sb-eu logo
Story image

Encryption with backdoors? Internet advocates call out Five Eyes leaders for 'shortsighted' tactics

03 Jul 2017

Major internet advocacy organisations such as InternetNZ are asking government officials to defend strong encryption and encryption technologies.

A Five Eyes ministerial meeting was held in Canada last week, in which encryption and major law changes surrounding the topic were in the spotlight.

InternetNZ, the Australian Privacy Foundation, CryptoAustralia, Amnesty International, OpenMedia, NEXTLEAP and alongside 78 other representatives and people from the Five Eyes nations (New Zealand, Australia, Canada, the UK and the US), submitted a joint letter to government officials asking for better transparency.

"We ask you to protect the security of your citizens, your economies, and your governments by supporting the development and use of secure communications tools and technologies, by rejecting policies that would prevent or undermine the use of strong encryption, and by urging other world leaders to do the same," the letter says.

In the joint letter, 83 groups and individuals from the Five Eyes countries wrote "we call on you to respect the right to use and develop strong encryption." Signatories also urged the members of the ministerial meeting to commit to allowing public participation in any future discussions.

According to InternetNZ deputy chief executive Andrew Cushen, the Five Eyes group can affect every single internet user and business worldwide, changing the way we use the internet entirely.

"This encryption debate is playing out all over the world. Some people realise the privacy and security benefits encryption technologies allow and others only see encryption as a tool allowing bad people to do bad things. The fact is that encryption protects everyone's security and privacy and is a vital part of how the Internet works for us all," he says.

He believes that the implications for law enforcement and national security surrounding encryption are legitimate, but there are ways around it.

"That also means it's used by criminals and terrorists. This creates public safety risks and is the reason these debates are happening by officials across the world," he says.

InternetNZ says it firmly believes that encryption is critical to improving online security, but the Five Eyes meetings may be detrimental if they start considering law changes that reduce its effectiveness.

An example of this would be building backdoors into encryption, which would allow authorities to decrypt information 'in certain circumstances'.

The joint letter says that these processes are shortsighted and counterproductive.

"Leaders must not lose sight of the fact that even if measures to restrict access to strong encryption are adopted within Five Eyes countries, criminals, terrorists, and malicious government adversaries will simply switch to tools crafted in foreign jurisdictions or accessed through black markets," it says.

That sentiment is echoed by the chairperson for the New Zealand Council for Civil Liberties, Thomas Beagle.

"We increasingly rely on a secure Internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we don't think we should be seriously weakening the security of the Internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats it's meant to be protecting us from."

The letter asks that:

• Governments should not ban or otherwise limit user access to encryption in any form or otherwise prohibit the implementation or use of encryption by grade or type;

• Governments should not mandate the design or implementation of “backdoors” or vulnerabilities into tools, technologies, or services;

• Governments should not require that tools, technologies, or services are designed or developed to allow for thirdparty access to unencrypted data or encryption keys;

• Governments should not seek to weaken or undermine encryption standards or intentionally influence the establishment of encryption standards except to promote a higher level of information security. No government should mandate insecure encryption algorithms, standards, tools, or technologies; and

• Governments should not, either by private or public agreement, compel or pressure an entity to engage in activity that is inconsistent with the above tenets.

• Strong encryption and the secure tools and systems that rely on it are critical to improving cybersecurity, fostering the digital economy, and protecting users. Our continued ability to leverage the internet for global growth and prosperity and as a tool for organizers and activists requires the ability and the right to communicate privately and securely through trustworthy networks.

Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
BT Security shakes up roster of vendors after 'largest ever' partner review
BT says the decision to review their security partner base was driven by the recognition that many customers find it difficult to navigate today’s complex security landscape, as well as customers’ desire to have a ‘leaner set of partners’.More
Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More