No, The New Agreement To Share Data Between US And UK Law Enforcement Does Not Require Encryption Backdoors
from the sounds-messed-up-but-hardly-changes-anything dept
It's no secret many in the UK government want backdoored encryption. The UK wing of the Five Eyes surveillance conglomerate says the only thing that should be "absolute" is the government's access to communications. The long-gestating "Snooper's Charter" frequently contained language mandating "lawful access," the government's preferred nomenclature for encryption backdoors. And officials have, at various times, made unsupported statements about how no one really needs encryption, so maybe companies should just stop offering it.
What the UK government has in the works now won't mandate backdoors, but it appears to be a way to get its foot in the (back)door with the assistance of the US government. An agreement between the UK and the US -- possibly an offshoot of the Cloud Act -- would mandate the sharing of encrypted communications with UK law enforcement, as Bloomberg reports.
Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter.
The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said.
The reporting here is borderline atrocious. The article insinuates that this agreement will force Facebook and WhatsApp to turn over decrypted communications or install a backdoor. It won't. The platforms may be compelled to turn over encrypted messages but all UK law enforcement will get is encrypted messages. The reporting here makes it appear as though social media platforms are being compelled to provide plaintext. They aren't.
Sharing information is fine. Social media companies have plenty of information. What they don't have is access to users' encrypted communications, at least in most cases. Signing an accord won't change that. There might be increased sharing of encrypted communications but it doesn't appear this agreement actually requires companies to decrypt communications or create backdoors.
Facebook has already issued a statement saying it opposes any plan that would require the creation of backdoors. It points out the Cloud Act does not mandate backdoors. While it does give the US government permission to engage in extraterritorial searches of US companies' data stores located overseas, it does not demand companies decrypt data or communications for it.
The other factor pointing in the direction of the UK law enforcement beneficiaries ending up with useless garbage is the Cloud Act itself. UK tech lawyer Graham Smith points out the Cloud Act requires agreements like these to be "encryption neutral," meaning neither side can mandate backdoors. Consequently, UK and US government agencies will get what they get when utilizing this new agreement. This means in some cases demands for data and communications will produce incomprehensible text, rather than anything useful.
That said, the UK government dream of encryption backdoors hasn't died. The Bloomberg article quotes UK Home Secretary Priti Patel, who has previously claimed encryption "empowers criminals." This is pretty much the same thing her predecessor, Amber Rudd, said. The less-than-implicit suggestion is that companies providing encrypted communications to users are siding with criminals, rather than the forces of law and order. Any perceived benefits of secure communications apparently pale in comparison to the government's "right" to access the content of communications.
This new accord likely won't (and probably can't) mandate backdoors -- no matter how the Bloomberg article skews it. But an international partnership created solely for the purpose of accessing communications and data applies a lot more pressure than parallel efforts from both sides of the pond.
Filed Under: cloud act, data sharing, encryption, law enforcement, priti patel, uk, us
Companies: bloomberg, whatsapp