Privacy not absolute: US among consortium of nations calling for encryption back doors

Posted:
in General Discussion edited September 2018
The privacy of Internet users "is not absolute," according to a statement from a five-country coalition that includes the United States following a meeting about security, with the overall theme demanding technology companies to make social networks and messaging services safer and to offer more support to government agencies to break encryption and access potentially sensitive data.




The meeting, which took place from August 28 to August 29 on Australia's Gold Coast, and included representatives from the governments of the United States, United Kingdom, New Zealand, Canada, and Australia. Described as a forum for collaboration between the countries on domestic security issues, this year's meeting focused on cyber security, counter-terrorism, and countering violent extremism.

In a "Statement of Principles on Access to Evidence and Encryption," the group claims they are committed to personal rights and privacy, supporting the role of encryption to protect said rights. At the same time, the "increasing use and sophistication of certain encryption designs" are said to make things difficult for security agencies in combatting serious crimes and threats to national security, with the same encryption systems used to protect citizens also protecting criminals and terrorists.

"Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute," the statement reads. "It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards. The same principles have long permitted government authorities to search homes, vehicles, and personal effects with valid legal authority."

Calling the increasing gap between the ability for agencies to lawfully acquire the data and the ability to use said data a "pressing international concern" that requires informed debate, the statement goes on to note "Each of the Five Eyes jurisdictions will consider how best to implement the principles" of the statement.

Three principles are offered in the statement, with the first of "Mutual Responsibility" passing some of the responsibility to other stakeholders, including firms involved in telecommunications. Highlighting a "will to work with technology providers" to ensure citizens have access to their data, it goes on to note these firms also need to help assist with the execution of legal orders.

In the majority of cases, major tech companies already provide assistance, with Apple even issuing guidelines in 2014 on how law enforcement and other agencies can request user data. In the case of 2015's San Bernardino attack, the FBI requested data from Apple just three days after the attack, and for some requests, providing data within the same day.

The second principle reaffirms that all assistance that governments request from tech companies is "underpinned by the rule of law and due process protections," in order to maintain democratic societal values.

The last, "Freedom of choice for lawful access solutions," encourages tech companies to "voluntarily establish lawful access solutions to their products and services that they create or operate" in the countries. While governments should not favor a particular technology, the firms providing access should be able to create their own custom solutions tailored to their particular architecture, while still being capable of providing lawful access.

The Freedom of Choice section seems to be a request for companies to produce a "back door" into their products, something that has been central to similar encryption debates over the years. While providing backdoor access would help governments, critics and the companies themselves argue that it would fundamentally weaken encryption for everyone, and wouldn't stop determined criminals from moving on to another more-secure platform or creating their own hard-to-crack encryption scheme.

In a separate statement on "Countering the Illicit Use of Online Spaces," the governmental group discuss the need for online spaces to be safe, and are "gravely concerned" about illegal online content, "particularly the online sexual exploitation of children." Noting that the dark web is not the only source for such content, the group claims social networks and other communications systems are "perpetuating the most abhorrent kinds of child sexual exploitation."

There is also a need to build upon existing efforts to combat terrorist use of online spaces to share radicalization materials, with the group noting that some process has been made to tackle the issue, but it is far from complete. Lastly, the same online spaces are being used to "undermine democratic institutions," an issue that is "delegitimizing the benefits and opportunities that communications and social media platforms create."

The group makes a number of demands for firms in the industry, including the need to develop and implement ways to prevent illegal content from being uploaded at all, and to immediately takedown content that makes it online. For existing content, automated and human systems are needed to "seek out and remove legacy content."

To protect users, the group recommends user safety is built into the design of all online platforms and services. The companies should also set "ambitious industry standards" over such content, and to increase assistance to smaller firms in developing and deploying their own illicit content countermeasures.

