Once again, the US is calling for weakened encryption, along with the Five Eyes, Japan and India.
The Five Eyes is a group of nations that cooperate on intelligence, comprised of the US, UK, Australia, New Zealand and Canada. The extent of the Five Eyes’ spying was brought to the public’s attention as a result of Edward Snowden’s leaks.
In an international statement, the Five Eyes, along with Japan and India, have once again called on companies to achieve the impossible.
The statement beings with the following statement supporting strong encryption:
We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the UN Human Rights Council. Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.
The next part of the statement, however, directly contradicts the opening remark:
Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:
- Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
- Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
- Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
As has been pointed out repeatedly at WPN, what the international statement calls for is not theoretically, practically or scientifically possible. Encryption is based on mathematics. For encryption to be “strong,” it must be based on a sound mathematical implementation.
The minute a backdoor is created, that strength vanishes. There is simply no way to simultaneously have strong encryption combined with a method to defeat that encryption. No matter how well intentioned such a backdoor may be, any such method would ultimately weaken encryption for everyone—including those, as the statement highlights, whose very lives depend on secure, encrypted communication.
This is one of the reasons that, as previously reported, secure messaging app Signal has already said it would not be able to continue operating in the US should legislation be passed enforcing encryption backdoors. For perspective, Signal is used by congressional staff and the military, specifically because it is so secure.
What is not clear is whether the officials calling for encryption backdoors understand the underlying principle and are disingenuously claiming otherwise, or whether they truly do not understand how encryption works.