Spy agencies from Canada, the US, Britain, Australia, and New Zealand are demanding services include backdoors to their encryption.
It’s the latest development in what some advocates and observers call “the war on encryption”. A memo has recently been released calling on various Internet services to include backdoors to their encryption. The purpose of these backdoors, they say, is to ensure law enforcement has lawful access to encrypted data. They allege that this is necessary to protect citizens. From Tech Crunch:
The international pact — the US, UK, Canada, Australia and New Zealand, known as the so-called “Five Eyes” group of nations — quietly issued the memo last week demanding that providers “create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.”
This kind of backdoor access would allow each government access to encrypted call and message data on their citizens. If the companies don’t voluntarily allow access, the nations threatened to push through new legislation that would compel their help.
“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions,” read the memo, issued by the Australian government on behalf of the pact.
Coincidentally, it was the Australian government that was calling for the weakening of encryption late last month. That came in the form of the Assistance and Access Bill 2018 which would mandate services allow such backdoors to be implemented into their encryption should they want to operate within the country.
What makes this memo different is the fact that these calls to weaken encryption is now coming from 5 separate countries. Since these are coming from the spy agencies themselves, that gives them a lot of leverage to push their respective governments to get the ball rolling on weakening encryption in their respective jurisdictions.
Of course, this is going to get a whole lot of pushback from the security community. They know full well that any effort to weaken encryption would make their services less attractive. What’s more, various actors including bad actors are constantly scouring encryption services and looking for weak points. Deliberately adding a weakness in such a service like a backdoor only offers third parties an additional possible way to break that encryption and access whatever they please.
Above and beyond this, if the five eyes manage to get what they want in the end, it will not ultimately solve anything. This is because there is nothing stopping a service cropping up in, say, Brazil for instance. It won’t stop that service from saying that, unlike the other services under the five eyes jurisdictions, it is not mandated to offer backdoor’s to the government. Moreover, nothing is really stopping people from flocking to such a service because of the promise of a more secure communication channel.
This would naturally bring up issues of these spy organizations having to pressure their governments to pressure other governments to permit access to those services. The most obvious observation under this scenario is that there is nothing from stopping that government from simply saying “no” because they suddenly see a new revenue stream flowing into their economy.
Some people might say that such a theory is just wild speculation and untested theories. The reality is that this is based off of precedent. In the early years of file-sharing, various services cropped up across the United States. Whether it was file-sharing clients, networks, FTP sites, hash URL sites, streaming, or a whole lot more, the US, for a time, had countless file-sharing services.
As rights holders cracked down on those services through various law enforcement actions, those services began to dwindle. One can easily guess what happened next. As the services dwindled in the US, they began to crop up in other countries. This includes Britain, Australia, New Zealand, Canada, China, Sweden, Japan, Russia, India, Germany, the Netherlands, and countless other countries. Ever since, it’s been a long game of whack-a-mole on a global scale. As a result, we still have plenty of file-sharing services scattered all throughout the world with no end in sight.
This same kind of pattern for encrypted services is very predictable. As these services in America, Canada, Australia, Britain, and New Zealand get more and more pressure, some may either cooperate or shut down completely. The fallout is going to be much worse for these spy agencies in question. It could even lead to more serious question of where the money flow is going and whether or not services in other countries are ultimately reliable in the first place.
The real question is going to be: do these spy agencies want to open the same can of worms the Recording Industry Association of America (RIAA) opened when it sued Napster? If they continue to push for backdoor’s to these services, that is exactly what is going to happen. With the VPN industry alone the way it is today, there is going to be a whole bunch of other players these spy agencies have to contend with.
At this point, time will tell whether or not these spy organizations will actually repeat the mistakes of the music industry more than a decade ago.
Drew Wilson on Twitter: @icecube85 and Google+.