Five Eyes Surveillance Agencies Say Encryption Is Good, Except When It Keeps Them From Looking At Stuff

from the shorter-Five-Eyes:-we-like-encryption-that-doesn't-work dept

The Five Eyes nations — UK, US, Australia, Canada, and New Zealand — still think there’s a way to create encryption backdoors (that they studiously avoid calling backdoors) that will let the good people in and the bad people out.

The backlash against government calls for backdoors has made these demands a bit more subdued in most Five Eyes countries. The UK government really doesn’t seem to care and uses every terrorist attack as another reason to prevent law-abiding citizens from using secure encryption for their communications. Others members have taken a more measured approach, talking around the subject while legislative inroads continue unabated.

In the US, the periodic “going dark” discussions have taken on a (no pun intended) darkly comical tone as FBI and DOJ officials continue to claim harder nerding with solve the “problem” it has misrepresented for years.

The countries may be taking different approaches to undermining encryption, but they’re all still looking to do this in the future if they can just find a way to sell it to the public without the actual nerds speaking up and ruining all their plans. The Register notes the Five Eyes surveillance partnership has delivered another ultimatum (that it won’t call an ultimatum) about encrypted communications following a meeting in Australia. But it is taking care to couch its wants and desires in pretty words about the safety and security of the general public.

In an official communiqué on the confab, they claim that their inability to lawfully access encrypted content risks undermining democratic justice systems – and issue a veiled warning to industry.

The group is careful to avoid previous criticisms about their desire for backdoors and so-called magic thinking – saying that they have “no interest or intention to weaken encryption mechanisms” – and emphasise the importance of privacy laws.

But the thrust of a separate framework for their plans, the Statement of Principles on Access to Evidence and Encryption, will do little to persuade anyone that the agencies have changed their opinions.

“Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute,” the document stated.

And there it is. The only thing Five Eyes considers “absolute” is its supposed “right” to access contents of devices and communications. First, the confab talks about “mutual” cooperation, as though the tech industry is being unnecessarily resistant to undermining protections it provides to users. Five Eyes may not have the strength of conviction to actually demand encryption backdoors, but the wording here indicates what it wants is pretty much just a backdoor.

Providers of information and communications technology and services – carriers, device manufacturers or over-the-top service providers -– are subject to the law, which can include requirements to assist authorities to lawfully access data, including the content of communications. Safe and secure communities benefit citizens and the companies that operate within them.

This means key escrow or having encryption removed during transit so service providers can access contents of communications. Nothing about either plan makes users safer or less accessible to malicious parties not associated with the Five Eyes partnership.

The next section’s headline makes it clear who’s going to be answering to who:

Rule of law and due process are paramount

In other words, if you’ve got a warrant, I guess you’re gonna come in I’ll let you in. This appeal to authority says providers must subject themselves to pestering governments, even if it means harming their entire userbase just so the government can go after a few users. The nod to due process really means nothing, what with indefinite gag orders accompanying demands for communications and data, and an ongoing refusal by government agencies to discuss surveillance means and methods in open court. As long as parallel construction is still a thing, due process will never be given the respect it deserves.

So, Five Eyes may be trying to make it sound like the countries agree encryption is a valuable protection for its collective citizens, but what it really wants is the protection to be weakened to the point law enforcement — and anyone else not governed by the rule of law — can access it at will. No one’s saying “backdoor,” but they’re all thinking it very loudly.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Five Eyes Surveillance Agencies Say Encryption Is Good, Except When It Keeps Them From Looking At Stuff”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Code Books

Why stop at the internet communication platforms? We have seen for decades that coded messages can be sent to each other via special books or even postcards.

I see no reason all books should be completely outlawed, and if you wish to read a book, you must go to the library where a member of the police will make sure you aren’t reading between the lines.

Anonymous Coward says:

Re: Re: Zombie one-pager Alasdair Fox, 18 comments total since 2009!

Characteristic near 3 year gap after first comment, another gap near as long, and at best sparse.

Five Countries, five eyes. No evidence of a brain.

That’s your only interest in this piece! BRAINS! BRAINS!

Yet another Zombie to start the week! Words fail me, but HOOTS don’t! HOOT, HOOT!

