Skip to main content
banner image
venafi logo

Five Eyes Fumble: The Latest Threat to Global Privacy and Encryption

Five Eyes Fumble: The Latest Threat to Global Privacy and Encryption

five eyes encryption and privacy
July 17, 2017 | Emil Hanscom

The Electronic Frontier Foundation (EFF) recently published an in-depth report on the “Five Eyes” alliance: an international coalition made up of intelligence service leaders from Canada, New Zealand, Australia, the United Kingdom, and the United States. During their meeting in June, members of the Australian delegation stated their focus was to "thwart the encryption of terrorist messaging."

Australia has since followed through on their promise to break encryption. On July 14, Prime Minister Malcolm Turnbull announced plans to introduce new legislation that would force social media and messaging companies to decrypt secure messages for the sake of national security.

Danny O’Brien of the EFF believes the Five Eyes alliance may rely on the United Kingdom’s Investigatory Powers Act to form the basis for an international ban on encryption technology. Distressingly, the UK bill is broadly written and grants the government unprecedented surveillance powers.

“Companies could be prohibited from fixing existing vulnerabilities, or required to introduce new ones in forthcoming products,” O’Brien writes. “Even incidental users of communication tech could be commandeered to become spies in her Majesty's Secret Service: those same powers also allow the UK to, say, instruct a chain of coffee shops to use its free WiFi service to deploy British malware on its customers. (And, yes, coffee shops are given by officials as a valid example of a ‘communications service provider.’)”

Theresa May, the author of the Investigatory Powers Act, has repeatedly called for international agreements to “regulate cyber space.” Now, its clear Australia wants to follow suit. This kind of alliance should distress online privacy advocates across the world.

“In venues like the Five Eyes meeting, we can expect Britain to advocate for others to adopt IPA-like powers,” O’Brien explains. “In that, they will be certainly be joined by Australia, whose Prime Minister Malcolm Turnbull…would be happy to adopt the compulsory compliance model of the United Kingdom (as, he implied at the time of the Apple case, would President Trump).”

Unfortunately, the “Five Eyes” alliance represents just the latest chapter in the international debate on encryption. Despite its fundamental role in cyber security and our digital economy, government officials have consistently called for encryption backdoors. While cyber criminals and bad actors have certainly taken advantage of encryption technology, most organizations rely on encryption to secure user names, manage their keys, prevent data misuse, and much more.

International threats to encryption have affected the spending and security practices of organizations around the world. However, instead of discouraging businesses from utilizing this vital technology, these bills have had the opposite impact.

According to a Venafi survey conducted during RSA, one of largest security tradeshows in the world, recent geo-political changes have made 75% of IT professionals personally more concerned about privacy. As a result, 71% said their organization is more concerned about data privacy concerns too. In addition, two thirds (66%) of security professionals said their organization has considered expanding its use of encryption due to changes in the political landscape.

Ultimately, calls for encryption backdoors cause much more harm than good. The Five Eyes alliance will only make the cyber security industry less effective and safe.

As O’Brien concludes: “Intelligence agencies and their secret alliances are no model for oversight and control of the much broader surveillance now being conducted on billions of innocent users of the public Internet. Britain's radical new powers shouldn't be exported via the Five Eyes, either through law, or through data-sharing agreements conducted without judicial or legislative oversight.”

Is your organization concerned about government enforced backdoors?

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more