The political rhetoric against strong encryption continues to crank up. Reuters reports today that Australia will be pushing for greater powers for countries to tackle the use of encrypted messaging services by terrorists and criminals at an upcoming meeting of ministers from the so-called ‘Five Eyes’ intelligence network.
“I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption,” Australian Attorney General Senator Brandis is quoted as saying, ahead of the meeting of the group next week.
“These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies.”
The Five Eyes countries are: the US, the UK, Canada, Australia and New Zealand.
In the UK a legislative framework has already been put in place which is widely interpreted as having powers to compel companies to remove encryption and/or limit the use of end-to-end encryption to secure services (aka, the Investigatory Powers Act).
The final piece is a statutory instrument called a Technical Capability Notice (TCN) intended to be served on comms services providers to compel decrypted access, i.e. provided the authorities have a warrant and have passed certain proportionality tests intended to safeguard misuse of the power.
Prior to the UK’s general election earlier this month, government ministers were reportedly intending to push the instrument through a vote in parliament — although the Conservatives went on to lose their majority in the election. It’s not yet clear whether their plans will be delayed or face major opposition from opposition MPs.
But it is clear that the UK’s legislative ‘lead’ on decryption powers is having geopolitical ramifications. (The wider Europe Union is also currently considering how to respond to the rising use of strong encryption by digital services — though no legislative proposals have emerged as yet.)
Earlier this month Australia’s Brandis told Sky News he’s a fan of the UK’s IP Act, and said the country wants to encourage all Five Eyes nations to pursue a similar strategy of ramping up the legal obligations on tech companies and device makers to — as he put it — “co-operate with authorities in decrypting communications”.
He has also previously said Australia does not want to mandate backdoors in services. However in the same Sky News interview Brandis argues that pressuring companies to break their own encryption does not constitute a backdoor. Which is really a game of semantics.
“In the UK under the Investigatory Powers Act that was passed last year their authorities have the capability to issue to a device maker or a social media company… a [TCN] which imposes — subject to tests of reasonableness and proportionality — imposes on them a great obligation to work with authorities where a notice is given to them to assist in breaking a communication. So that’s not backdooring.”
“My concern is that the existing [domestic] law… do[es]n’t go far enough in imposing obligations of co-operation upon the corporates,” he added. “In the first instance the best way to approach this is to solicit the co-op of companies like Apple and Facebook and Google and so on. I think there has been a change of the culture in the last year or more.
“There is a much greater conscious, proactive willingness on the part of the companies to be co-operative. We need the legal sanction as well.”
We’ve reached out to Facebook, the parent company of end-to-end encrypted messaging service WhatsApp, for comment on this latest push for increased “cooperation” to break encryption — and will update this story with any response.
The company is already facing increasing pressure on this front from UK government ministers. And earlier this month the Home Secretary, Amber Rudd, called on companies to limit the use of end-to-end encryption. On Friday the company’s COO, Sheryl Sandberg, met with Rudd for discussions — billed as including e2e encryption and working with law enforcement, as well as wider industry efforts to clamp down on extremism online.
In a statement following the meeting, Sandberg said: “We had a constructive meeting with the Home Secretary. We briefed her and her team on our efforts to keep terrorists off Facebook and the launch of our counter speech initiative in the UK earlier today.”
Apple’s iMessage is another e2e encrypted messaging services. The company went through a high profile legal battle against the FBI last year over access to a locked iPhone — after the agency tried to use the courts to require the company weaken the security of iOS so the passcode on the device could be brute forced.
In the end the FBI broke into the device by purchasing an iOS vulnerability via a third party company. However the notion that encryption is a blocker to intelligence and law enforcement investigations has gained the attention of some US lawmakers. Senator Dianne Fenstein, for example, has indicated she intends to make another attempt at passing a decrypt law.
Earlier this month The Sydney Morning Herald also reported Brandis saying Australia wants its Five Eyes allies to have common standards to enable one country’s warrants to be more easily actionable via authorities in another — arguing that mechanisms for warrant exchanges are “more limited than they should be”.