"Five Eyes" issue statement against end-to-end encryption, demand backdoors

[Delicieuxz]

 

'Five Eyes' security alliance calls for access to encrypted material

Quote

After a two-day summit in London, senior ministers from the group comprising the United States and allies Britain, Canada, Australia and New Zealand, said encryption should not come at the expense of the public’s safety.

 

“We are concerned where companies deliberately design their systems in a way that precludes any form of access to content, even in cases of the most serious crimes,” the group said in a statement following the conference.

 

“Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.”

 

The five English-speaking allies have an agreement to share intelligence and techniques for gathering it, a relationship that evolved from a secret World War Two alliance between British and U.S. cypher and code breaking teams.

 

...

 

“The Five Eyes are united that tech firms should not develop their systems and services, including end-to-end encryption, in ways that empower criminals or put vulnerable people at risk,” said British Home Secretary Priti Patel.

 

U.S. President Donald Trump’s attorney general William Barr attracted controversy last week when he complained about how the proliferation of “warrant-proof encryption” was making it easier for criminals to “evade detection”.

 

“Encryption presents a unique challenge. We must ensure that we do not stand by as advances in technology create spaces where criminal activity of the most heinous kind can go undetected and unpunished,” Barr said after the security summit.

 

 

US-led ‘Five Eyes’ intel alliance says end-to-end encryption creates terrorism & child abuse threats

Quote

“Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data,” the Five Eyes – an alliance of intelligence agency directors from the US, UK, Canada, Australia, and New Zealand – declared in an official statement on Tuesday following their annual two-day security summit held in London.

 

This year’s theme – “emerging threats” – saw the smorgasbord of spooks brainstorming possibilities for eavesdropping on popular messaging apps like WhatsApp without rendering the encryption completely worthless, an idea which was central to last year’s meeting as well. This time, the intelligence agencies invited representatives from the tech industry to “collaborate” on a “set of voluntary principles” for interfacing with law enforcement.

 

...

 

Tech companies and even some senior intelligence agency figures have insisted that placing a backdoor in an encrypted platform makes that platform less secure for everyone – including government entities in need of a secure channel for their own communications – and opens the door to exploitation by criminals and (of course) foreign intelligence services. Former NSA director Mike Rogers called encryption “foundational to the future” and dismissed the talk of doing away with it as “a waste of time” in a 2016 Atlantic Council event.

 

But the “encryption problem” has only worsened since last year, with Facebook poised to roll out end-to-end encryption for its Messenger service’s one-billion-plus users. WhatsApp, owned by Facebook, is already encrypted. And other apps like Signal and Telegram are growing in popularity, much to the frustration of intelligence operatives reduced to pressing their noses against the digital glass.

 

...

 

Tech companies were advised to “consider the impacts to the safety of children…when developing their systems and services and deploying encryption,” the Five Eyes warned in their official post-conference statement. “Countering Online Child Sexual Exploitation and Abuse” was the focus of a “digital industry roundtable” that included representatives from Facebook, Microsoft, Google, Snap, Twitter, and Roblox and focused on developing a set of “voluntary principles” to expedite law enforcement activity against child abusers.

 

Aside from the encryption struggle, the Five Eyes also discussed the security risks inherent in 5G (“We recognize the need for a rigorous risk-based evaluation of a range of factors which may include, but not be limited to, control by foreign governments”), the security risks inherent in widespread adoption and commercialization of drones, and – lest anyone forget – the importance of maintaining the integrity of the democratic process free from foreign discord-sowers and discourse-manipulators.

Well, there it is: They're coming after your encryption. So, better encrypt your encryption.

 

For now, they're talking about "voluntary principles" that allow governments access to user information. However, I think people using platforms will prefer to use platforms that offer encryption, and so platforms will see it as a disadvantage to not offer it, which maybe could then lead to the situation of governments forcing backdoors by law.

 

Maybe if encryption is banned, after enough scandals that governments and politicians are the victims of they'll realize that encryption is important and stop their efforts to impede it.

 

 

Related Topic:

 

[Ashley MLP Fangirl]

yeah they are just mad they can't spy on millions of people anymore. 

[TrigrH]

I really don't understand how "encryption should not come at the expense of the public’s safety." makes any sense?

Encryption literally ensures the public’s safety and privacy.

[Taf the Ghost]

The Quantum Computing  "holy grail" has clearly failed. It's been fairly clear for a couple of years that Quantum Computers likely weren't actually going to be able to deliver on the promise of breaking all encryption, but now all of the big players are acting like it'll never happen. That's both a good & bad thing. Good because it means you can still enforce some actual Data Privacy, but also bad because it means they'll be attacking encryption at every step.

[Taf the Ghost]

1 minute ago, TrigrH said:

I really don't understand how "encryption should not come at the expense of the public’s safety." makes any sense?

Encryption literally ensures the public’s safety and privacy.

