The Five Eyes nations have declared that spy agencies and police officers should have backdoor access to encrypted messaging, after a two-day meeting in London.
The meeting was hosted by the new UK home secretary, Priti Patel, in an effort to combat child abuse and terrorism online. Officials speaking to the Daily Telegraph said that access would be limited to “exceptional” cases of terrorism or child abuse, and that access would only be allowed after judicial and ministerial approval.
The Five Eyes alliance is a group of Anglophone spy agencies which share national and international intelligence with one another. The group is comprised of the spy agencies of Australia, the USA, Canada, the UK and New Zealand. It is part of multiple other, larger, intelligence alliances, including the Nine Eyes and Fourteen Eyes international agreements.
Critics claim that undermining encryption would lead to new vulnerabilities and would undermine authentication systems. Breaking encryption standards would also lead to the end of secure financial transactions on the internet, and in most supermarkets as point-of-sale terminals often transfer payment details over a secure internet connection.
The technical solution to this would be for service providers to “silently add a law enforcement participant to a group chat or call”, according to GCHQ and National Cyber Security Centre directors Ian Levy and Crispin Robinson.
This strategy is popularly known as the ‘ghost proposal’, and was condemned by more than 50 tech companies and NGOs including Apple, Google, and Human Rights Watch in an open letter published by Lawfare. The ghost proposal’s critics argue that it would violate the fundamental human rights to privacy and free expression. It would also introduce new vulnerabilities and undermine authentication systems.
The London Bridge terror attack in 2017, which resulted in the deaths of eight civilians, was coordinated by its perpetrators via end-to-end encrypted messaging service WhatsApp. The UK government believes this may have stopped the police from identifying and preventing the attack.
The new attacks on encryption come weeks after MI5 was found to have “ungoverned spaces” in its operations where it did not know how much nor what specific data it held.
Simon Migliano, Head of Research at Top10VPN.com, said in reaction to the news: “It’s deeply concerning that the issue of encryption ‘backdoors’ is back on the agenda at the highest level despite being thoroughly debunked time and again.
“By purposefully weakening the encryption standards used in everything from end-to-end encrypted communications to online financial transactions, the social and economic ramifications alone would be severe.
“This situation would be a goldmine for hackers as consumer confidence drained away. Worst case scenario, we could see the economy grind to a halt as we regressed to a pre-internet age.
“Vital national infrastructure and vast numbers of IoT-enabled devices would also become vulnerable to attack.
“On the other hand, targeting specific apps such as Whatsapp or Signal would be utterly ineffective. As soon as any backdoor came to light, users would flee to more secure options as hackers set about exploiting it.
“More importantly, any serious criminal would either steer away from mainstream chat apps or ‘roll their own’ using open source encryption libraries, rendering the whole thing pointless.”