The US, UK, and three other governments have called on tech companies to build backdoors into their encrypted products, so that law enforcement will always be able to obtain access. If companies don’t, the governments say they “may pursue technological, enforcement, legislative, or other measures” in order to get into locked devices and services.
Their statement came out of a meeting last week between nations in the Five Eyes pact, an intelligence sharing agreement between the US, UK, Canada, Australia, and New Zealand. The nations issued a statement covering a range of technology-related issues they face, but it was their remarks on encryption that stood out the most.
They want voluntary action... but threaten to mandate it
In their memo, the governments stress that these backdoors would only be for “lawful” access to a device, such as in a criminal investigation. And they plan to start by encouraging tech companies to voluntarily add them. But the backdoors would only be voluntary to a point, because the governments say that they might mandate a way in if they “continue to encounter impediments” to accessing encrypted data.
At this point, their request for a backdoor is more of a wish than a command or a threat. But the statement speaks to the growing movement against encryption by governments and lawmakers, who see it as an impediment to law enforcement. As encryption grows more and more accessible in the coming years, these requests are only likely to grow — and could eventually lead to action.
Tech companies have also been wary to comply. Adding a backdoor into their products would inherently mean that their promise of data privacy is broken. It would also open them up to similar requests from other countries, which could use the backdoor access for spying in inappropriate circumstances.
In addition to touching on encryption, the nations also issued a memo on keeping online spaces free from child predators, terrorists, and other bad actors. They asked tech companies to build tools that could prevent illegal content from “ever being uploaded,” while reiterating familiar requests like using humans and automated tools to remove existing content and collaborating across the industry to ID bad content so that it can’t spread.