“Five Eyes” governments respond to coalition demands to stop undermining encryption

In June, Access Now joined more than 80 members of civil society from the “Five Eyes” countries — Australia, Canada, New Zealand, the United Kingdom, and the United States — in a letter urging government leaders to protect strong encryption. The letter, a response to the meeting of Five Eyes government representatives in Ottawa, Canada, called for “an unequivocal rejection of laws, policies, or other mandates or practices—including secret agreements with companies—that limit access to or undermine encryption and other secure communications tools and technologies.“ To weaken encryption, we wrote, would not stop terrorists or criminals from attacks, but would expose law-abiding companies, government agencies, and innocent individuals to needless risk. You can read the letter in full here.

Access Now and the other signatories have now received replies from representatives of three of the five “Eyes”: New Zealand, the U.K., and Canada. Below, in conjunction with our international partners, we summarize those responses, highlight important facts, and discuss the next steps these nation’s officials should take to keep the internet secure.

New Zealand (August 7, 2017)

What’s at stake? The response from New Zealand, signed by the Hon. Christopher Finlayson, acknowledges receipt of the letter and, in its offer for future meetings, underlines the importance of the issue.

What do we learn? Attorney General Finlayson explains that he has asked two top officials — the Director of National Security Policy and the Director of the National Cyber Policy — to meet with the New Zealand-based groups that signed the coalition letter, signifying a continued interest in the issue.

What next? With New Zealand’s 2017 elections, the groups listed in the letter have not yet had the opportunity to meet with the cabinet members. Government leaders should now schedule and open up these meetings to additional stakeholders in New Zealand, as well as to international experts. In addition, they should invite other ministers, like the Minister for Trade and the Minister for Science and Innovation, to participate.

Canada (August 21, 2017)

What’s at stake? The Canadian response lays out the central issues in the debate over encryption, explaining both that its use has “created significant challenges for law enforcement and national security agencies,” as well as that it is of “fundamental importance…for cyber security, for the digital economy, and for the exercise of Canadians’ rights and freedoms online.”

What do we learn? The Hon. Ralph Goodale, the letter’s signatory, explains that the Canadian government will continue to analyze encryption and consider steps for government. He also commits to keeping encryption within the priorities of the Five Eyes countries.

What next? The Canadian government has yet to commit to a public position on encryption, while clearly continuing to view the issue as a priority and one to be advanced through the Five Eyes partnership. Before formulating its position, Public Safety Canada should reach out to experts on encryption and human rights, such as U.N. Special Rapporteur David Kaye.

United Kingdom (September 21, 2017)

What’s at stake? The response from U.K. Home Secretary Amber Rudd contains the most detail of the three letters. The Home Secretary starts by listing the actions the government has taken in acknowledgement of human rights like privacy and freedom of expression. She then writes in recognition of the role encryption plays in the digital economy and follows that by further recognizing that only a “small minority of people” use encryption to obfuscate communications about crime or terrorism. However, her emphasis is clearly on the ability to ensure access to any communication at any time, which is clear from her statement, “if our law enforcement or security and intelligence agencies cannot see what a terrorist or criminal is planning then they cannot stop them.” Despite this, Secretary Rudd insists this is not her goal:

The U.K. Government does not want unfettered access to all communications, and we do not want to be able to decrypt and read everyone’s communications all of the time. We do not want technology companies to create a universal key or a so-called backdoor into their systems. And we have no intention of banning end-to-end encryption or of trying to weaken the security of industry standard encryption that is used to secure the global trade and communications we rely upon in our daily lives. But we do intend to work with the technology companies to better understand the decisions they have made whilst implementing encryption within their services and identify ways for our law enforcement and intelligence services to gain specific information about what serious criminals and terrorists are doing online, without compromising wider safety and security of their systems for lawful users.

What do we learn? Like Minister Goodale of Canada, Secretary Rudd describes future actions with the Five Eyes countries, while also expanding the coalition of governments the U.K. plans to work with to include the G20 and E.U. member states. We also learn that Secretary Rudd expects encryption to be a topic in the recently launched Global Internet Forum to Counter Terrorism (GIFCT).

What next? Recently, Access Now named Secretary Rudd a human rights villain, alongside Australian Attorney General George Brandis, for her continued public statements opposing the development of strong encryption. Secretary Rudd should include civil society groups, as well as technologists and academics, in the government and corporate forums that she recognizes as places of consultation. She should also commit to reviewing the recently passed Investigatory Powers Act and its accompanying protocols to ensure that U.K. officials will never ask private companies to deliberately undermine the security of their products or services.

United States and Australia

Officials from the United States and Australia have not yet responded to the coalition letter. We encourage officials from these countries to commit to providing a response and pledging to support the development and use of encryption.

In February 2016, a top official from the Australian Cyber Policy and Intelligence Division responded to a broader open letter from rights groups to all world leaders on the importance of encryption. That response expressed general support for encryption as a “critical” part of the modern economy, though it noted that criminals have increasingly used encryption to foil law enforcement. Now, however, it appears that Australian officials are actively engaging in conversations about undermining strong encryption. It is therefore vital that relevant agencies and officials meet with members of civil society and others on the central role that encryption plays not only in commerce and protecting human rights, but also in defense.

The Five Eyes nations represent some of the most powerful governments in the world. When officials from these countries gather to discuss options to undermine the vital digital security tools like encryption that keep us safe, it has dangerous implications for people all over the world. These officials must live up to their responsibility as global leaders, stepping back from any call to weaken digital security, and instead to commit themselves to recognizing and promoting tools like encryption that keep the internet and our digital future secure.