That One Guy (profile) says:

Re: Re: Five countries, five eyes.

If only, if they were just stupid that could potentially be solved with enough education.

No, it would be a mistake to assume that they don’t know what they’re asking for. They know exactly what they are asking for and what it stands to do, they just don’t care, whether that be because they’re so focused on themselves and what they see as their job that it doesn’t even cross their mind the massive negative impacts of others, or because they figure that the losses the public will be forced to make will be worth the gains they stand to make.

Sometimes assuming malice is the correct choice.

Anonymous Coward says:

First, the confab talks about "mutual" cooperation, as though the tech industry is being unnecessarily resistant to undermining protections it provides to users.

Why are the same people unnecessarily resistant to freedom of infomation laws, and reporting truthfully to government committees? It wouldn’t be a case of privacy for us via secrecy laws, and no privacy for you because it makes it harder to do our jobs?

AJ says:

Re: Re:

“Good” and “bad” are subjective.”

It’s all subjective. Encryption, drugs, guns, politics, you name it. Regardless of how you paint the picture; Your talking about the removal of individual rights by the government, justified by the perceived safety to society as a whole.

Sit down, relax, you may feel a little pinch…. it’s for your own good. 🙂

Anonymous Coward says:

Re: Re: Re: Encryption, drugs, guns, politics, you name it.

“which are purely destructive weapons.”

Nice justification. Removal of individual rights knows no ideological bounds. Right, Left, Centrist, specific issues such as guns, drugs, or encryption… It’s easy to create an argument that justifies taking away individual rights in protection of society as a whole, regardless of your political leanings. The Left will go after the guns, the Right abortion. The Irony is, they use the same argument “The protection of human life” to justify their position. I would argue the only thing were protecting in either case is; The status quo.

Anonymous Coward says:

Re: Re: Re:3 Removal of individual rights knows no ideological bounds.

Agreed, the hypocrisy is sickening. The whole; Violent video games are bad, but selling a semi auto with a 30 round mag to anyone with money at a gun show is not?

My point was; You get the hypocrisy on both sides. But with that aside; Taking away individual rights for safety or any other reason, regardless of where you stand politically, is a slippery slope. Doesn’t matter what the topic is.

The Right; We love our guns, but violent video games are bad?
The Left; We hate guns, but we want the right to kill unborn children?
The Center; Do what you want, just don’t tread on me?

In my opinion, All any of this shit does is keep people divided. I believe it’s done on purpose, mainly to maintain the status quo.

Thomas Talbert (profile) says:

Re: Re: Re:4 Removal of individual rights knows no ideological bounds.

“…selling a semi auto with a 30 round mag to anyone with money at a gun show…”
When you begin with a blatantly false statement, only those already in your little box can be expected to believe you. Sad; especially when your wrap-up statement is 100% correct…

Uriel-238 (profile) says:

Re: Re: Re:6 Gun Show Loophole

In California, some of the gun show loopholes are closed, and here in Cali, civilians aren’t allowed magazines more than ten rounds.

But that means there are a lot of exchanges that occur privately, since an unregistered gun that is inherited or accidentally left by visiting family is not illegal (and a lot of weapon laws are very difficult to enforce.)

YYYYYY... says:


Enough is enough already.
As soon as these governments design their own back-doored encryption and make use of it for *ALL* of their own communications, firewalls, VPNs, etc, for at least 2 decades, then maybe, just maybe, we’ll think about it.

Nah, nevermind, we never would.
But it would be hilarious to see how long their “backdoored” encryption lasted, probably about as long as game anti-pirating measures, perhaps even less.

Certainly the gaming industry and DVD-CSS and Blu-Ray encryption schemes are proof that any copy-protection / encryption with “back-doors” just won’t work.

Anonymous Hero says:

Re: Re:

the Truths of mathematics simply will not succumb to their threats

I hear this argument a lot and would like to address it. Mathematics isn’t the issue. We already know how to make a mathematically-sound backdoor. That part is trivial.

The problem is the human element, i.e., we need to make sure only the “good guys” use it. Presently, we have no idea how to do that.

Anonymous Coward says:

Re: Re: Re:

“We already know how to make a mathematically-sound backdoor.”

