the world are calling on technology firms to allow agencies access to private communications, claiming that end-to-end encryption that shuts out law enforcement presents a “severe risk to public safety.”
In a statement, signed Oct. 11, the governments of the U.S., U.K., Australia, New Zealand, Canada, India and Japan argued that software developers should “engage in consultation with governments and other stakeholders” to “embed the safety of the public in system design.”
But experts told Digital Privacy News that the proposals presented an unacceptable risk to individual privacy.
“These countries are outspoken advocates for encryption backdoors, requiring tech companies to build systematic weaknesses in their encryption to allow law enforcement in,” said Daniel Markuson, a digital privacy expert at network provider NordVPN.
“Such attempts endanger the security of everyone who uses online services.”Daniel Markuson, NordVPN.
“Such attempts endanger the security of everyone who uses online services,” he added. “It weakens civil rights like privacy and due process — and it places an unprecedented burden on tech companies to attack the very users they set out to serve.”
No US Response
The U.S. Justice Department did not respond to a request for comment from Digital Privacy News.
U.K. officials, however, shared a 2018 blog post suggesting it was not proposing “weakening encryption or defeating the end-to-end nature of (online services),” but was instead allowing “exceptional access to data where … there is appropriate legal authorization.”
The governments want developers to design software with mechanisms allowing targeted access to user data by authorized third parties while still maintaining end-to-end encryption.
“Privacy advocates successfully argued that there is no such thing as a backdoor that only lets the good guys in,” Markuson said.
“Additionally, not all companies have the technical know-how to safely implement back-doors or other ways to access encrypted content.
“A simple mistake can open the entire product (especially Internet of Things devices), putting the security of people’s homes and organizations at risk,” he said.
“Giving away the security and privacy of the masses is simply too big a price to pay,” Markuson told Digital Privacy News. “Law enforcement agencies have to find alternative ways to tackle criminals behind encrypted channels.
“Actually, encryption makes criminals’ jobs harder rather than easier,” he noted. “More encryption is better for society overall.”
Failed Earlier Efforts
Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project (STOP) in New York said: “Without secure encryption, we cannot have trusted communications over the internet.”
Fox Cahn pointed to previous failed government attempts to create “cryptographic backdoors” that would allow intelligence agencies access to secure communications, such as the “clipper chip,” developed by the National Security Agency in the 1990s.
“Without secure encryption, we cannot have trusted communications over the internet.”Albert Fox Cahn, STOP, New York.
“It only took a short time for people to figure out ways to exploit that backdoor,” he said.
Fox Cahn said that any attempt to undermine encrypted communications would inevitably result in “another way for hackers, other governments and other third parties to exploit the same vulnerability.”
He added that he did not believe that effectively banning end-to-end encryption would be a proportionate means of tackling the crimes cited in the statement, such as child sexual exploitation and terrorism.
“This is like trying to put a government ‘kill switch’ in every car in the country — because we know that cars are sometimes used as getaway vehicles for bank robbers,” he said.
“Just because this technology can be abused, that doesn’t mean that we need to destroy all of the potential it has to provide secure communications.”
Fox Cahn also pointed out that governments have “a track record of developing surveillance tools in the name of supposedly protecting victims of sex crimes, only to find out from the survivors of those attacks that we’re making things worse.”
He referenced the 2018 FOSTA-SESTA bill in the U.S., which sought to curtail web platforms’ perceived facilitation of sex trafficking.
Abuse survivors and law enforcement agencies have criticized the laws for making sex-trafficking harder to prosecute.
‘Same Terrible Ideas’
Karen Gullo, writer and analyst for the Electronic Frontier Foundation, said she did not believe it was possible to facilitate law enforcement agencies’ access to communications while still preserving individual privacy.
“The statement relays more of the same terrible ideas we’ve heard from the Department of Justice and the FBI about backdoors to encryption,” Gullo told Digital Privacy News. “Neither agency is credible on this issue.”
She alleged that the agencies had “a long track record of exaggeration and even false statements in support of their position.
“The statement relays more of the same terrible ideas we’ve heard from the Department of Justice and the FBI … .”Karen Gullo, Electronic Frontier Foundation.
“The attorney general has claimed that the tech sector will design a backdoor for law enforcement that will stand up to any unauthorized access, ignoring the broad technical and academic consensus in the field that this risk is unavoidable.
“Encryption with special access for select entities is just broken encryption,” Gullo said.
“Security backdoors for law enforcement will be used by oppressive regimes and criminal syndicates, putting everyone’s security at risk.”
Robert Bateman is a writer in Brighton, U.K.