Security news that informs and inspires

Five Eyes Countries Press for Encryption Laws

The governments that run the most powerful group of cooperating intelligence agencies in the world are flexing their collective muscle on the issue of encryption, saying in a new statement that if technology companies don’t find a way to provide so-called lawful access solutions to encrypted devices, legislation will be coming.

The statement comes after a meeting of officials from the United States, U.K., Canada, Australia, and New Zealand, which make up the group known as Five Eyes. The countries share intelligence as well as some assets, and one of the challenges that intelligence and law enforcement agencies in these countries face is gaining access to potential evidence on encrypted devices and communications. It’s not a new problem, but the easy access people have now to strong encryption on mobile devices and apps has made it a significant challenge for law enforcement and intelligence agencies.

There have been years of public debates about this topic in the U.S., U.K. and other countries, without much in the way of progress. In their statement, the Five Eyes governments said that if they can’t make any headway with technology companies to provide backdoor access, then they will go a different way.

“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions,” the statement says.

This is not the first, or even the tenth, time that the specter of legislation to regulate access to encrypted communications or devices has appeared in the mirror. There have been any number of attempts to find a legislative answer to this problem, none of which has worked. But that hasn’t stopped lawmakers from continuing to try. Technologists and cryptographers have consistently maintained that there is no way to create a backdoor or exceptional access mechanism that could only be used by legal authorities without exposing users to increased risk of attack.

"We may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions."

Still, law enforcement officials have continued to insist that technology companies create a way to make this happen. As recently as March, FBI Director Christopher Wray said that tech companies should be able to find a way to give law enforcement access to encrypted devices.

“We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both. I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available. But I just don’t buy the claim that it’s impossible,” Wray said.

The statement from the Five Eyes governments last week acknowledges the value of encryption for protecting users’ security and privacy, but stresses that the same technologies are in use by criminal and terrorist organizations. This is the crux of the argument that law enforcement agencies have been making for decades, and it’s only become more persistent with the ready availability of encrypted messaging apps and other technologies in recent years.

“Encryption is vital to the digital economy and a secure cyberspace, and to the protection of personal, commercial and government information,” the statement says.

“However, the increasing use and sophistication of certain encryption designs present challenges for nations in combating serious crimes and threats to national and global security. Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution.”