And that would be what? Also, what does mathematically sound mean to you?

The whole back door thing is silly to begin with. Why bother with such obfuscation? Is it to make the user feel all cozy in their belief of data integrity? What is the advantage to a backdoor rather than simply using the front door? Anyone with the key has access ans anyone with access can modify.

Presently we have no idea ….

Anonymous Coward says:

Re: Re: Re:

The problem is even simpler. encryption is working if and only if the intended recipient, or data owner, are the only ones that can decrypt the message. If anybody can decrypt the message, encryption is broken. So, if a government agency can decrypt the message, or data, and they are not an intended recipient or the data owner, the encryption is broken.

What those people are saying is that in order to protect you and to solve crime, we will remove your privacy, while those we should be targeting can use illegal encryption to keep us out.

Adrian Lopez says:

Re: Re: Re:

Do you have any references for the claim that mathematically-sound backdoors are a solved problem? How do you facilitate decryption by the “good guys” without either handing them keys to each message or giving them (and, potentially, others) a means of decrypting every message? Key escrow isn’t a mathematical solution. A master key, on the other hand, is both a hugely valuable target and a potential weak point for an algorithm (such than an attacker would not need access to the master key).

Ad for making sure only the good guys have access to backdoors, the problem is even more fundamental: we don’t even know how to define “the good guys.”

Anonymous Coward says:

Re: Re: Re: Re:

Key escrow isn’t a mathematical solution.

It’s not a mathematical solution, but it’s mathematically sound. That is, we know how to encrypt our private keys so that only people with the government’s private key can read them (or only someone with M of N keys). The problems with managing this master key are not mathematical in nature.

The Clipper Chip pretty much solved the mathematical problems. Its rejection should be read as a rejection of the very concept of key escrow. (One major mathematical "problem" was found: the escrowed key was protected by a 16-bit hash, so you could brute-force replace your escrowed key with random data. The encryption algorithm was a bit weak too, but it could be swapped out without changing the mathematics of the escrow.)

Anonymous Hero says:

Re: Re: Re:2 Re:

It’s not a mathematical solution, but it’s mathematically sound. That is, we know how to encrypt our private keys so that only people with the government’s private key can read them (or only someone with M of N keys). The problems with managing this master key are not mathematical in nature.

This is exactly what I meant. “Mathematically sound” just means we know how to do math such that a key escrow system (for example) will correctly decrypt the cipher text. One example of a mathematically-sound encryption scheme that contains a backdoor is Dual_EC_DRBG.

Anonymous Coward says:

Re: Re: Re:3 Re:

How about when every government demands a backdoor in encryption, do they all have the same backdoor, or are 195 different ones implement in every encryption system? Either way, law abiding private individuals are being asked to sacrifice their privacy, while criminals and terrorist will be able to protect theirs.

That One Guy (profile) says:

Re: Re: Re:4 Re:

You’d think that that would be enough to drive the idea out of their heads, but sadly it doesn’t even seem to phase them.

‘Okay, say you get your totally-not-a-backdoor so that you can have ‘lawful access’. Now what about that country over there that you don’t particularly care for, what about the ‘lawful access’ they might want? It’s not like the company you forced to grant you access will have any grounds to object when they demand the same. So, knowing that people you don’t want access will almost certainly get it if you do, still willing to make (the public make) that sacrifice?’

Christenson says:

Re: Re: Re: Mathematically sound backdoors

Mathematically ‘sound’ backdoors, lol, did you not detect the dripping sarcasm???

As to how to make one, well, just encrypt the key according to your favorite backdoor algorithm along with the message.

For example: Let the message encryption key be Kmine. Let the gubmn’t post their public encryption key PKgubmn’t. Now encode Kmine with PKgubmn’t. Now, if gubmn’t needs to decrypt it, they simply decrypt the message key Kmine with PrivKgubmn’t. It’s mathematically sound (no key, no plaintext without lots of work), even if it is monumentally silly!

(Note that meanwhile, the gubmn’t key has been stolen by the mafia, and they have also intercepted the message and acted on it.

