US, UK and allies renew call for state backdoors into encrypted digital products

2020-10-15 Writer:9400636758euai

Security services in seven allied countries want to be able to hack into digital products that protect their user’s privacy through end-to-end encryption.

The governments of the US, UK, Canada, Australia, New Zealand, Japan and India all endorsed a public statement concerning end-to-end encryption and public safety. In it, they attempt to balance the apparently contradictory aims of personal privacy and public safety.

They want to be able to hack into the communications of bad guys, but can only do so if the tech companies that provide those services build a special vulnerability into their end-to-end encryption, otherwise known as a backdoor.

“We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security,” opens the statement. “It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the UN Human Rights Council. Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.

“Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content.”

In other words: we’re big fans of encryption, except when it’s done well. We recognise that bad encryption allows the state to abuse its citizens, but if you create a special vulnerability for us, we promise not to abuse it. But don’t extend this facility to repressive states, just give it to us, the goodies.

The UK’s Home Secretary, Priti Patel, has been appalled at this restriction of her ability to spy on her population for some time and was the main driver of the last round of public pressure applied over this matter. That time Facebook was specifically called out and, while this statement doesn’t name Facebook specifically, it’s that company’s continued plans to strengthen the encryption of its messaging services that are the main drivers of this call.

“We owe it to all of our citizens, especially our children, to ensure their safety by continuing to unmask sexual predators and terrorists operating online,” said Patel. “It is essential that tech companies do not turn a blind eye to this problem and hamper their, as well as law enforcement’s, ability to tackle these sickening criminal acts. Our countries urge all tech companies to work with us to find a solution that puts the public’s safety first.”

While the emotive ‘think of the children’ language is fairly cynical, this is a matter that needs to be discussed. It ultimately comes down to how much civil liberty we are prepared to sacrifice in the name of safety. This is an age-old question that always comes to the fore in times of emergency. The COVID-19 crisis has seen extensive restrictions of civil liberties by government, with minimal public accountability.

In many cases those restrictions could reasonably be argued to be justified, but there are also concerns about both how long they will be maintained and the extent to which governments will exploit this climate of fear and acquiescence to grant itself further powers in the name of safety,

China, where the virus originated, seems to have done a great job of keeping it under control, but at what cost to civil liberties? One report indicates COVID-19 has given the Chinese state all the reason it needs to massively increase its mass surveillance operations. If spying on its citizens appeared to improve safety over there, surely western governments will be tempted to try some of those techniques themselves.

It seems clear that Facebook’s own ability to identify and report criminal communications over its platforms will be significantly reduced by the implementation of full end-to-end encryption. That is a legitimate concern, but so is the prospect of everyone else’s privacy being compromised in the name of catching those baddies.

The only way to guarantee individual privacy over digital communications is to make them as secure as possible. Deliberately creating backdoors compromise that security. On top of that, governments are asking us to trust them to use this facility competently and not to abuse powers they think they should be uniquely granted. Their response to the COVID-19 crisis has complicated that request.