Search the Community
Showing results for tags 'five eyes'.
steven36 posted a topic in Security & Privacy NewsLONDON (Reuters) - The U.S.-led “Five Eyes” intelligence alliance said on Tuesday that tech firms must allow law enforcement agencies access to encrypted material, warning that failing to do so put people at risk. After a two-day summit in London, senior ministers from the group comprising the United States and allies Britain, Canada, Australia and New Zealand, said encryption should not come at the expense of the public’s safety. “We are concerned where companies deliberately design their systems in a way that precludes any form of access to content, even in cases of the most serious crimes,” the group said in a statement following the conference. “Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.” The five English-speaking allies have an agreement to share intelligence and techniques for gathering it, a relationship that evolved from a secret World War Two alliance between British and U.S. cypher and code breaking teams. Encrypted data makes it harder for spies to pry. Western governments have said this can complicate investigations and prosecutions of those involved in child sex abuse or terrorism. However, tech firms have warned that putting “backdoors” into their systems to allow the authorities access would weaken security and make them more vulnerable to attacks from criminals or foreign states. “The Five Eyes are united that tech firms should not develop their systems and services, including end-to-end encryption, in ways that empower criminals or put vulnerable people at risk,” said British Home Secretary Priti Patel. U.S. President Donald Trump’s attorney general William Barr attracted controversy last week when he complained about how the proliferation of “warrant-proof encryption” was making it easier for criminals to “evade detection”. “Encryption presents a unique challenge. We must ensure that we do not stand by as advances in technology create spaces where criminal activity of the most heinous kind can go undetected and unpunished,” Barr said after the security summit. Britain’s Home Office said that the tech industry, which took part in a roundtable with ministers, agreed to collaborate with the Five Eyes on a set of voluntary principles, which will be drawn up by the end of the September, on steps to combat child sex abuse, including the growing threat of livestreaming. Source
steven36 posted a topic in Security & Privacy NewsThis article has been updated with a comment from Facebook. The governments of seven countries are calling on Facebook and other tech firms to do the technically impossible - to weaken encryption by giving law enforcement access to messages, whilst not reducing user safety. The governments of the U.S., U.K., Australia, New Zealand, Canada, India and Japan have issued the joint statement which pleads with Facebook specifically, as well as other tech firms, to drop “end-to-end encryption policies which erode the public’s safety online”. The governments once again raise the issue of child abusers and terrorists using encrypted services such as WhatsApp to send messages without fear of content being intercepted. “We owe it to all of our citizens, especially our children, to ensure their safety by continuing to unmask sexual predators and terrorists operating online,” the U.K.’s home secretary, Priti Patel, said in a statement. “It is essential that tech companies do not turn a blind eye to this problem and hamper their, as well as law enforcement’s, ability to tackle these sickening criminal acts. Our countries urge all tech companies to work with us to find a solution that puts the public’s safety first.” Encryption muddle Once again, the politicians seem unable to grasp one of the fundamental concepts of end-to-end encryption - that putting back doors into the encryption algorithms that allow security services to intercept messages effectively breaks the encryption. According to the U.K. government’s statement, the “seven signatories of the international statement have made it clear that when end-to-end encryption is applied with no access to content, it severely undermines the ability of companies to take action against illegal activity on their own platforms”. Yet, end-to-encryption with the ability for third parties to intercept content is not end-to-end encryption in any meaningful sense. Worse, by introducing back doors to allow security services to access content, it would compromise the entire encryption system. Nevertheless, the “international intervention calls on tech companies to ensure there is no reduction in user safety when designing their encrypted services; to enable law enforcement access to content where it is necessary and proportionate; and work with governments to facilitate this.” As has been pointed out to the governments many times before, what they are asking for is technically impossible. An open letter sent to several of the signatory countries by a coalition of international civil rights groups in 2019 made this very point. “Proponents of exceptional access have argued that it is possible to build backdoors into encrypted consumer products that somehow let ‘good actors’ gain surreptitious access to encrypted communications, while simultaneously stopping ‘bad actors’ from intercepting those same communications,” the letter stated. “This technology does not exist. “To the contrary, technology companies could not give governments backdoor access to encrypted communications without also weakening the security of critical infrastructure, and the devices and services upon which the national security and intelligence communities themselves rely.” “Critical infrastructure runs on consumer products and services, and is protected by the same encryption that is used in the consumer products that proponents of backdoor access seek to undermine,” the letter adds. In response to the statement from the seven nations, a Facebook spokesperson said: “We've long argued that end-to-end encryption is necessary to protect people's most private information. In all of these countries, people prefer end-to-end encrypted messaging on various apps because it keeps their messages safe from hackers, criminals, and foreign interference. Facebook has led the industry in developing new ways to prevent, detect, and respond to abuse while maintaining high security and we will continue to do so. Source