James Burkhardt (profile) says:

Re: Re: Re:

That’s been the biggest problem with encryption through the 20th century – Enigma was only beaten because of the Human Element.

The issue when people discuss the truth or laws of mathematics is that inserting a second decryption vector significantly increases the threat of the Human Element. All key escrow and other schemes do is try to decrease the footprint of the second decryption vector.

If your house had two locks, and unlocking one lock would unlock the house, and the key to the second lock not in your control but publicly known to be held by a third party, that should be immediately concerning, because the physics of the lock mean that it doesn’t matter who holds the key. No matter how many security mechanisms the third party says it has, they have a bunch of keys, or a master key, and therefore is a high profile target. Its a physics problem – the lock can’t tell between good guys and bad guys, just if it has the right key. Adding that second lock will, by the laws of physics, weaken your home’s security.

In the same way, adding that encryption backdoor will, mathematically, weaken the encryption. Even without the key, the theif has two locks to try to pick, not just one.

Anonymous Coward says:

Re: Re: Re: Re:

“If your house had two locks, and unlocking one lock would unlock the house, and the key to the second lock not in your control but publicly known to be held by a third party”

They are probably working on this right now, dreaming up scenarios in which this, in their minds, could be a solution to the problem they just created.

That One Guy (profile) says:

Re: Re: Re: The ultimate target, with endless people aiming at it

No matter how many security mechanisms the third party says it has, they have a bunch of keys, or a master key, and therefore is a high profile target.

Not ‘a’ high profile target, the high profile target. If it’s known that there exists a key that would allow you to bypass all of the encryption in a country thanks to it being mandatory that would be the #1 target of every group that could either use or sell that, such that no-amount of security would keep it safe.

Given the immense value something like that would have there would be nearly countless government and criminal agencies that would be willing to spare no expense in attaining it, such that if the security protecting it lasted a month I’d be highly surprised, and once it’s out in the wild suddenly you’d have an entire county’s security compromised, rather than individual devices and builds as it is now.

Anonymous Coward says:

Re: Re: Re:2 Re:

How is this accomplished?

It would have to be done with laws. "Bad guys" won’t follow those; but if they’re using commercial software, and it contains mandatory backdoors, that’s likely to trap the dumber ones. Of course, the mathematics of secure cryptography are well known and aren’t going to disappear (nevermind "black-market" software and foreign imports), so the smarter criminals will always have secure communication.

Anonymous Coward says:

It takes a good guy with decryption to stop a bad with encryption?

Except that there are no good guys with decryption.

I think they will need a very public demonstration of their amazing breakthru, a proof of concept, before forcing anyone to actually use it. But, of course, such logic will not be given any consideration because that might cause examination of their new draconian method of intimidation.

Anonymous Anonymous Coward (profile) says:

Re: Re:

It is ridiculous. They, like some law enforcement, have either forgotten how to do their jobs, are too lazy to do their jobs, or don’t want to spend the money for hum-int, or consider hum-int too dangerous.

Things worked in the past but that means that all their sources and methods have been exposed and are no longer useful. This new technique means they can sit in their cushy offices, get the bad guy (aka anyone they deem bad, evidence or no and that includes people they just don’t like), and have coffee all at the same time.

Anonymous Coward says:

Re: Re: Re:

There is a grain of truth to their “going dark” story. Back when hum-int was all the rage communication was done via physical letter or over wires without encryption (phone, telegram, etc). The need to “bug” a space or rifle through one’s belongings hasn’t changed but communication has become, thanks to the internet and easy encryption, far harder to gain access to. It’s not too difficult to imagine the increased difficulty of performing a thorough investigation in this modern era.

Encryption is an extension of privacy, a right guaranteed in the USA. That right to privacy itself has holes where investigation is required, via warrant for example. LE’s problem now is that even a warrant can’t help you break strong crypto. What they’re asking for sounds reasonable when stated in this way.

However, the same nerds they’re asking (nay, demanding) “nerd harder” can quickly tell them that the ask is not possible without killing encryption entirely. It seems to me that LE needs to “enforce harder” and find alternatives to breaking encryption. They shouldn’t be asking us to make their jobs easier but rather escalate their skillsets to match the modern world. Today’s encryption will not be the last hurdle for them to have to surmount and they need to prepare themselves for the future.

