Five countries, including the UK, have issued a joint memo calling on their respective government’s to make ‘backdoor access’ to apps mandatory.
The ‘five eyes’, an intelligence alliance comprising of the UK, US, Canada, New Zealand and Australia, issued the warning in a joint statement last week, following a meeting between immigration and security ministers in Australia.
The move also follows demands made by German in December 2017 for similar levels of access.
‘Customised Solutions Tailored To Their Individual System’
Image Credit: NESA by Makers / Unsplash
The statement demanded that tech companies “create customised solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.” Companies that did not comply would be met with “technological, enforcement, legislative or other measures” to ensure full cooperation.
This type of access would allow each government to obtain the encrypted call and messaging data from their citizens. Although they acknowledged the value of encrypted data, the statement argues that encrypted data use “should be rare.”
Providers may create customised solutions, tailored to their individual system.
The Five Eyes
Currently, the existence of end-to-end encryption – which scrambles data from one device to another – means that even tech companies are unable to read user messages. Supporters of this method have argued that the Five Eyes proposition would not only undermine the principle of encryption but also expose users to cyber attacks, and violate the nature of user privacy.
A Right To Privacy?
Image Credit: Jeffery Scism / Flickr
Currently, the right to privacy in the UK is protected through Article 8 of the Human Rights Convention, the right to a family and private life.
While it’s a qualified right, states are supposed to use the least restrictive measures possible when they cut down on our privacy.
However, some, such as Apple CEO Tim Cook, believe that ‘backdoor access’ could lead to breaches in personal security if the tech got into the wrong hands, and that it could set a dangerous precedent for states to look at people’s private data.
Image Credit: Lawrence Holmes / Flickr
Many of Five Eyes’ activities were revealed to the general public in 2013, when documents leaked by National Security Agency Whistleblower Edward Snowden brought to light the existence of multiple information-gathering operations, including the NSA-GCHQ initiative PRISM.
Following these leaks, tech companies became increasingly resistant to government demands to install backdoor access into their software.
These demands lay relatively dormant until 2016, when the FBI launched a lawsuit against Apple, to face the company to construct a tool that would allow them to bypass the encryption in the iPhone used by the perpetrators of the 2015 San Bernardino Attack, who killed 14 people in December 2015.
The case was later dropped after hackers found their way into the phone.
Image Credit: Yiran Ding / Unsplash
In July 2017, the Australian Government announced its intent to introduce new legislation that would require companies to decrypt secure messages. Whilst telecommunications firms already offer similar assistance, companies such as Apple, Google and Facebook do not cooperate in the same way.
An exposure draft of Part 15 of the Assistance and Access Bill 2018, titled “Industry Assistance” would see high-ranking security officials formally request access to encrypted communications from service providers. Although the initial request would only see it handed over on a voluntary basis, this can easily be raised to an official notice, which would legally require companies to hand over data.
Meanwhile, a 2018 report by Privacy International found that, since 2012, police forces across the UK have been downloading data from the smartphones of suspects, victims and witnesses, without the need to obtain permission or file a warrant.
26 out of 47 police forces confirmed they were using mobile phone extraction technology.
26 of the 47 surveyed police forces confirmed that they were using mobile phone extraction technology. A similar report, published by Big Brother Watch in 2017, found that 93 per cent of police forces extract data from digital devices.
Police were able to hook smartphones up to extractive devices to download their data and contents. The information was then used to generate a report that could pinpoint your location, provide details of text messages, and who called you then.
Third-party apps such as WhatsApp and Facebook were also affected. However, as it is not possible to isolate data within a certain type, meaning that texts or photos not directly relevant to the investigation are extracted.
For now, the best way to maintain one’s privacy is through the use of secure VPNs to mask your IP address, or by using the Electronic Frontier Foundations’ HTTPS Everywhere browser encryption extension.