Story image

Encryption with backdoors? Internet advocates call out Five Eyes leaders for 'shortsighted' tactics

03 Jul 17

Major internet advocacy organisations such as InternetNZ are asking government officials to defend strong encryption and encryption technologies.

A Five Eyes ministerial meeting was held in Canada last week, in which encryption and major law changes surrounding the topic were in the spotlight.

InternetNZ, the Australian Privacy Foundation, CryptoAustralia, Amnesty International, OpenMedia, NEXTLEAP and alongside 78 other representatives and people from the Five Eyes nations (New Zealand, Australia, Canada, the UK and the US), submitted a joint letter to government officials asking for better transparency.

"We ask you to protect the security of your citizens, your economies, and your governments by supporting the development and use of secure communications tools and technologies, by rejecting policies that would prevent or undermine the use of strong encryption, and by urging other world leaders to do the same," the letter says.

In the joint letter, 83 groups and individuals from the Five Eyes countries wrote "we call on you to respect the right to use and develop strong encryption." Signatories also urged the members of the ministerial meeting to commit to allowing public participation in any future discussions.

According to InternetNZ deputy chief executive Andrew Cushen, the Five Eyes group can affect every single internet user and business worldwide, changing the way we use the internet entirely.

"This encryption debate is playing out all over the world. Some people realise the privacy and security benefits encryption technologies allow and others only see encryption as a tool allowing bad people to do bad things. The fact is that encryption protects everyone's security and privacy and is a vital part of how the Internet works for us all," he says.

He believes that the implications for law enforcement and national security surrounding encryption are legitimate, but there are ways around it.

"That also means it's used by criminals and terrorists. This creates public safety risks and is the reason these debates are happening by officials across the world," he says.

InternetNZ says it firmly believes that encryption is critical to improving online security, but the Five Eyes meetings may be detrimental if they start considering law changes that reduce its effectiveness.

An example of this would be building backdoors into encryption, which would allow authorities to decrypt information 'in certain circumstances'.

The joint letter says that these processes are shortsighted and counterproductive.

"Leaders must not lose sight of the fact that even if measures to restrict access to strong encryption are adopted within Five Eyes countries, criminals, terrorists, and malicious government adversaries will simply switch to tools crafted in foreign jurisdictions or accessed through black markets," it says.

That sentiment is echoed by the chairperson for the New Zealand Council for Civil Liberties, Thomas Beagle.

"We increasingly rely on a secure Internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we don't think we should be seriously weakening the security of the Internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats it's meant to be protecting us from."

The letter asks that:

• Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;

• Governments should not mandate the design or implementation of “backdoors” or vulnerabilities into tools, technologies, or services;

• Governments should not require that tools, technologies, or services are designed or developed to allow for thirdparty access to unencrypted data or encryption keys;

• Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies; and

• Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.

• Strong encryption and the secure tools and systems that rely on it are critical to improving cybersecurity, fostering the digital economy, and protecting users. Our continued ability to leverage the internet for global growth and prosperity and as a tool for organizers and activists requires the ability and the right to communicate privately and securely through trustworthy networks.

Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.