SecurityBrief Asia logo
Story image

Five Eyes nations want legal access to backdoors to fight 'illegal content'

13 Oct 2020

New Zealand, Australia, the United States, Canada, United Kingdom (Five Eyes) plus India and Japan have this week declared their support for end-to-end encryption - but only if they have a way to legally access that information.

Signatories from each country, including New Zealand’s Minister of Justice & Minister Responsible for both the GCSB & SIS, Andrew Little,  declare that encryption is an ‘existential anchor of trust in the digital world’, and countries shouldn’t try to find ways to exploit that security.

Instead, there should essentially be legal backdoors that law enforcement can use to clamp down on illegal content - so long as these backdoors have the appropriate safeguards and oversight.

They argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation.

They cite research from the WePROTECT Global Alliance - a coalition of countries, tech firms and civil society firms - which claims that public social media and communications platforms are the most-used ways of grooming and meeting children online.

The WePROTECT Global Alliance 2019 Global Threat Assessment claims that in 2018, the US National Center of Missing and Exploited Children found that the Facebook Messenger was used in almost 12 million of the 18.4 million reports of child sexual abuse material. 

"Measures to increase privacy – including end-to-end encryption – should not come at the expense of children’s safety," the signatories state.

As such, they believe the industry should reconsider encryption that blocks any kind of legal access to content.

They believe that technology companies and service providers should also take responsibility for detecting and responding to violations, especially regarding the most serious illegal content like exploitation and abuse, violent crime, and terrorist activities.

Encryption, they argue, undermines these responsibilities and prevents law enforcement from accessing content in cases where it is lawful and necessary.

This is not a new stance - in July 2019, Five Eyes nations strongly recommended that tech companies should provide access to data in a 'readable and usable format' to governments that are acting with appropriate legal authority - all whilst encouraging user safety and taking action against illegal content.

The signatories say that they are committed to developing ‘reasonable’ ways of protecting privacy, enabling technological innovation, defending human rights, and defending cybersecurity.

They also say that it is not the case that public safety needs to compromise these valued, adding that it is possible to protect them with the help of the industry.

There are a few key ways that they suggest legal encryption could be implemented:

  • Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
  • Enable law enforcement access to content in a readable and usable format where authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
  • Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.

“While encryption is vital and privacy and cybersecurity must be protected, that should not come at the expense of wholly precluding law enforcement, and the tech industry itself, from being able to act against the most serious illegal content and activity online.”

Signatories include:

  • New Zealand Minister of Justice, Minister Responsible for the GCSB, and Minister Responsible for the NZSIS, Andrew Little
  • Australian Minister for Home Affairs, Peter Dutton
  • Attorney General of the United States, William P. Barr
  • United Kingdom Secretary of State for the Home Department, Priti Patel
  • Canada Minister of Public Safety and Emergency Preparedness, Bill Blair
  • India
  • Japan.
Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
New wormable Android malware discovered through auto-replies in WhatsApp
Check Point Research has discovered new malware on Google’s Play Store that could spread through WhatsApp messages. More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More