‘Five Eyes’ nations demand access to encrypted data
WASHINGTON — The United States and its closest intelligence partners have quietly warned technology firms that they will demand “lawful access” to all encrypted emails, text messages and voice communications, threatening to compel compliance if the private companies refuse to voluntarily provide the information to the governments.
The threat was issued last week by the United States, Britain, Australia, New Zealand and Canada, the so-called Five Eyes nations that broadly share intelligence. Collectively, they have been frustrated by the spread of encrypted apps on cellphones and the ability to send encrypted messages through social media and, most prominently, on Apple’s iPhones.
The issue flared repeatedly during the Obama administration, with the former FBI director, James Comey, warning that law enforcement officials were “going dark” as nefarious actors relied on encrypted channels to discuss or plan criminal activity or terrorist plots. But the Trump administration has said little about the subject, even after the meeting in Australia where the demand was issued in a joint statement by the five nations.
“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries,” the joint statement said, “we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
The new demands by the five nations threaten to rekindle a debate that seized Washington and Silicon Valley after Apple gradually began encrypting more data on its phones.
At the core of the dispute is whether Apple, Facebook, Google and others should be compelled to provide a “back door” to their products that would allow government investigators to gain access to all communications, with a legal order.
It is far from clear that Congress is ready to take on the technology companies on this issue, especially because more companies and citizens are turning to encryption to protect sensitive conversations and financial transfers.
Ordinary Americans are also increasingly using encrypted apps to conduct delicate conversations to prevent monitoring by the government or others.
On Tuesday, staff members of key congressional committees said they had received no briefings on the accord from Australia and questioned how they could construct rules that provided access to all encrypted communications.
One Senate staff member said the memo was unenforceable in its current form.
Facebook and Google were similarly surprised and questioned what sort of measures would be put into place with firms that did not comply.
Facebook did not comment directly on the memo, but referred questions back to a public blog it published in May explaining the company’s policies on encryption and why it did not want to create back doors.
“Cybersecurity experts have repeatedly proven that it’s impossible to create any back door that couldn’t be discovered — and exploited — by bad actors,” Facebook said in the blog post. “It’s why weakening any part of encryption weakens the whole security ecosystem.”
The debate was fueled in part by Apple’s refusal to unlock an iPhone used by one of the attackers in a 2015 shooting in San Bernardino, California, as demanded by the FBI.
A year earlier, Comey had cited “concerns” about encryption apps that he described as “companies marketing something expressly to allow people to hold themselves beyond the law.”
In response, Tim Cook, Apple’s chief executive, contended that once phones or messaging systems were designed to allow legal access, hackers from Russia, China, Iran, North Korea and elsewhere would use the breach to pry their way in, destroying technology devised to protect privacy.