A pact of five nation states dedicated to a global “collect it all” surveillance mission has issued a memo calling on their governments to demand tech companies build backdoor access to their users’ encrypted data — or face measures to force companies to comply.
The international pact — the US, UK, Canada, Australia and New Zealand, known as the so-called “Five Eyes” group of nations — quietly issued the memo last week demanding that providers “create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.”
This kind of backdoor access would allow each government access to encrypted call and message data on their citizens. If the companies don’t voluntarily allow access, the nations threatened to push through new legislation that would compel their help.
“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions,” read the memo, issued by the Australian government on behalf of the pact.
It’s the latest move in an ongoing aggression by the group of governments, which met in Australia last week.
The Five Eyes pact was born to collect and share intelligence across the five countries, using each nations’ diplomatic power and strategic locations as chokepoints to gather the rest of the world’s communications.
Since the Edward Snowden disclosures in 2013, tech companies have doubled down on their efforts to shut out government’s lawful access to data with encryption. By using end-to-end encryption — where the data is scrambled from one device to another — even the tech companies can’t read their users’ messages.
Without access, law enforcement has extensively lobbied against companies using end-to-end encryption, claiming it hinders criminal investigations.
Security researchers and other critics of encryption backdoors have long said there’s no mathematical or workable way to create a “secure backdoor” that isn’t also susceptible to attack by hackers, and widely derided any backdoor effort.
In 2016, rhetoric turned to action when the FBI launched a lawsuit to force Apple to force the company to build a tool to bypass the encryption in an iPhone used by the San Bernardino shooter, who killed 14 people in a terrorist attack months earlier.
The FBI dropped the case after it found hackers able to break into the phone.
But last month, the US government renewed its effort to set legal precedent by targeting Facebook Messenger’s end-to-end encryption. The case, filed under sealed, aims to break the encryption on the messaging app to wiretap conversations on suspected criminals.
It’s not the first time the Five Eyes nations have called for encryption backdoors. An Australian government memo last year called for action against unbreakable encryption.
Although the UK’s more recent intelligence laws have been interpreted as allowing the government to compel companies to break their own encryption, wider legal efforts across the other member states have failed to pass.