We could soon enter a new round of encryption wars, but this time governments are taking a different approach.
Seven governments around the world have launched a new campaign to try to persuade large technology companies to reduce the level of security they offer to customers who use their services.
The seven – the US, UK, Canada, Australia, New Zealand, India and Japan – are concerned that the use of end-to-end encryption makes it impossible for technology companies to identify dangerous content such as terrorist propaganda and attack planning. it is difficult for authorities to investigate serious crimes and protect national security.
The requirements are quite worrying
The statement their start in force:
“We, the undersigned, support strong encryption,” saying it plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cybersecurity, and in repressive states it protects journalists, human rights defenders and others. vulnerable people.
Then, of course, comes the big warning:
“We urge the industry to address our serious concerns if encryption is applied in a way that completely prevents any legal access to content.”
The type of end-to-end encryption – which means that messages cannot be intercepted or that a hard drive can never be read without a key – “poses significant challenges to public safety,” warn the seven governments.
These governments want large technology companies to make it possible to take action against illegal content and activity, but without reducing user safety – which is somehow impossible, as technology companies insist.
“We challenge the assertion that public safety cannot be protected without compromising privacy or cyber security. We strongly believe that approaches that protect each of these important values are possible and we strive to work with industry to find mutually agreeable solutions, ”the statement concluded.
Technology companies claim that end-to-end encryption protects users’ privacy rights, and weakening such encryption – by creating a so-called “backdoor” that would allow authorities to see messages – would expose all kinds of private communications to the risk. cyber attacks and would also force the delivery of data to oppressive regimes.
End-to-end encryption makes the life of technology companies easier and also allows them to claim the moral ground in terms of confidentiality.
The encryption conflict is not new
Governments are half-heartedly trying to fight in encryption wars, with little success – largely because I know it’s hard to solve.
I know it’s almost impossible to ban the use of end-to-end encryption. Of course, laws could be passed to ban and block encrypted apps from local app stores.
But this is extremely difficult to justify and even harder to enforce – even for states like Russia, which have tried to ban encrypted services.
And even if it chose a ban, encryption would simply move to the black market or abroad and be as well protected as ever. But an ordinary person on the street would not be able to access strong encryption and would therefore be more at risk.
A policy that makes ordinary people less safe, while doing little to address the real issue, will not receive much support. Imagine that you are the politician who has to explain to the country that their data has just been collected by a foreign power as a result of your policy.
The so-called solution appears
GCHQ from Britain came up with an idea called the “ghost protocol,” which would add the government as a secret listener to every call. But while the GCHQ scheme has technical merit, if technology companies would allow an agency to do so, they would have to struggle to exclude others. So talking to your colleagues about what to watch on Netflix could quickly become full of spies around the world.
This is because governments will inevitably exceed the limit and use such powers to increase their overall oversight. It is worth remembering that many of these technology companies have introduced end-to-end encryption precisely because governments spy on everyone’s conversations.
A new approach
So what’s going on here? Adding two new countries – Japan and India – the statement suggests that more governments are becoming concerned, but the tone is slightly different now. Maybe governments are trying a less direct approach this time around and hoping to put pressure on technology companies in a different way.
“I find it interesting that the rhetoric has softened slightly,” says Professor Alan Woodward of the University of Surrey. I don’t say ‘do this or that’ anymore.
What this note is trying to do is bring the ball back firmly into the field of technology companies, says Woodward, suggesting that technology threatens people by failing to grant their demands – a potentially effective tactic in building a public consensus against technology companies.
Even if the police and intelligence agencies cannot always receive encrypted messages from technology companies, they are certainly not without other powers. The UK has recently enacted legislation that gives law enforcement powers widespread powers to access computer systems in search of data.
So will governments be more successful with their new, easier approach? In the short term, probably not.
End-to-end encryption creates real and tragic problems for police and crime victims, yet governments have not made a decent argument to make us all less secure in response to these problems.
However, governments are increasingly aware of the impact of large technology companies and are increasingly willing to expose them. It may take only a few high-level situations where strong encryption prevents a terrible crime from being stopped or investigated, so that governments believe that public opinion can be shifted in their direction.