First there is the Double Speak aspect to it, but the reality is that they're saying the talking points they've been given. The undercurrent, and this is what it's actually all about, is a rather important historical reality: the American Revolution was functionally about 10 Men for most of the early going. A lot of sympathizers, but it was practically on the back of Paul Revere for a while there. While baseline monitoring (see China's Social Credit System) is important for Power & Control, it's really about preventing anyone from actually challenging the current power structures.

 

From a historical perspective, the governments of most Major Powers are extremely weak. The rise of "professional" politicians and large, career-type government employees has created a situation where the leadership are becoming exceedingly imperial against their own populations. You see this reflected in the Brexit situation in the UK. Regardless of the merits of the choice, the voting public rendered one, but the most adamant anti-Brexit forces is the MPs that have to implement it. (Because they won't get invited to dinner parties in Paris.) 

 

As a result, the current power structures are in need of every bit of data they can gather on people. Governments fall to Network Effects, which is what they're really after. They want to be able to isolate groups long before they could seek redress of their grievances. Being obsessed with Internal Enemies is a sign of impending collapse of a "regime", even if it could be decades before it happens. That's what this is all about.

[Arika]

33 minutes ago, Delicieuxz said:

advances in technology create spaces where criminal activity of the most heinous kind can go undetected and unpunished

you "open" one thing, they will just find or create another...something tells me the kind of criminals they are trying to reference are not using "normal" communication methods like Telegram or WhatsApp which makes their entire summit pointless since they can't even imagine the kind of things that are used on the internet.

[Aimi]

"I-it's to stop terrorism, guys... it's for national security..."

Except you rarely, if ever, hear about Orwellian grade spying actually preventing crime.

[TrigrH]

11 minutes ago, Taf the Ghost said:

blah blah murica, blah

???

The way I read it is that the governments place: 

- criminals being able to communicate using encryption 

as a greater security risk than the:

- privacy and safety of the data of the people. (that encryption was designed to protect in the first place)

 

I can see both sides here I just don't agree with the decision, mainly due to the fact that backdoors only cause more harm than good, as they weaken encryption. 

 

Take DRMs like denuvo for example, sure it might keep the hackers/crackers at bay for a few weeks? but nothing is foolproof even encryption itself.

 

[Taf the Ghost]

26 minutes ago, VegetableStu said:

kinda want an ELI5 on the difficulties of implementing the theory to actual hardware o_o

 

minutephysics did a video on the maths on quantum-computer accelerated encryption breaking

My point about Quantum Computing was observational of the way the biggest players are acting. As for what's going on in the QC world, it seems like scale isn't happening anytime soon, no one yet actually knows how to really program for the systems, you need almost as much computing hardware to interpret the information as you'd need to do most of the calculations anyway and, well, non-Quantum attackable encryption has already been in the wild for a number of years.

 

The old Public-Private key encryption systems will simply get phased out at some point in the future. That isn't too surprising, though the fact the NSA hs been producing the largest database of prime numbers since at least the 1970s has always made the assumptions around Public Key encryption somewhat questionable. Even if the math works out.

[RejZoR]

These people must be dumb. Surely. If they think this idiocy has to go through, here is a reminder...

 

The machine below was used to open and reseal letters, used by Stasi to spy on people and eradicate anyone with opposing beliefs or politics. Last time I checked, Stasi operations didn't age too well, just like Nazi regime hasn't... They literally want this shit back. Different medium, same methods. Just fucking don't even try it dumb ass politicians. And stick your think of the children and muh criminals BS up your rear. Find another god damn way that doesn't include mass surveillance on people because you maybe manage to catch 5 criminals as a result.

[mr moose]

Just remember these people are not stupid, they are very intelligent, they know exactly what they are asking for, they know the consequences of it.  They either don't care or they have an ulterior motive that is more important to them.

[mr moose]

11 minutes ago, comander said:

It's stuff like this which makes me critical of the world's governments. 

 

I trust big tech more than big government and I have my share of criticisms (and also compliments) about big tech. 

 

I think we should always be critical of people,  governments more so because it much easier for them to get a way with it. Having said that, nothing is really new under the sun, governments are just as bad today as they were 500 years ago, the only difference is we seem to have less wars and less financial crisis's as time goes on.

[Guest]

Oh it’ll get through too. We have no say. Not even in the news here.

[vanished]

3 hours ago, TrigrH said:

I really don't understand how "encryption should not come at the expense of the public’s safety." makes any sense?

Encryption literally ensures the public’s safety and privacy.

Along the same lines,

Quote

“The Five Eyes are united that tech firms should not develop their systems and services, including end-to-end encryption, in ways that empower criminals

Of course, they fail to realize that adding backdoors empowers criminals as well

 

1 hour ago, mr moose said:

Just remember these people are not stupid, they are very intelligent, they know exactly what they are asking for, they know the consequences of it.  They either don't care or they have an ulterior motive that is more important to them.

I wouldn't be so sure about that.  How does that saying go, "never attribute to malice what can be explained by stupidity", or something like that?  The number of cases that have come up previously about all manner of things are, I think, pretty clear evidence that the majority of all governments are completely tech illiterate.