The Five Country Ministerial finishes by suggesting "Through the same innovation and cross-sectoral collaboration that has underpinned so many technological advances, the challenge of countering illicit online content is not insurmountable."
«134

Comments

  • Reply 1 of 67
    SoliSoli Posts: 10,035member
    These people deserve a swift kick in their back door.
    StrangeDaysretrogustochabigmattinozRayz2016hammeroftruthdangermouse2racerhomie3magman1979libertyforall
  • Reply 2 of 67
    badmonkbadmonk Posts: 1,285member
    Maybe the priority of the “Five Eye jurisdiction” should be to lock down their data first to prevent hacking.

    It’s time to turn the table and accuse them of violating our privacy by not safeguarding our data.
    SpamSandwichchabigJanNLdangermouse2baconstanganton zuykovlostkiwidoozydozenJaiOh81rcfa
  • Reply 3 of 67
    rob53rob53 Posts: 3,241member
    These governments can have access to my secure data as soon as I get access to theirs. Total transparency on their part. Of course that will never happen.
    dewmeSpamSandwichretrogustochabigracerhomie3baconstanganton zuykovtoysandmedesignrJessiReturns
  • Reply 4 of 67
    badmonkbadmonk Posts: 1,285member
    Crap, I am so pissed off.  They already have access to our Twitter, FB, Google, iCloud data and access to location data.  What more do they want???
    toysandmelostkiwircfaMuntztycho_macuserwatto_cobrajony0
  • Reply 5 of 67
    SoliSoli Posts: 10,035member
    badmonk said:
    Crap, I am so pissed off.  They already have access to our Twitter, FB, Google, iCloud data and access to location data.  What more do they want???

    racerhomie3toysandmedoozydozenrcfaMuntzwatto_cobraspheric
  • Reply 6 of 67
    dewmedewme Posts: 5,332member
    When I saw the topic and “five country” I fully expected to see Russia, China, Iran, Saudi Arabia, and perhaps the Philippines or one of the former Soviet Block countries in the list. This is shameful, but this is how it happens. We are the frog in the pot and they’re slowly turning up the gas.
    p-dogracerhomie3baconstangdesignrlostkiwianantksundarammrakoplasrcfadysamoriacornchip
  • Reply 7 of 67
    lkrupplkrupp Posts: 10,557member
    Scream about your privacy all you want to. Wag your tongues at the "evil" western governments you suffer and struggle under. These are typical responses from anonymous freedom fighters on the Internet who will opine and rage but not take direct action. Guess what? it's coming and there's nothing you can or will do about it. Why is that? Because nobody cares. We in the U.S. put our fellow citizens in concentration camps because we were afraid. Ask George Takei how that happened. 
    p-dogstourquehammeroftruthDAalsethbaconstangtoysandmebadmonkdoozydozenLukeCagechasm
  • Reply 8 of 67
    linkmanlinkman Posts: 1,035member
    "said to make things difficult for security agencies in combatting serious crimes and threats to national security"

    How about this thought -- putting a backdoor in place actually creates its own threat to national security? National security isn't just a product of direct government ability to snoop on suspected criminals but it also includes protecting the privacy, secrets, and sensitive information of its citizens.
    retrogustodangermouse2baconstanglibertyforalltoysandmelostkiwidoozydozenrcfapalomineLukeCage
  • Reply 9 of 67
    Who cares what these craven, self-interested, power-hungry twits say? They’re not getting any of it.
    LukeCagewatto_cobra
  • Reply 10 of 67
    I wholeheartedly subscribe to the principle of 'voluntary […] lawful access solutions'. I hereby call on all criminals and terrorists to refrain from using encryption so that all of us law-abiding citizens may keep our digital lives safe. There. Problem solved.
    dangermouse2watto_cobrajony0
  • Reply 11 of 67
    blastdoorblastdoor Posts: 3,258member
    A secure "backdoor" for governments to lawfully obtain personal/private information in order to pursue criminals and protect law-abiding citizens would be a very good thing

    An insecure "backdoor" that criminals or hostile governments could use to access the private information of law-abiding citizens (or companies, or governments) would be a very bad thing

    The problem is that a "secure backdoor" simply may not exist, and any attempts to create one might land us in the second case. 

    I wonder if a solution might be to have variation in encryption schemes with respect to the computational cost of breaking the encryption. So, encryption of personal communication among ordinary folks (iMessage, mail, social media, etc) uses encryption that is strong enough that it can't be broken using, say, a $10k computer crunching for a week but can be broken using, say, a $1 million computer crunching for an hour or two. 

    Then use progressively stronger (aka, more costly to break) encryption for higher value data and for more trusted individuals/groups. 


    baconstang
  • Reply 12 of 67
    dewme said:
    When I saw the topic and “five country” I fully expected to see Russia, China, Iran, Saudi Arabia, and perhaps the Philippines or one of the former Soviet Block countries in the list. This is shameful, but this is how it happens. We are the frog in the pot and they’re slowly turning up the gas.
    I’m sure they would have eagerly signed too, had they been invited. And is Apple supposed to create region-specific back doors, or just one, available to government officials worldwide, that they might even sell on occasion to support their re-election campaigns? 
  • Reply 13 of 67
    I think that tech companies are going to find that they are NOT larger than government interests. Along with their censorship, techs seem to think they answer to no other authority. Unless it is worth dollars as in China. When it involves hard cold cash, your privacy doesn't take a back seat, it's dumped along side the road. All Five Eyes needs do is make a revenue arrangement and all your data will be cheerfully delivered.
  • Reply 14 of 67
    normmnormm Posts: 653member
    I could imagine complicated schemes, with key-splitting and key-escrow and k of n escrowed keys required, etc.  But all of this just adds inconvenience and vulnerabilities for ordinary users, while criminals will simply use their own secure encryption.  Even ordinary users would start using third party encryption, since it would be safer and more reliable.  So the net effect would be to wreck the built-in convenient encryption, for no lasting benefit.  So just don't do it!


    baconstanglibertyforallrandominternetpersonrcfawatto_cobra
  • Reply 15 of 67
    rob53rob53 Posts: 3,241member
    blastdoor said:
    A secure "backdoor" for governments to lawfully obtain personal/private information in order to pursue criminals and protect law-abiding citizens would be a very good thing

    An insecure "backdoor" that criminals or hostile governments could use to access the private information of law-abiding citizens (or companies, or governments) would be a very bad thing

    The problem is that a "secure backdoor" simply may not exist, and any attempts to create one might land us in the second case. 

    I wonder if a solution might be to have variation in encryption schemes with respect to the computational cost of breaking the encryption. So, encryption of personal communication among ordinary folks (iMessage, mail, social media, etc) uses encryption that is strong enough that it can't be broken using, say, a $10k computer crunching for a week but can be broken using, say, a $1 million computer crunching for an hour or two. 

    Then use progressively stronger (aka, more costly to break) encryption for higher value data and for more trusted individuals/groups. 


    The only chance for a secure backdoor isn't a back door at all, it's simply government control of every computing device using typical device management software, complete with a "secure" certificate (haha) that allows a second person to access your device. This is done all the time in government agencies and many commercial businesses but it's because the data on these devices is owned by the company running them. Personal devices are totally different but these five (stupid) governments just don't seem to get the difference. They've always had someone else monitoring what they have on their devices so they don't know the difference. As for stronger encryption, managed systems don't need anything stronger, they just need adequate firewalls and edge protection devices that protect systems from outside intrusion. As for personal devices, forget it. We will lose any protection of everything we own because too few people actually care about it. It's only the people on forums like this who actually understand what the lose of protection actually means to us and everyone else. 

    I used to be one of those people who monitored the improper use of government devices. 
    libertyforalllostkiwircfacornchipspheric
  • Reply 16 of 67
    macxpressmacxpress Posts: 5,801member
    blastdoor said:
    A secure "backdoor" for governments to lawfully obtain personal/private information in order to pursue criminals and protect law-abiding citizens would be a very good thing

    An insecure "backdoor" that criminals or hostile governments could use to access the private information of law-abiding citizens (or companies, or governments) would be a very bad thing

    The problem is that a "secure backdoor" simply may not exist, and any attempts to create one might land us in the second case. 

