Coalition Objects to Renewed Calls for Weaker Encryption Following 'Five Eyes' Ottawa Meeting
A letter was sent today on behalf of coalition comprised of 83 leading organizations and experts from Australia, Canada, New Zealand, the United Kingdom and the United States to their respective governments in reaction to renewed state calls for measures that would effectively weaken encryption. The letter responds to a ministerial meeting of the five governments' respective security officials hosted in Ottawa earlier this week, where possibilities for facilitating increased state access to encrypted data were discussed.
The ministerial occurred under the auspices of the 'Five Eyes' - a surveillance partnership between intelligence agencies within the five countries, including Canada's Communications Security Establishment (CSE). It generated a joint Communique, which presented encryption as a serious barrier to public safety efforts and an impediment to state agencies wishing to access the content of some communications for investigative reasons.
The coalition letter, which was organized by Access Now, CIPPIC, and researchers from Citizen Lab, called on the Five Eye governments to "respect the right to use and develop strong encryption" while urging broader public participation in future discussions such as the one that occurred earlier this week. Strong and uncompromised encryption has never been more important, as it protects our most sensitive data, our increasingly critical online interactions, even the integrity of our elections.
The Canadian government had previously pointed to encryption challenges in the context of an ongoing national security consultation which is considering whether new obligations should be imposed on individuals and companies to assist in the decryption of communications under some circumstances. The consultation also asks more generally how the effectiveness of encryption can be diminished for bad actors while leaving its broader utility intact. However, attempts to undermine encryption are more likely to lead to the opposite outcome: individuals seeking to obey the law will be robbed of secure and uncompromised communication tools while sophisticated criminals and malicious foreign states will simply switch to banned encryption tools developed in non-Five Eye countries. Finally, governments must recognize that investigative agencies have access to more data on their citizens than at any previous point in history. In light of this data deluge, the letter notes that "it has by no means been established that [steps to facilitate greater access to encrypted data] are necessary or appropriate to achieve modern intelligence objectives.
The following quotes from various letter signatories can be attributed as indicated:
“Massive surveillance operations conducted by the Five Eyes partnership inherently put the human rights of people around the world at risk. The joint communique commits to human rights and the rule of law, but provides no detail as to how these powerful, secretive spy agencies plan to live up to those commitments. We call for public participation and meaningful accountability now, otherwise this will remain nothing more than a meaningless commitment.” - Amie Stepanovich, U.S. Policy Manager at Access Now
"Attempting to undermine the free use and development of strong encryption technology is not only technologically misguided, it is politically irresponsible. Both law enforcement and intelligence agencies have access to more data—and more powerful analytical tools—than ever before in human history. Measures that undermine the efficacy or public availability of encryption will never be proportionate when weighed against their profound threat to global human rights: encryption is essential to the preservation of freedom of opinion, expression, dissent, and democratic engagement. Without it, meaningful privacy, trust, and safety in the digital sphere would not be possible." — Lex Gill, Research Fellow at the Citizen Lab, Munk School of Global Affairs
"Encryption is used by governments, businesses, and citizens alike to secure communications, safeguard personal information, and conduct business online. Deliberately weakening encryption threatens the integrity of governance, the safety of online commerce, and the interpersonal relationships that compose our daily lives. We must not sacrifice our core values to the threat of terrorism: the solution to such threats must entail better protecting our basic rights and the technologies that advance them." — Christopher Parsons, Research Associate and Managing Director of the Telecom Transparency Project at the Citizen Lab, Munk School of Global Affairs
“Encryption protects billions of ordinary people worldwide from criminals and authoritarian regimes. Agencies charged with protecting national security shouldn’t be trying to undermine a cornerstone of security in the digital age.” - Cynthia Wong, senior internet researcher at Human Rights Watch
"Our political leaders are putting people around the world at greater risk of crime when they call for greater powers to weaken our digital security. Security experts and cryptographers are as united in their views on encryption as scientists are on climate change. Politicians need to listen to them before they make decisions that could put us all at risk." - Jim Killock, ORG
“All sensitive personal data must be encrypted as a matter of human rights to privacy, especially health data, ie, all information about our minds and bodies, wherever it exists. Today health data is the most valuable personal data of all, the most attractive to hackers, and the most sold and traded by the massive, hidden global health data broker industry.” - Dr. Deborah Peel, Patient Privacy Rights
“Calls to undermine encryption in the name of ‘national security’ are fundamentally misguided and dangerous. Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce and the operations of organisations of all types, including of course government agencies. Undermining encryption therefore represents a serious threat to national security in its own right, as well as threatening basic human rights and the enormous economic and social benefits that the digital revolution has brought for people across the globe.” - Jon Lawrence, EFA
"Assurances of strong encryption not only benefit civil liberties and privacy, but the economy as well. A vibrant and dynamic Internet economy is only possible if consumers and users trust the environment in which they're conducting business. While law enforcement and intelligence services have legitimate concerns over their ability to access data, those concerns need to be balanced with the benefits encryption provides to average users transacting in cyberspace. A strong Internet economy, buttressed by the trust that encryption produces, is vital to national interests around the globe. National policies should support and defend, not weaken and abridge, access to encryption." - Ryan Hagemann, Niskanen Center
"The strength of the tools and techniques that our government and members of the public have and use to secure our nation and protect our privacy is of significant public interest. Transparency and accountability around a nation's policy regarding the use of encryption is a bedrock importance in a democracy, particularly given the potential of backdoors to put billions of online users at greater risk for intrusion, compromise of personal data and breaches of massive consumer or electoral databases. The democracies in the ‘5 eyes’ should be open and accountable to their publics about not only the existence of these discussions but their content, removing any gap between what is being proposed and the consent of those governed by those policies." - Alex Howard, Sunlight Foundation
"Encryption is a vital tool for journalists, activists, and everyone whose lives and work depend on using the internet securely. It allows reporters to protect their confidential sources from reprisal, and to fearlessly pursue stories that powerful actors don't want told. It offers protection from mortal danger for dissidents trying the communicate under repressive regimes. Undermining the integrity of encryption puts lives at risk, and runs directly counter to the mandate of the Five Eyes Signals Intelligence agencies to keep their citizens safe." - Tom Henheffer, ED, Canadian Journalists for Free Expression
"The answer to concerns on 'going dark' is to help bring our law enforcement and counterterrorism officials into the future, not send encryption to the past. We hope to hear back from the Five Eyes that they were looking for how to adapt to digital security measures, not break them to the detriment of everyday Americans and our national security. As Five Eyes leaders work on a strategy to protect against cyberattacks, it is important to have a transparent process and cooperation between governments and civil society without stifling innovation or weakening other parts of security." - TechFreedom Executive Director Austin Carson
“Strong encryption is essential for modern society. Broken technologies undermine commerce, security, and human rights.” - Jeramie Scott, EPIC
“Any attempt by the UK Government to attack encrypted messengers would be nothing less than an attack on the right to a private conversation. Far from making the internet safer, by undermining the technology that protects everything from our bank accounts to our private conversations, governments around the world are putting us all at risk. Transparency is vital around any coordinated plans that could jeopardise both our security and our rights.” - Silkie Carlo, Policy Officer at Liberty
"We increasingly rely on a secure internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we don't think we should be seriously weakening the security of the internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats it's meant to be protecting us from. " Thomas Beagle, Chairperson, NZ Council for Civil Liberties
Read the letter: