No, The New Agreement To Share Data Between US And UK Law Enforcement Does Not Require Encryption Backdoors

from the sounds-messed-up-but-hardly-changes-anything dept

It’s no secret many in the UK government want backdoored encryption. The UK wing of the Five Eyes surveillance conglomerate says the only thing that should be “absolute” is the government’s access to communications. The long-gestating “Snooper’s Charter” frequently contained language mandating “lawful access,” the government’s preferred nomenclature for encryption backdoors. And officials have, at various times, made unsupported statements about how no one really needs encryption, so maybe companies should just stop offering it.

What the UK government has in the works now won’t mandate backdoors, but it appears to be a way to get its foot in the (back)door with the assistance of the US government. An agreement between the UK and the US — possibly an offshoot of the Cloud Act — would mandate the sharing of encrypted communications with UK law enforcement, as Bloomberg reports.

Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter.

The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said.

The reporting here is borderline atrocious. The article insinuates that this agreement will force Facebook and WhatsApp to turn over decrypted communications or install a backdoor. It won’t. The platforms may be compelled to turn over encrypted messages but all UK law enforcement will get is encrypted messages. The reporting here makes it appear as though social media platforms are being compelled to provide plaintext. They aren’t.

Sharing information is fine. Social media companies have plenty of information. What they don’t have is access to users’ encrypted communications, at least in most cases. Signing an accord won’t change that. There might be increased sharing of encrypted communications but it doesn’t appear this agreement actually requires companies to decrypt communications or create backdoors.

Facebook has already issued a statement saying it opposes any plan that would require the creation of backdoors. It points out the Cloud Act does not mandate backdoors. While it does give the US government permission to engage in extraterritorial searches of US companies’ data stores located overseas, it does not demand companies decrypt data or communications for it.

The other factor pointing in the direction of the UK law enforcement beneficiaries ending up with useless garbage is the Cloud Act itself. UK tech lawyer Graham Smith points out the Cloud Act requires agreements like these to be “encryption neutral,” meaning neither side can mandate backdoors. Consequently, UK and US government agencies will get what they get when utilizing this new agreement. This means in some cases demands for data and communications will produce incomprehensible text, rather than anything useful.

That said, the UK government dream of encryption backdoors hasn’t died. The Bloomberg article quotes UK Home Secretary Priti Patel, who has previously claimed encryption “empowers criminals.” This is pretty much the same thing her predecessor, Amber Rudd, said. The less-than-implicit suggestion is that companies providing encrypted communications to users are siding with criminals, rather than the forces of law and order. Any perceived benefits of secure communications apparently pale in comparison to the government’s “right” to access the content of communications.

This new accord likely won’t (and probably can’t) mandate backdoors — no matter how the Bloomberg article skews it. But an international partnership created solely for the purpose of accessing communications and data applies a lot more pressure than parallel efforts from both sides of the pond.

Filed Under: , , , , , ,
Companies: bloomberg, whatsapp

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “No, The New Agreement To Share Data Between US And UK Law Enforcement Does Not Require Encryption Backdoors”

Subscribe: RSS Leave a comment

This comment has been flagged by the community. Click here to show it.

Anonymous Coward says:

so how about totally removing ALL protections and ALL privacy from EVERYONE, including EVERY member of EVERY government, EVERY member of the opposition to EVERY government and EVERY member of EVERY business, legal practice, EVERY security service and EVERY police force and EVERY person in or associated or concerned with ANYTHING, ANYWHERE? as, i suppose, EVERYONE, EVERYWHERE, concerned with ANYTHING is so important as to stop this, unless they are an ORDINARY person, basically classed as a NOBODY, it goes to prove that only us ORDINARY people are classed as thieves, rogues, terrorists, rapists, murderers etc. i wonder how many of the NON ORDINARY people have been guilty of things like getting the head of another country to dig up dirt on a political rival? how many of us ORDINARY people have had to flee to a communist country to protect themselves against being ‘erased’ for ‘whistle blowing’ the dirty deeds of the security services against their own countrymen? or how many ORDINARY people have been able to buy certain favors because of their supposed position as a political representative? strange how it’s always the likes of us ORDINARY, law abiding people who do nothing wrong are always under suspicion but the lying cheating scheming, self serving fuckers want to keep their underhanded escapades hidden but we cant go for a crap without someone else wanting to know what color it was, when and where it was done and how long it took and how many sheets of toilet paper we used!
of course it’s wrong to steal, to kill, to rape, to blow up others or property but those who want to do this wont be caught until after the event. knowing what every one of us ORDINARY people do, say etc, who have nothing to hide will never stop those who want to commit whatever nefarious deed they decide from hiding everything!

Anonymous Coward says:

When will these imbeciles get it through their thick skulls that Facebook, et. al. are not necessarily privy to the keys to decrypt any of their users’ communication? And that forcing anything through any channels, legal or otherwise, will only ensure that future version of these services never have such access?

If they want access to my decrypted communications they need to compel me to provide that access since nobody else can do it. Their little crusade is nothing more than a pipe dream that will bear no fruit.

Anonymous Coward says:

I would guess that if the US agrees to any sort of agreement that mandates anonymous speech/press must be done away with at the request of a foreign government will be thrown out upon judicial review.

Countries with lower degrees of (or completely without) free speech and free press protections would like to force the US to do it differently now just like they wanted the force us to do it differently in 1776. (It’s not even a different country)

If an agreement is made I guess it could do some damage while it’s on its way to being challenged.

bob says:

I don't think this is going to go well.

And officials have, at various times, made unsupported statements about how no one really needs encryption, so maybe companies should just stop offering it.

And yet consumers prefer to pay extra money for devices and software that include the encryption. Weird. It’s as if the whole world is blind and being charged extra for something they don’t need and only one organization is "smart" enough to know the truth. It’s like, … like, oh if only there was a word to describe this situation.

A Guy says:

Re: Five Eyes can kiss my patootie

If you use most consumer electronics you can probably count on 5 eye’s, Russia, China, NATO/EU, at least one of the Islamic country treaty blocs and probably India all have access to your devices if they really want it.

I’m referring to consumer routers, windows, android and OS/iOS at least. Some out of the box Linux distributions are known to be more hole-ridden than others. Also if you use multicore with speculative execution and/or out of order execution processors the extra speed comes at the cost of security.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...