Western governments like Australia, Canada, New Zealand, the UK, and the US as well as India and Japan have released a joint statement calling tech firms to “enable law enforcement access to content” upon production of a warrant.
In other words, these western governments are looking to bring an end to “end-to-end encryption”, stating that the technology is getting into the way of investigations into serious crimes such as terrorism and child abuse.
End-to- end encryption is a system of communication where only the communicating users can read the messages.
In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.
The statement’s signatories call for tech firms to “embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offenses and safeguarding the vulnerable.”
The GCHQ (Government Communications Headquarters – the intelligence and security organization responsible for providing signals intelligence and information assurance to the government and armed forces of the United Kingdom) went as far as to come up with a proposal for adding an extra party to an end-to-end encrypted chat via a “ghost” feature.
This gives us an idea into the sort of approaches intel agencies have in mind.
Many security experts do not agree with the methods outlined in the proposal and argue that they undermine the privacy of end-to-end encryption (E2E).
E2E encryption systems are effective and trusted because they use cryptographic keys to encrypt and decrypt communications.
These keys are held on the devices of the users, such as smartphones, rather than with the carriers or providers.
What this means is that the users don’t have to trust their ISP’s or service providers not to snoop because they simply do no have access.
Popular instant messaging apps such as WhatsApp, iMessage, and Signal have placed E2E encryption in the hands of the average smartphone user.
Western governments claim that they support encryption in general but more as a way to secure e-commerce transactions and protect the communications of law abiding citizens and businesses.
Really, they are saying it is just E2E encryption that they have issues with because they hamper with investigations of serious crimes.
The anonymous privacy activist behind the Spy Blog Twitter account noted that:
UK already has law for disclosure of plaintext material, regardless of encryption tech, but they want to do it in secret, in bulk.
Regulation of Investigatory Powers Act 2000 Part III Part III
Investigation of electronic data protected by encryption etc. https://t.co/bcBCdhQ72j
— Spy Blog 🇬🇧 (@spyblog) October 11, 2020
Malware can be used by law enforcement against individuals targeted in surveillance operations, a tactic which if successful gives access to content without needing to break encryption.
And police in countries such as the UK, for example, already have the ability to compel disclosure of encryption secrets from suspects.
Many security experts are criticizing the latest government push to mandate back-doors and make E2E accessible only to law enforcement.
They have compared it to the 1990’s when a similar push was made and it led to failed government encryption policies which included efforts to control the US export of encryption technologies and attempts to mandate key escrow.
Katie Moussouris, chief exec of Luta Security and an expert in bug bounties, tweeted:
Amid all your other apocalypses, please pay close attention to the end-to-end encryption one.
The 1st time they did this (look up crypto wars), it weakened e-commerce & all other web transactions for over a decade, enabling crime.
I wish we didn’t have to repeat these facts. https://t.co/zevVakIYLi
— Katie Moussouris (she/her) (@k8em0) October 11, 2020
Encryption of any type can be viewed as a branch of applied mathematics but arguments that “anyone can implement encryption in a few lines of code” miss the point that what governments are seeking is to “make encryption tools inaccessible to the broader public,” according to noted cryptographer Matthew Green.
So what makes this government push different than the failed crypto wars attempt in the 90’s?
Simply put, governments have more levers to apply pressure on tech firms, including app store bans.
A recent example is the recent threat made by the Trump administration to ban TikTok in the US over supposed national security concerns unless owners Byte Dance sold the technology to a US firm.
Green noted: “The current administration has demonstrated that app store bans can be used as a hammer to implement policy, and you can bet these folks are paying attention.
“I also think that sideloading capability is likely to be eliminated (or strongly discouraged) in a regime where encryption bans are successful,” he added.
“End-to-end encryption is a key tool towards securing the privacy of everyone on the planet, as the world becomes more connected. It must not be derailed, instead the police should be better funded for traditional investigation,” Muffett said on Twitter.