    I wonder if a solution might be to have variation in encryption schemes with respect to the computational cost of breaking the encryption. So, encryption of personal communication among ordinary folks (iMessage, mail, social media, etc) uses encryption that is strong enough that it can't be broken using, say, a $10k computer crunching for a week but can be broken using, say, a $1 million computer crunching for an hour or two. 

    Then use progressively stronger (aka, more costly to break) encryption for higher value data and for more trusted individuals/groups. 


    A secure backdoor is an oxymoron.....
    designrLukeCageStrangeDaysdysamoriacornchipdavgregspheric
  • Reply 17 of 67
    Rayz2016Rayz2016 Posts: 6,957member
    rob53 said:
    These governments can have access to my secure data as soon as I get access to theirs. Total transparency on their part. Of course that will never happen.
    Well this is the thing. The UK government wants backdoors, but they did insist that members of parliament and government ministers are exempt from the same requirement. 
    baconstangtoysandmelostkiwiwatto_cobra
  • Reply 19 of 67
    DAalsethDAalseth Posts: 2,783member
    badmonk said:
    Crap, I am so pissed off.  They already have access to our Twitter, FB, Google, iCloud data and access to location data.  What more do they want???
    lkrupp said:
    Scream about your privacy all you want to. Wag your tongues at the "evil" western governments you suffer and struggle under. These are typical responses from anonymous freedom fighters on the Internet who will opine and rage but not take direct action. Guess what? it's coming and there's nothing you can or will do about it. Why is that? Because nobody cares. We in the U.S. put our fellow citizens in concentration camps because we were afraid. Ask George Takei how that happened. 
    badmonk
    What they want is all the time full monitoring of everyone, from when you wake up, when and where you take a p***, to who you know, ato what you buy. Cameras in our bedrooms. in our cars, in our workplaces, on the streets. When governments fear their own citizenry, the people lose. 

    ikrupp
    Sadly you are absolutely right. Outside of a few of us on tech blogs, and inside the industry, nobody gives a crap. Either they don't understand the danger and write it off as more tech mumbo jumbo, or they simply say "I have nothing to hide" which betrays real ignorance. 

    Without strong security, nothing is secure, nothing is private, and no one is safe. Todays innocent web search, is tomorrow's reason to arrest for being an "enemy of the people". 

    EDIT: Let me add one more thing. It's not just governments. The Black Hats are equal, and in some cases ahead of governments. If there is a back door, they WILL exploit it. They will get into your computer, your phone, your bank accounts, your credit cards, your medical records. There are some very nasty operators that would love to get ahold of all of this information. Some to misuse for profit. Some just to cause mayhem. What would happen if Country A was having a dispute with Country B so one day Country B woke up and found all government and company records, and their whole part of the internet just gone, dead? What do you think would happen if one morning the core financial records and their backups for Apple were suddenly just gone? What about all the records for the USDOD? What about your bank, what would they do if tomorrow morning they found that all of their assets had been transferred to an offshore account? What about your computer if it got hijacked and all records obliterated? Without strong security no country, no corporation, no individual is safe. 
    edited September 2018 cornchipwatto_cobramacplusplusgilly017
  • Reply 20 of 67
    mac_dogmac_dog Posts: 1,069member
    Utter fucking bullshit!

    They are masking their original intent by throwing the carrot of “protecting consumer privacy” (to those who are too stupid to realize what’s going on) while tacking on the sole purpose of this consortium—demanding backdoor access.

    They will beat the drum until the public has enough this government is “concerned about their privacy”, then they will make it into law.

    Then we’re seriously fucked.

    That’s what this is all about. 


    DAalsethdanoxcornchipwatto_cobra
Sign In or Register to comment.