Story image

Encryption with backdoors? Internet advocates call out Five Eyes leaders for 'shortsighted' tactics

03 Jul 2017

Major internet advocacy organisations such as InternetNZ are asking government officials to defend strong encryption and encryption technologies.

A Five Eyes ministerial meeting was held in Canada last week, in which encryption and major law changes surrounding the topic were in the spotlight.

InternetNZ, the Australian Privacy Foundation, CryptoAustralia, Amnesty International, OpenMedia, NEXTLEAP and alongside 78 other representatives and people from the Five Eyes nations (New Zealand, Australia, Canada, the UK and the US), submitted a joint letter to government officials asking for better transparency.

"We ask you to protect the security of your citizens, your economies, and your governments by supporting the development and use of secure communications tools and technologies, by rejecting policies that would prevent or undermine the use of strong encryption, and by urging other world leaders to do the same," the letter says.

In the joint letter, 83 groups and individuals from the Five Eyes countries wrote "we call on you to respect the right to use and develop strong encryption." Signatories also urged the members of the ministerial meeting to commit to allowing public participation in any future discussions.

According to InternetNZ deputy chief executive Andrew Cushen, the Five Eyes group can affect every single internet user and business worldwide, changing the way we use the internet entirely.

"This encryption debate is playing out all over the world. Some people realise the privacy and security benefits encryption technologies allow and others only see encryption as a tool allowing bad people to do bad things. The fact is that encryption protects everyone's security and privacy and is a vital part of how the Internet works for us all," he says.

He believes that the implications for law enforcement and national security surrounding encryption are legitimate, but there are ways around it.

"That also means it's used by criminals and terrorists. This creates public safety risks and is the reason these debates are happening by officials across the world," he says.

InternetNZ says it firmly believes that encryption is critical to improving online security, but the Five Eyes meetings may be detrimental if they start considering law changes that reduce its effectiveness.

An example of this would be building backdoors into encryption, which would allow authorities to decrypt information 'in certain circumstances'.

The joint letter says that these processes are shortsighted and counterproductive.

"Leaders must not lose sight of the fact that even if measures to restrict access to strong encryption are adopted within Five Eyes countries, criminals, terrorists, and malicious government adversaries will simply switch to tools crafted in foreign jurisdictions or accessed through black markets," it says.

That sentiment is echoed by the chairperson for the New Zealand Council for Civil Liberties, Thomas Beagle.

"We increasingly rely on a secure Internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we don't think we should be seriously weakening the security of the Internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats it's meant to be protecting us from."

The letter asks that:

• Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;

• Governments should not mandate the design or implementation of “backdoors” or vulnerabilities into tools, technologies, or services;

• Governments should not require that tools, technologies, or services are designed or developed to allow for thirdparty access to unencrypted data or encryption keys;

• Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies; and

• Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.

• Strong encryption and the secure tools and systems that rely on it are critical to improving cybersecurity, fostering the digital economy, and protecting users. Our continued ability to leverage the internet for global growth and prosperity and as a tool for organizers and activists requires the ability and the right to communicate privately and securely through trustworthy networks.

IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.