Anonymous Coward says:


Something that I think of every so often when this topic comes up (which never happens). Authorities do NOT actually have the right to access information (which is an abstract thing) they ONLY have the right to seize physical ‘evidence’.

If the last scholar of a dead language writes something in said language, and then dies, does the government have the authority to compel reality to translate it to English (HINT: the answer is ‘no’).

ECA (profile) says:



What a wonderful idea..For all those in Jail for Sharing secrets or reporting Corp Crimes…I Salute you..

Its entertained me that a person in the military, Ha access to a radio channel that was Unencrypted, and Copied the data/information that was being sent back and forth, between nations..

NON-ENCRYPTED CHANNEL, that anyone could listen to..And this person gets put into jail(??)..

Anonymous Coward says:

Who are the good guys, the nsa, fbi, interpol.
Governments who spy on dissidents and human rights lawyers .
It seems to change from day to day.
Agencys who have been shown to be willing to break the law and spy on us citizens the and western allies.Like merkel.
The world financial markets and banking system
depend on strong encryption .
Look at all the info private companys can get from
facebook,social networks, advertising networks
without breaking encryption.
Are the nsa not already using various tools and vunerability,s that hackers
use to hack into credit agencys etc
Many private companys hardly seem to use even basic precautions for protecting user data .
The eu regulators are not perfect but they at least
brought in laws to protect user privacy
and encourage private companys to secure private user data.

Uriel-238 (profile) says:

Steganographic encryption

First on Uriel’s list of points to bring up whenever our intelligence / law enforcement agencies start yearning for backdoors and forced decryption mandates:

Diligent criminals by which I mean most businesses will simply resort to encryption with stenographic properties which already exists in multiple commercial offerings. Data can be encrypted to look like unused disk sectors, and encryption blocks can be formatted with multiple catalogs, so that different passwords open:

~ The clean, nothing-here-but-business-expenses accounts
~ The dirty slush funds for big bribes accounts
~ A whole bunch of child porn
~ A whole bunch of balloon porn

Each without revealing that any of the other data exists.

This segways into the second point on Uriel’s list, that any random, unformatted memory might be encrypted data, and any encrypted data may have multiple directories.

This can be used by prosecution in the US to pressure courts to force a guy to use the other password (and the other other password, and the other other other password) until he refuses to do so (id est no further directories exist) in order to get him incarcerated (for fourteen-plus years) for contempt.

Considering how they’re misused, I already have contempt for US courts.

Anonymous Coward says:

“Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups”

Duh! You answered your own question!

If the encryption is used to protect commercial information, then it has to stand up to the full might of the Chinese, Russian, Iranian, etc., intelligence agencies.

If the encryption is used to protect government information, ditto.

So the 5 Ayes think that commercial & government information needs to be put at risk, so that we can catch a drug user or two?

Only a few nanometers protect the information in the cellphone in your pocket from the Chinese, Russians, Iranians, etc. That protection has to be robust to keep those Chinese, Russians, Iranians, & cybercriminals from hacking your phone, screwing with the battery charging code, and blowing up your private parts.

(Five Eyes quickly grab their cellphones from their pockets and hurl them as far as possible!)

Personanongrata says:

Free Unicorns that Poop Golden Eggs

Rule of law and due process are paramount

Any person believing that these Five-Eye governments care one iota about Rule of law and due process is entitled to a free unicorn that poops gold eggs.

The Five-Eyes global surveillance program is used for stealing industrial secrets, blackmail, insider stock trading tips and keeping tabs on your political opponents.

In nations that supposedly adhere to the limitations (ie Rule of law) placed upon their respective governments the term National Security Exemption, which is most often used to hide government malfeasance/misfeasance/non-feasance, would be relegated to the dustbin of history.

It is all very simple:

Private citizen means private communications unfettered by government snoops.

Public servant means transparent communications available for all to read/hear/watch.

Alas, we live in a world run by lunatics, thieves, murderers, torturers and moral busy bodies of every shape and size and the only way this will ever change is one individual person at a time realizing the great big shit sandwich we have been collectively biting into is really a great big shit sandwich.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...