Security

Intelligence agencies need to create lawful access solutions to encrypted services

The Governments of the UK, US, Canada, Australia and New Zealand met in Australia on August 28 and 29, and  have told the tech industry that they should be helping  intelligence agencies by creating lawful access solutions to encrypted services, and warned that governments can always legislate if they don’t.

Following the meeting of the so-called Five Eyes nations, the group issued a joint communiqué and statement of principles claiming that their inability to lawfully access encrypted content risks undermining democratic justice systems.

The group state that while they “are committed to personal rights and privacy, and support the role of encryption in protecting those rights”, that privacy rights are not absolute.

Encryption is vital to the digital economy and a secure cyberspace, and to the protection of personal, commercial and government information.

However, the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security. Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution.

The principles set out in the Five Eyes’ statement seek to stress that law enforcement’s inability to access the content of “lawfully obtained data” is the responsibility of everyone.

Diminished access to the content of lawfully obtained data is not just an issue for Governments alone, but a mutual responsibility for all stakeholders.

Providers of information and communications technology and services – carriers, device manufacturers or over-the-top service providers -– are subject to the law, which can include requirements to assist authorities to lawfully access data, including the content of communications. Safe and secure communities benefit citizens and the companies that operate within them.   

The group issued a veiled threat to tech companies that they may face legislation if they don’t take steps to ensure that they can allow access to ‘appropriate government authorities.’

Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.

The communiqué also follows proposals from the Australian government to introduce laws that would require tech companies to build capabilities into their tech to open access to data. But Australian leaders say the laws would “expressly prevent” the creation of back doors.