No, The New Agreement To Share Data Between US And UK Law Enforcement Does Not Require Encryption Backdoors

from the sounds-messed-up-but-hardly-changes-anything dept

It's no secret many in the UK government want backdoored encryption. The UK wing of the Five Eyes surveillance conglomerate says the only thing that should be "absolute" is the government's access to communications. The long-gestating "Snooper's Charter" frequently contained language mandating "lawful access," the government's preferred nomenclature for encryption backdoors. And officials have, at various times, made unsupported statements about how no one really needs encryption, so maybe companies should just stop offering it.

What the UK government has in the works now won't mandate backdoors, but it appears to be a way to get its foot in the (back)door with the assistance of the US government. An agreement between the UK and the US -- possibly an offshoot of the Cloud Act -- would mandate the sharing of encrypted communications with UK law enforcement, as Bloomberg reports.

Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter.

The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said.

The reporting here is borderline atrocious. The article insinuates that this agreement will force Facebook and WhatsApp to turn over decrypted communications or install a backdoor. It won't. The platforms may be compelled to turn over encrypted messages but all UK law enforcement will get is encrypted messages. The reporting here makes it appear as though social media platforms are being compelled to provide plaintext. They aren't.

Sharing information is fine. Social media companies have plenty of information. What they don't have is access to users' encrypted communications, at least in most cases. Signing an accord won't change that. There might be increased sharing of encrypted communications but it doesn't appear this agreement actually requires companies to decrypt communications or create backdoors.

Facebook has already issued a statement saying it opposes any plan that would require the creation of backdoors. It points out the Cloud Act does not mandate backdoors. While it does give the US government permission to engage in extraterritorial searches of US companies' data stores located overseas, it does not demand companies decrypt data or communications for it.

The other factor pointing in the direction of the UK law enforcement beneficiaries ending up with useless garbage is the Cloud Act itself. UK tech lawyer Graham Smith points out the Cloud Act requires agreements like these to be "encryption neutral," meaning neither side can mandate backdoors. Consequently, UK and US government agencies will get what they get when utilizing this new agreement. This means in some cases demands for data and communications will produce incomprehensible text, rather than anything useful.

That said, the UK government dream of encryption backdoors hasn't died. The Bloomberg article quotes UK Home Secretary Priti Patel, who has previously claimed encryption "empowers criminals." This is pretty much the same thing her predecessor, Amber Rudd, said. The less-than-implicit suggestion is that companies providing encrypted communications to users are siding with criminals, rather than the forces of law and order. Any perceived benefits of secure communications apparently pale in comparison to the government's "right" to access the content of communications.

This new accord likely won't (and probably can't) mandate backdoors -- no matter how the Bloomberg article skews it. But an international partnership created solely for the purpose of accessing communications and data applies a lot more pressure than parallel efforts from both sides of the pond.

Filed Under: cloud act, data sharing, encryption, law enforcement, priti patel, uk, us
Companies: bloomberg, whatsapp


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 30 Sep 2019 @ 10:01am

    so how about totally removing ALL protections and ALL privacy from EVERYONE, including EVERY member of EVERY government, EVERY member of the opposition to EVERY government and EVERY member of EVERY business, legal practice, EVERY security service and EVERY police force and EVERY person in or associated or concerned with ANYTHING, ANYWHERE? as, i suppose, EVERYONE, EVERYWHERE, concerned with ANYTHING is so important as to stop this, unless they are an ORDINARY person, basically classed as a NOBODY, it goes to prove that only us ORDINARY people are classed as thieves, rogues, terrorists, rapists, murderers etc. i wonder how many of the NON ORDINARY people have been guilty of things like getting the head of another country to dig up dirt on a political rival? how many of us ORDINARY people have had to flee to a communist country to protect themselves against being 'erased' for 'whistle blowing' the dirty deeds of the security services against their own countrymen? or how many ORDINARY people have been able to buy certain favors because of their supposed position as a political representative? strange how it's always the likes of us ORDINARY, law abiding people who do nothing wrong are always under suspicion but the lying cheating scheming, self serving fuckers want to keep their underhanded escapades hidden but we cant go for a crap without someone else wanting to know what color it was, when and where it was done and how long it took and how many sheets of toilet paper we used!
    of course it's wrong to steal, to kill, to rape, to blow up others or property but those who want to do this wont be caught until after the event. knowing what every one of us ORDINARY people do, say etc, who have nothing to hide will never stop those who want to commit whatever nefarious deed they decide from hiding everything!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Sep 2019 @ 10:29am

    When will these imbeciles get it through their thick skulls that Facebook, et. al. are not necessarily privy to the keys to decrypt any of their users' communication? And that forcing anything through any channels, legal or otherwise, will only ensure that future version of these services never have such access?

    If they want access to my decrypted communications they need to compel me to provide that access since nobody else can do it. Their little crusade is nothing more than a pipe dream that will bear no fruit.

    reply to this | link to this | view in chronology ]

    • identicon
      bob, 30 Sep 2019 @ 11:28am

      Re:

      But it will get them funding now even if the outcome is known and not in their favor.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Sep 2019 @ 2:17pm

        Re: Re:

        But it will get them funding now even if the outcome is known and not in their favor.

        Their longer-term plan might be to get a bunch of data they know they're not going to be able to decrypt. They'll come back to us in a few years, saying they've gone dark and need new powers.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Sep 2019 @ 10:49am

    I would guess that if the US agrees to any sort of agreement that mandates anonymous speech/press must be done away with at the request of a foreign government will be thrown out upon judicial review.

    Countries with lower degrees of (or completely without) free speech and free press protections would like to force the US to do it differently now just like they wanted the force us to do it differently in 1776. (It's not even a different country)

    If an agreement is made I guess it could do some damage while it's on its way to being challenged.

    reply to this | link to this | view in chronology ]

  • identicon
    bob, 30 Sep 2019 @ 11:27am

    I don't think this is going to go well.

    And officials have, at various times, made unsupported statements about how no one really needs encryption, so maybe companies should just stop offering it.

    And yet consumers prefer to pay extra money for devices and software that include the encryption. Weird. It's as if the whole world is blind and being charged extra for something they don't need and only one organization is "smart" enough to know the truth. It's like, ... like, oh if only there was a word to describe this situation.

    reply to this | link to this | view in chronology ]

  • icon
    JdL (profile), 1 Oct 2019 @ 7:43am

    Five Eyes can kiss my patootie

    "The UK wing of the Five Eyes surveillance conglomerate says the only thing that should be "absolute" is the government's access to communications."

    Bad news, bozos: you ain't getting it. If all else fails, there is steganography, which conceals that a message is embedded in an image or music file.

    reply to this | link to this | view in chronology ]

    • identicon
      A Guy, 1 Oct 2019 @ 3:32pm

      Re: Five Eyes can kiss my patootie

      If you use most consumer electronics you can probably count on 5 eye's, Russia, China, NATO/EU, at least one of the Islamic country treaty blocs and probably India all have access to your devices if they really want it.

      I'm referring to consumer routers, windows, android and OS/iOS at least. Some out of the box Linux distributions are known to be more hole-ridden than others. Also if you use multicore with speculative execution and/or out of order execution processors the extra speed comes at the cost of security.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.