59 minutes ago, floofer said:

Oh it’ll get through too. We have no say. Not even in the news here.

Isn't that the sad truth.  Somewhere along the way, the concept that the government is chosen and formed by the people to serve them was lost and replaced with them acting as a separate body, in their own interests, often against those they claim to represent and no one seemed to notice.

 

3 hours ago, Aimi said:

"I-it's to stop terrorism, guys... it's for national security..."

Except you rarely, if ever, hear about Orwellian grade spying actually preventing crime.

Another good point.  With how much backlash there is against things like this, you'd think they'd be eager to flaunt the benefits anytime they actually get some good from it and despite that it still doesn't seem to come up that often.

[mr moose]

14 minutes ago, Ryan_Vickers said:

I wouldn't be so sure about that.  How does that saying go, "never attribute to malice what can be explained by stupidity", or something like that?  The number of cases that have come up previously about all manner of things are, I think, pretty clear evidence that the majority of all governments are completely tech illiterate.

 

 

"Never attribute to malice what is adequately explained by stupidity".

 

Unfortunately they have both a an extraordinary amount of information we don't, they have worked in and with many industries getting to the positions they are at,  you don't remain in or become part of the inner circle of government agencies like these when you are a fool.  Stupidity is dangerous at that level. 

 

No, they know what they are doing, they know the consequences.  I don't even think this is malice, it certainly is about control though, we just don't know to what level they need that control, for all we know it might be the lesser of two evils.  At this point everyone's opinion here is just personal conjecture from a limited understanding of what could be a really large problem.

 

 

Besides all that, some people are adamant that they already have all this access, if that's the case why are they asking for it again?  If it only solved trivial matters with petty criminals why would they be wasting their time starting another PR fight with the tech industry drawing attention to themsleves?

[CarlBar]

I think a big part of what is happening here, and needs to be borne in mind, is that intelligance and law enforcement has relied heavily for the last hundred plus years on being able to intercept various forms of communication to do their job. In addition for the longest time if you where involved in activities those agencies cared about you had to interact with actual people producing witnesses, which despite their somewhat dodgy reliability are still a form of surveillance for these types

 

The idea of operating without that capability as the internet has made possibble, (as well as the cross national borders aspects), naturally bothers said agencies. And well terry pratchett made a very good comment. People like that tomorrow will be pretty much the same as today. And the same idea applies to governments and the various apparatus involved therein. They prefer nice predictable comfortable predictable environment to work in and the internet is undermining one of the big cornerstones they've worked with for so long.

 

Which isn't to say that they're right. But i doubt there's ethier malice or stupidity involved in the strictest sense, they just want business as usual to continue because it makes their lives more predictable and easier.

 

Which isn't to say i agree with them, (though i can see some valid arguments that aren't merely comfort related), but between the various other arguments and that it's not hard to see why they're doing this. How successful they'll be is going to be open to debate though. They can mandate what they want but as i've pointed out before, the internet crosses borders and alws like this could quickly run into situations where mutually contradictory laws are applicable to a single event. Thats likely not going to prove trivial to work through and depending on who does what internationally it could get messy. A lot will probably come down to what the tech companies want. If enough of them push back against stuff like thi in various ways they can probably make it not work provided someone, (probably the EU), is willing to back them up n it because if the EU is willing to block attempts to force tech companies or their assets based their to comply with such laws it's going to be really hard short of cutting their internet off from the rest of the world to actually enforce this stuff, and china might have been able to get away with that but i doubt many others will have much luck with trying to get that past their populations.

[S w a t s o n]

The Five Eyes need to go suck 5 dicks. They do realize it's people in these countries that understand encryption best?

[Tristerin]

Those who would trade liberty for safety deserve neither.

[Curious Pineapple]

2 minutes ago, Tristerin said:

Those who would trade liberty for safety deserve neither.

Not always true, I douby a DIY nuclear reactor is in the best interests of anyone

[Neftex]

5 hours ago, Delicieuxz said:

“Countering Online Child Sexual Exploitation and Abuse” was the focus

i dont buy that

[Tristerin]

10 minutes ago, Curious Pineapple said:

Not always true, I douby a DIY nuclear reactor is in the best interests of anyone

Quoting a Founding Father of my Nation, of which one of the Five Eyes were founded on this principle not so long ago in the distance that is time.

 

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety - Benjamin Franklin

[The King of the Undead]

The backdoor sends a encrypted message thats backdoor is it turns back into the first encryption.

[Curious Pineapple]

3 minutes ago, Tristerin said:

Quoting a Founding Father of my Nation, of which one of the Five Eyes were founded on this principle not so long ago in the distance that is time.

 

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety - Benjamin Franklin

That extra word "essential" makes all the difference

[paddy-stone]

Man I hate these stupid fucking politicians. I REALLY want to see them get their private data leaked online for all to see, and then see if they still support having backdoors into encrypted apps etc where it'll then be even easier to have people's data stolen.

 

[BuckGup]

“Encryption should not come before the public's safety” ???? It is public safety