Skip to main content
banner image
venafi logo

Five Eyes Alliance War Against Encryption: Is Your Privacy Not Private?

Five Eyes Alliance War Against Encryption: Is Your Privacy Not Private?

five eyes alliance war on encryption
September 4, 2018 | Guest Blogger: Anastasios Arampatzis

The Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. The origins of the FVEY can be traced back to the post–World War II period when they developed capabilities like ECHELON to monitor the communications of the former Soviet Union and the Eastern Bloc.

In the long standing war between tech companies and governments over encryption, the latest Five Eyes communiqué and Statement of Principles of Access to Evidence and Encryption add a new chapter.

The FVEY targets to increase government powers to seek access to otherwise private information when the courts authorized it, a concept known as “lawful access”. Although the involved governments recognize that “Encryption is vital to the digital economy and a secure cyberspace, and to the protection of personal, commercial and government information”, they insist that “the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security”. They go on saying that the same encryption used to protect "personal, commercial and government information" is also used by "criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution".

The countries’ reasoning is that the same principles have applied to searches of homes and other physical spaces for years, but they face a serious problem. The principles that allow government agencies to search homes don't give them the ability to access the content of encrypted data.

This argument has been made countless times before with the most notable example in the U.S. being the investigation into the San Bernardino shooting of 2015, when the FBI tried to force Apple to break the encryption on an iPhone owned by one of the shooters. The company refused, saying complying with the request would set precedent and expose flaws in the iPhone's security that others could exploit.

Despite that, the Five Eyes insist that technology product and service providers have a responsibility to help governments access the data they need. In addition, the ‘Freedom of choice for lawful access solutions’ encourages companies to “voluntarily establish lawful access solutions to their products and services that they create or operate in our countries”. And if they don’t abide by this, the governments “may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”

There you have it. The governments are demanding that the tech companies help them voluntarilyDemand and volunteerism are two contradicting terms, which cannot exist in the same sentence. Even their approach to lawful access appears conflicted. Although the communiqué says that “The five countries have no interest or intention to weaken encryption mechanisms”, yet the statement on encryption appears to advocate exactly that. Should encryption be removed during transit to allow Five Eyes access to data, that encryption is weakened.

There have been many other times when concerns about governments forcing tech companies to put backdoors in their products were piqued. The argument is often the same: privacy advocates say encryption is required to allow people to live their lives without invasive government scrutiny, and law enforcement agencies say that offering secure products hinders their investigations. Thus far the privacy advocates have won because it's simply impossible to guarantee a backdoor would only be used for lawful investigations; anyone could exploit the vulnerability.

Even if the group was careful enough to avoid previous criticisms about their desire for backdoors, the truth is that they are demanding government controlled backdoors even if industry professionals believe that they do not understand the threats to digital privacy. As Jeff Hudson, Venafi CEO commented:

“Simply put: giving the government backdoors to encryption destroys our security and makes communications more vulnerable. Government mandated backdoors will allow cyber criminals to undermine all types of private, secure communications. With all of the rhetoric around the topic of encrypted backdoors, it’s easy to lose sight of the facts—any government that mandates backdoors is no different from the world’s most authoritarian governments. At this moment, citizens in the US, UK and more have basic rights to privacy. But, if governments mandate backdoors that protection goes away.”

The irony is that these encryption technologies, relatively unused during the 2000s, grew exponentially after Edward Snowden's revelations in 2013. The whistleblower had shown the existence of the massive Internet surveillance system implemented by ... the Five Eyes. It is mainly in response to the existence of this vast surveillance system, set up almost without any judicial control that the web giants have begun to massively adopt "end-to-end" encryption.

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

silhouette of a person waving goodbye at an airport

EV Certificates: It’s the End of the World as We Know It (and I Feel Fine)

executive man with forward looking glasses leaning up against a wall, self assured

Why Is NIST SP 1800-16 So Important? [Think Executive Buy-In]

two people starting at a robot, replacing their jobs

What is the ACME Protocol and How Has It Changed PKI?

About the author

Guest Blogger: Anastasios Arampatzis
Guest Blogger: Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat