If you’re using a messaging app that does not use end-to-end encryption (E2EE), your communications could be read by the company whose app you’re using, as well as government authorities and other third parties, who are incentivized to collect as much personal data on you as possible.
Strong encryption makes societies freer and, thankfully, several messaging apps use E2EE to prevent anyone except you and the intended recipient from reading the message’s contents—much to the chagrin of governments and corporations who want to see what you’re writing.
A joint statement: Give us access
Australia, Britain, Canada, New Zealand, and the U.S.—dubbed the Five Eyes Alliance—have banded together with India and Japan to push for access to encrypted messages on apps like Facebook’s Messenger and WhatsApp.
These countries argue in a press release issued this week that the only way to effectively stop criminal activity is to allow governments lawful, warranted access to encrypted messages with a backdoor.
This is the latest in a series of attempts by governments in the Five Eyes to undermine end-to-end encryption enjoyed by hundreds of millions of users, including journalists and citizens who rely on secure communications to report and communicate freely.
[Interested in the latest privacy legislation? Sign up for the ExpressVPN Blog Newsletter.]
In their “international statement,” the seven governments want the tech industry to “ensure lawful access for law enforcement and other competent authorities to digital evidence, including when encrypted or hosted on IT servers located abroad” and to do so “without prohibiting or weakening encryption and in full respect of privacy and fair trial guarantees consistent with applicable law.”
While the press release doesn’t go into technical detail about the requested backdoors, it does outline three measures the countries would like to see implemented:
- Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
- Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
- Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.
In short, this alliance wants to maintain the integrity of current end-to-end encryption while also fundamentally breaking it.
Countries have tried this before
Realistically, their request is nothing new. Since Edward Snowden’s revelations 2013, intelligence agencies have found themselves more often butting heads with the makers of apps and devices that hold encrypted data. Perhaps the most controversial example of such conflict has been in the case of the 2015 San Bernardino shootings, when the FBI tried to compel Apple to decrypt the shooter’s phones, to no avail.
Snowden brought into sharp relief just how much data governments were collecting and spurred a movement to improve online encryption to the point where no one except the sender and receiver can see the messages being transmitted, i.e., end-to-end encryption (Signal is the messaging app of choice for the security-conscious, you can read why here).
Several countries have already made legal headway into dismantling encrypted messaging on their own. Australia is ahead of the curve, having passed a law in 2018 that requires tech companies to build backdoors into any communication systems, including apps, phones, or web services built in Australia.
The U.S. Senate is also about to vote on a bill that seeks to make tech companies responsible for illegal material posted by their users, meaning they must monitor all their communications.
Like any joint statement from a group of countries, the only meaningful takeaway is that this is what these governments want from companies—it doesn’t mean companies will do anything. The U.S., UK, and Australia also tried this last year, calling for Facebook to build backdoors; this year’s simply has more signatories on the statement.
That is not to say that this statement should be dismissed entirely. Countries like Australia and the U.S. are already enacting their own legislation to compel Facebook and other messaging apps to decrypt their software for law enforcement. In addition to restricting freedom of speech, they are impeding our ability to use the internet as freely and privately as we used to.
Global implications: Everyone loses
With different countries implementing their own sets of laws and regulations for companies to follow, we may see more companies withdrawing services from entire regions. This is a problem, as explained in a recent interview with encryption expert Riana Pfefforkorn:
“Increasing governmental control, regionalization/splintering, and rising censorship all will combine to threaten free speech and the ability of people in different parts of the world to freely exchange communications and ideas with each other.”
Legislation requiring backdoors doesn’t just affect users in the countries enacting them. What’s likely to happen is tech companies will implement changes to their products that will affect all users, unless the company makes different regional versions of their app.
So what can be done?
Pfefforkorn advises speaking out against any bills that seek to undermine your privacy and freedoms, as well as familiarising yourself with censorship-resistant tools like VPNs, open-source encrypted messaging apps, and the Tor browser.
There are unfortunately no shortcuts to protecting your internet freedoms. It takes work to pressure your government to take your internet privacy seriously, persuade your peers to do the same, and prepare yourself for the possibility that these laws will pass. But it’s worth fighting to preserve the internet as it was originally envisioned—open, decentralized, and free.