The nations of the Five Eyes security alliance – Australia, Canada, New Zealand, the USA and the UK – plus Japan and India, have called on technology companies to design their products so they offer access to encrypted messages and content.
A joint “International Statement” issued on Sunday frames the issue as a matter of public safety.
“We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security,” the Statement commences, adding: “Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.”
Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety
But the Statement also says: “Particular implementations of encryption technology … pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children.” The document then quotes statistics about the extent of child exploitation activity online and asserts that if law enforcement agencies can be allowed to view encrypted communications, it will enhance public safety.
It’s not just the public that is at risk, the statement argues. Technology companies themselves may not be able to “identify and respond to violations of their terms of service” or respond to “the most serious illegal content and activity on its platform, including child sexual exploitation and abuse, violent crime, terrorist propaganda and attack planning”.
Which is why the seven signatories to the Statement “urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content”. And they suggest this can be done in the following three ways:
- Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
- Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
- Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
The Statement ends with the signatory nations saying they “… challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches protecting each of these important values are possible and strive to work with industry to collaborate on mutually agreeable solutions.”
UK High Court rules Snooper's Charter doesn't break Euro human rights lawsREAD MORE
The statement does not express entirely new sentiments. The very fact the seven nations felt the need to issue it is surely notable, as many have already enacted legislation aimed at ensuring they can access encrypted online activity. The UK’s Snooper’s Charter, Australia’s Assistance and Access Bill and the USA’s CLOUD Act all offer legislative instruments that permit governments to compel access to devices and/or content under some circumstances.
This new Statement seems to reflect the fact that even those instruments prove ineffective when access is allowed, but results only in finds of encrypted content that cannot be read.
The Register has asked Facebook, Google and Apple for comment on the Statement and will update this story if any offers substantive comment. ®