Australia will push “thwarting the encryption of terrorist messaging” at a meeting of the Five Eyes nations in Canada this week.
Attorney-General George Brandis and Minister for Immigration and Border Protection Peter Dutton said the need for cooperation from service providers regarding encryption will be raised as a “priority issue” in the security talks between Australia, Canada, New Zealand, the United Kingdom and the United States.
“As Australia’s priority issue, I will raise the need to address ongoing challenges posed by terrorists and criminals using encryption. These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies,” Brandis said in a statement yesterday.
Australia is likely to gain cautious support from other Five Eye member nations. While many back the concept of compelling tech firms to give them access to encrypted data, it is yet unclear how this will work in practice.
Each nation must also consider past embarrassments in the area, and likely kick-back from privacy advocates and technology companies.
Four Eyes’ view
US: Before losing his position as FBI director, James Comey set out the position of the US with regards to encryption, saying an international agreement between governments could ease fears about IT products with government-mandated backdoors.
“I could imagine a community of nations committed to the rule of law developing a set of norms, a framework, for when government access is appropriate,” he said at an address at the University of Texas at Austin, in March.
Last year, the FBI publicly feuded with Apple over gaining access to a locked iPhone from the San Bernardino shooter. Comey argued said the tech industry can find an approach that creates government access, while keeping malicious actors out.
Comey was dismissed by President Donald Trump in May.
Canada: In March, Dominic Rochon, chief privacy officer of Canada’s Communications Security Establishment (CSE, comparable to the Australian Signals Directorate) said in a speech that terrorists were “adaptive and tech-savvy” and used “powerful encryption to better avoid detection”.
However, a recent national security federal consultation in the country saw majority opposition to weakening encryption technology. “If encryption is weakened or outlawed, criminals will continue to have access to it and it is law-abiding citizens who will suffer. That is a bad outcome,” the Information Technology Association of Canada noted in its submission.
United Kingdom: UK Home Secretary Amber Rudd, speaking in the wake of a spate of terrorist attacks in the country, said that tech firms need to “limit the amount of end-to-end encryption that terrorists can use”.
The UK has already passed its Regulation of Investigatory Powers Act which put into law a requirement for technology providers to provide the government with a backdoor into end-to-end encryption. However, the government is yet to detail how the act will work in practice and how it will compel overseas providers to comply.
New Zealand: The government in New Zealand has not yet stated a firm position on expanding its powers around encryption. In February, Andrew Hampton, director of New Zealand’s Government Communication’s Security Bureau, spoke of the importance of the bureau being “transparent as possible” and accountable for its actions.
Dispelling the myth that Five Eyes was a “shadowy intelligence sharing partnership”, Hampton said that it was “just not that shadowy”.
“As with all of our activities, any sharing of intelligence with partners needs to be in accordance with New Zealand law and our international human rights obligations,” he said.
Not a backdoor
Earlier this month, Prime Minister Malcolm Turnbull said that encrypted messaging apps were frequently used by “criminals and terrorists” but “at the moment, much of this traffic is difficult for our security agencies to decrypt”.
In a national security statement to the House of Representatives, Turnbull explained that the Five Eyes summit would be used to discuss how to prevent terrorists and criminals from operating “with impunity in ungoverned digital spaces online”.
“This is not about creating or exploiting back doors, as some privacy advocates continue to say, despite constant reassurance from us. It is about collaboration with and assistance from industry in the pursuit of public safety,” he added.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.