The heads of law enforcement agencies in Australia, Canada, New Zealand, the United Kingdom, and the United States have once again jointly issued a statement calling for back doors in encryption. India and Japan also signed it, but not the Ministry of Home Affairs in India or the National Public Safety Commission in Japan — just “India” and “Japan”. I’m linking to the one posted on the Canadian government’s website because it is my patriotic duty, or whatever, but all of them say the same thing. For example, they all open with the same lie:
We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the UN Human Rights Council. Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.
“We … support strong encryption” is about to become a nonsense phrase, as you read on to discover that, yes, of course they want a way to decrypt otherwise strong encryption at their demand and whim:
We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:
- Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; […]
It will not surprise you to learn that there are no proposals for how strong encryption is supposed to be implemented in such a way that would allow law enforcement access to its data in unencrypted form while keeping out unlawful requests, authoritarian regimes, or criminals. Nor is it clear whether these governments believe it should be illegal to produce or distribute encryption mechanisms that do not have an official back door.
This statement understandably cites the exploitation of children as a rationale for law enforcement access. However, it is worth pointing out that many abusers have been arrested and charged even while using strong encryption. The CBC produced a podcast called “Hunting Warhead” about one such case. Attempting to hide illegal activity using encryption is not solely reserved for child abusers — just last week, several terrorists were arrested in the United States for plotting to kidnap the governor of Michigan. They used several encrypted messaging clients, but the FBI had informants that were in those group chats.
If you are reading this website, it is safe to say that you are more technically literate than the average person and probably know a lot of this stuff already. What I am trying to get at is that it is not sufficient for seven countries’ governments — or seventy, or a hundred and seventy — to say that they demand access to encrypted data under lawful order while ensuring its safety at all other times. They must produce a proposal for how that can be done. Otherwise, this is nothing more than a public relations campaign intended to sway mass opinion in opposition to encryption.
Back when Apple was opposing the creation of a back door for the iPhone used by one of the attackers in San Bernardino, I distinctly remember an acquaintance demanding that Apple put a special law enforcement-only key in all iPhones. Not wanting to be the subject of an xkcd strip, I did not comment. But I think it is necessary for those who understand the technical impossibility of these demands to explain them in simple terms so that more people see why this is not feasible without undermining encryption overall.