Recently CSO Online published a post that was repetitive of a constant disturbing view of encryption.
"Privacy is not absolute," said Five Eyes, and tech companies will either have to give the Five Eyes government alliance access to encrypted data, communications, and devices. If they don't, according to the recently issued Statement of Principles on Access to Evidence and Encryption, it seems the government intelligence alliance (representing the U.S., the U.K., Canada, Australia and New Zealand) is ready to pursue "technological, enforcement, legislative or other measures to achieve lawful access solutions."
That is but one statement that came after government representatives of the five countries met in Australia at the end of August. None of the statements issued specifically mention "backdoors." In fact, Five Eyes calls encryption "vital to the digital economy, a secure cyberspace and the protection of personal, commercial and government information. The five countries have no interest or intention to weaken encryption mechanisms."
As Colonel Sherman Potter was wont to say in the TV series MASH, horse hockey.
We've heard the same song again and again. Bad guys use encryption and end-to-end encryption, keeping intelligence and law enforcement from accessing their encrypted data and communications which makes it difficult "to protect" communities. Five Eyes says tech companies, device manufacturers, and carriers have a "mutual responsibility" to "assist authorities to lawfully access data, including the "content of communications."
"Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute," Five Eyes said. "The increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention and informed discussion on the complexity of the issues and interests at stake."
Each Five Eyes jurisdiction "will consider how best to implement the principles of this statement, including with the voluntary cooperation of industry partners. Any response, be it legislative or otherwise, will adhere to requirements for proper authorization and oversight, and to the traditional requirements that access to information is underpinned by warrant or other legal process."
The song doesn't change, nor does my response and the response of virtually all recognized cybersecurity experts. Backdoors don't work – they always escape into the hands of the "bad guys" we are supposed to be fighting, thereby becoming an enormous security hole. We've been down this road many times, but the two sides are no closer to seeing things the same way.
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology