Blog: The Five Eyes are still trying to undermine encryption

Another year, another Ministerial meeting of the Five Eyes —one of the most powerful known espionage alliances in history. Every year, Ministers from the five member countries (Australia, Canada, United States, New Zealand, United Kingdom) gather to tackle the big challenges they think they face. In their own words, the annual Ministerial meeting has “matured to become the pre-eminent forum for collaboration among the five countries on domestic security issues.”

It has also become the annual opportunity for these countries to come together and declare war on the technologies we all depend on for security in our online spaces. In recent years, there has been a growing focus on encryption. Like clockwork, the resulting statement from these conferences has focused on some bogeyman national security threat and emphasizes the need to weaken or, as they prefer to put it, provide national security agencies “access to” encrypted communication.

We write “access to” encrypted communications in quotation marks because while the Five Eyes statements attempt to distinguish how this does not amount to weakening encryption, technologists and experts agree that there is no secure way to execute that request without introducing critical weaknesses to the infrastructure itself. This 2015 paper Keys Under Doormats is a great reference point if you would like to dive into those arguments further.

Encryption remains one of the most essential and critical pieces of our online infrastructure. Sure, it protects e-commerce and services like online banking. But it also ensures the integrity and confidentiality of messages and emails we send to our friends and networks, especially now that more mainstream communications providers adapt it seamlessly. We can all be grateful that encryption is now so readily available and accessible, it adds a layer of security to everything we do online that we never have to actively think about.

So while it is now easy to not notice how much we rely on encryption, we’d definitely notice if it wasn’t there. If credit card numbers travelled across the network unprotected, criminals would have a field day. Consider the potential for state sponsored hacking and digital warfare if critical infrastructure systems that rely on the network (think power grid, mass transit, health data systems) were open access to anyone with a computer.  Imagine how much autocratic leaders would like to get access to messages exchanged between dissidents.

That of course is what troubles the Five Eyes intelligence alliance—the ubiquitous nature of encryption has made things safer for us, but harder for them. You’d think these agencies would see the benefits, but they realise that strong, widespread encryption makes the internet much harder to control. The arguments they use are often that encryption prevents law enforcement agencies from carrying out criminal investigations, but there is ample evidence that this is not the case as police have dozens of different tools at their disposal to break into devices they are lawfully searching if necessary.

No, the Five Eyes frustration is that encryption has made surveillance more difficult, and the fact that this year they have joined forces with India and Japan to make their annual statement has alarmed some journalists about the growing interest in communications surveillance.

Want to hear more?

On 14 October, Lucie (our Programme Director) went on Byte Into It to speak about the Five Eyes, International Production Orders (which are currently under consultation by the Australian government), and how it all ties together. If you missed this program on 3RRR, you can tune in here!

You can also head over to this New York Times piece, Australia Wants to Take Government Surveillance to the Next Level, written by our Board Chair, Lizzie, to read about the interplay of Five Eyes surveillance and Australia’s efforts to undermine encryption at home. The article is from 2018, but it has aged like fine wine since the government hasn’t shifted gears in spite of extensive pressure and criticism.

The good news is that the encryption law discussed in that article – passed into law in spite of considerable controversy – has now been the subject of a critical report by the Independent National Security Legislation Monitor (the watchdog for national security law). Those concerns are currently being mulled over by the Parliamentary Committee responsible for reviewing the laws. So it’s possible we’ll see some reforms!