No, The New Agreement To Share Data Between US And UK Law Enforcement Does Not Require Encryption Backdoors
from the sounds-messed-up-but-hardly-changes-anything dept
It's no secret many in the UK government want backdoored encryption. The UK wing of the Five Eyes surveillance conglomerate says the only thing that should be "absolute" is the government's access to communications. The long-gestating "Snooper's Charter" frequently contained language mandating "lawful access," the government's preferred nomenclature for encryption backdoors. And officials have, at various times, made unsupported statements about how no one really needs encryption, so maybe companies should just stop offering it.
What the UK government has in the works now won't mandate backdoors, but it appears to be a way to get its foot in the (back)door with the assistance of the US government. An agreement between the UK and the US -- possibly an offshoot of the Cloud Act -- would mandate the sharing of encrypted communications with UK law enforcement, as Bloomberg reports.
Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter.
The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said.
The reporting here is borderline atrocious. The article insinuates that this agreement will force Facebook and WhatsApp to turn over decrypted communications or install a backdoor. It won't. The platforms may be compelled to turn over encrypted messages but all UK law enforcement will get is encrypted messages. The reporting here makes it appear as though social media platforms are being compelled to provide plaintext. They aren't.
Sharing information is fine. Social media companies have plenty of information. What they don't have is access to users' encrypted communications, at least in most cases. Signing an accord won't change that. There might be increased sharing of encrypted communications but it doesn't appear this agreement actually requires companies to decrypt communications or create backdoors.
Facebook has already issued a statement saying it opposes any plan that would require the creation of backdoors. It points out the Cloud Act does not mandate backdoors. While it does give the US government permission to engage in extraterritorial searches of US companies' data stores located overseas, it does not demand companies decrypt data or communications for it.
The other factor pointing in the direction of the UK law enforcement beneficiaries ending up with useless garbage is the Cloud Act itself. UK tech lawyer Graham Smith points out the Cloud Act requires agreements like these to be "encryption neutral," meaning neither side can mandate backdoors. Consequently, UK and US government agencies will get what they get when utilizing this new agreement. This means in some cases demands for data and communications will produce incomprehensible text, rather than anything useful.
That said, the UK government dream of encryption backdoors hasn't died. The Bloomberg article quotes UK Home Secretary Priti Patel, who has previously claimed encryption "empowers criminals." This is pretty much the same thing her predecessor, Amber Rudd, said. The less-than-implicit suggestion is that companies providing encrypted communications to users are siding with criminals, rather than the forces of law and order. Any perceived benefits of secure communications apparently pale in comparison to the government's "right" to access the content of communications.
This new accord likely won't (and probably can't) mandate backdoors -- no matter how the Bloomberg article skews it. But an international partnership created solely for the purpose of accessing communications and data applies a lot more pressure than parallel efforts from both sides of the pond.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cloud act, data sharing, encryption, law enforcement, priti patel, uk, us
Companies: bloomberg, whatsapp
Reader Comments
Subscribe: RSS
View by: Time | Thread
so how about totally removing ALL protections and ALL privacy from EVERYONE, including EVERY member of EVERY government, EVERY member of the opposition to EVERY government and EVERY member of EVERY business, legal practice, EVERY security service and EVERY police force and EVERY person in or associated or concerned with ANYTHING, ANYWHERE? as, i suppose, EVERYONE, EVERYWHERE, concerned with ANYTHING is so important as to stop this, unless they are an ORDINARY person, basically classed as a NOBODY, it goes to prove that only us ORDINARY people are classed as thieves, rogues, terrorists, rapists, murderers etc. i wonder how many of the NON ORDINARY people have been guilty of things like getting the head of another country to dig up dirt on a political rival? how many of us ORDINARY people have had to flee to a communist country to protect themselves against being 'erased' for 'whistle blowing' the dirty deeds of the security services against their own countrymen? or how many ORDINARY people have been able to buy certain favors because of their supposed position as a political representative? strange how it's always the likes of us ORDINARY, law abiding people who do nothing wrong are always under suspicion but the lying cheating scheming, self serving fuckers want to keep their underhanded escapades hidden but we cant go for a crap without someone else wanting to know what color it was, when and where it was done and how long it took and how many sheets of toilet paper we used!
of course it's wrong to steal, to kill, to rape, to blow up others or property but those who want to do this wont be caught until after the event. knowing what every one of us ORDINARY people do, say etc, who have nothing to hide will never stop those who want to commit whatever nefarious deed they decide from hiding everything!
[ link to this | view in chronology ]
When will these imbeciles get it through their thick skulls that Facebook, et. al. are not necessarily privy to the keys to decrypt any of their users' communication? And that forcing anything through any channels, legal or otherwise, will only ensure that future version of these services never have such access?
If they want access to my decrypted communications they need to compel me to provide that access since nobody else can do it. Their little crusade is nothing more than a pipe dream that will bear no fruit.
[ link to this | view in chronology ]
Re:
But it will get them funding now even if the outcome is known and not in their favor.
[ link to this | view in chronology ]
Re: Re:
Their longer-term plan might be to get a bunch of data they know they're not going to be able to decrypt. They'll come back to us in a few years, saying they've gone dark and need new powers.
[ link to this | view in chronology ]
I would guess that if the US agrees to any sort of agreement that mandates anonymous speech/press must be done away with at the request of a foreign government will be thrown out upon judicial review.
Countries with lower degrees of (or completely without) free speech and free press protections would like to force the US to do it differently now just like they wanted the force us to do it differently in 1776. (It's not even a different country)
If an agreement is made I guess it could do some damage while it's on its way to being challenged.
[ link to this | view in chronology ]
I don't think this is going to go well.
And officials have, at various times, made unsupported statements about how no one really needs encryption, so maybe companies should just stop offering it.
And yet consumers prefer to pay extra money for devices and software that include the encryption. Weird. It's as if the whole world is blind and being charged extra for something they don't need and only one organization is "smart" enough to know the truth. It's like, ... like, oh if only there was a word to describe this situation.
[ link to this | view in chronology ]
Five Eyes can kiss my patootie
"The UK wing of the Five Eyes surveillance conglomerate says the only thing that should be "absolute" is the government's access to communications."
Bad news, bozos: you ain't getting it. If all else fails, there is steganography, which conceals that a message is embedded in an image or music file.
[ link to this | view in chronology ]
Re: Five Eyes can kiss my patootie
If you use most consumer electronics you can probably count on 5 eye's, Russia, China, NATO/EU, at least one of the Islamic country treaty blocs and probably India all have access to your devices if they really want it.
I'm referring to consumer routers, windows, android and OS/iOS at least. Some out of the box Linux distributions are known to be more hole-ridden than others. Also if you use multicore with speculative execution and/or out of order execution processors the extra speed comes at the cost of security.
[ link to this | view in chronology ]