The political leadership of the Five Eyes’ law enforcement infrastructure has put the world’s tech giants on notice that governments expect them to open up encrypted data – and build the means to do so into their products – where it involves serious crime or a threat to national security.
A meeting of Home Security, Public Safety and Immigration ministers from Australia, Canada, New Zealand, the UK and US on the Gold Coast last week produced an official communique that effectively warns tech companies: open up your encrypted systems when we ask, or we will enact laws that will force you to do so.
The so-called ‘Five Country Ministerial 2018’ states plainly that while encryption was vital to the digital economy and to the protection of personal, commercial and government information, the increased use of certain encryption designs presents ongoing challenges, including on national and global security.
If there is a line being drawn in the sand, this is where it starts. The ministers and attorneys general at the meeting do not prescribe how the goals of the communique would be achieved within each member nation.
But the statement is clear: Cooperate with member governments voluntarily or mechanisms will be legislated. The statement of principles is a commitment by the Five Eyes member countries to harmonising the policy intent.
Invoking the Five Eyes intelligence sharing treaty is instructive here. This is not a Five Eyes’ communique – but it does bring the weight and history of Five Eyes’ signal intelligence co-operation between member states into a domestic and political context.
The governments state clearly the limits of privacy, but say they do not seek powers of investigation beyond the standard legal approaches in the offline world.
“Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute,” the statement said.
“It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards.
“The same principles have long permitted government authorities to search homes, vehicles, and personal effects with valid legal authority.”
The governments warn there is an increasing gap between the ability of law enforcement to lawfully access data. They say it is a pressing international concern that requires urgent, sustained attention and an “informed discussion on the complexity of the issues and interests at stake.”
They say court decisions about legitimate access “are increasingly rendered meaningless, threatening to undermine the systems of justice established in our democratic nations.”
“Each of the Five Eyes jurisdictions will consider how best to implement the principles of this statement, including with the voluntary cooperation of industry partners.”
“Any response, be it legislative or otherwise, will adhere to requirements for proper authorization and oversight, and to the traditional requirements that access to information is underpinned by warrant or other legal process.”
“We recognise that, in giving effect to these principles, governments may have need to engage with a range of stakeholders, consistent with their domestic environment and legal frameworks.”
The ministers admonished the digital industry for not accepting an invitation to participate in a discussion about the “on pressing issues regarding the illicit use of online spaces.”
“We reiterated the need for digital industry to take more responsibility for content promulgated and communicated through their platforms and applications.”
“We agreed to a Joint Statement on Countering the Illicit Use of Online Spaces, outlining our communities’ high expectations of digital industry companies, with a focus on countering online child sexual abuse and exploitation, and violent extremist and terrorist material.”
That statement called for industry investment in new human and automated detection capabilities, and underlined the importance of the sector’s largest players “to set industry standards and to help smaller companies deploy these capabilities to their platforms.”
The member groups also called for increased efforts to counter foreign interference and disinformation conducted via online platforms.