Representatives of the “Five Eyes” states, a long-standing security alliance between the United States, United Kingdom, Canada, Australia, and New Zealand, released a statement of principles concerning access to evidence and the role of encryption, at the conclusion of the Five Country Ministerial meetings, held 29-30 August 2018 in Australia.
The memorandum affirms that “the governments of the United States, the United Kingdom, Canada, Australia, and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights.”
Despite this assurance, the memorandum also notes agreement among the five states that the right of “privacy is not absolute,” and calls on tech providers to voluntarily “create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.”
They also warned that “should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
In the Five Eyes countries, intelligence and law enforcement agencies have tailored legal authority to hack into devices in order to access private data as part of criminal investigations and in anti-terrorist operations. The memorandum warns, however, of an “increasing gap” between the ability of law enforcement officials to acquire data and their ability to circumvent end-to-end encryption increasingly used in applications such as WhatsAp and Telegram.
The Five Eyes states agreed to three general principles:
- Governments and tech providers share mutual responsibility for the problems associated with diminished access to the content of lawfully obtained data.
- The rule of law and due process should continue to be paramount values.
- Tech companies should have freedom of choice with respect to lawful access solutions, and should create customized access solutions tailored to their specific system architectures, rather than government dictating compliance with a particular technology.
The Five Eyes statement runs counter to IEEE’s position in support of strong encryption, which opposes efforts by governments to “restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as ‘backdoors’ or ‘key escrow schemes’ in order to facilitate government access to encrypted data.”
While acknowledging that governments have legitimate law enforcement and national security interests, IEEE warns that “mandating the intentional creation of backdoors or escrow schemes — no matter how well intentioned — does not serve those interests well and will lead to the creation of vulnerabilities that would result in unforeseen effects as well as some predictable negative consequences.”
IEEE’s position is consistent with the views of many security experts who support use of strong cryptography, including Bruce Schneier, who notes: “It’s how we protect our information and our networks from hackers, criminals, foreign governments, and terrorists. Security vulnerabilities, whether deliberate backdoor access mechanisms or accidental flaws, make us all less secure.”
Five Country Ministerial Meetings (2018) Statement of Principles on Access to Evidence and Encryption
IEEE Position Statement “In Support of Strong Encryption” (June 2018)