Governments Call on Tech Giants to Build Encryption Backdoors -- Or Else

[Hydrogen]

A pact of five nation states dedicated to a global “collect it all” surveillance mission has issued a memo calling on their governments to demand tech companies build backdoor access to their users’ encrypted data — or face measures to force companies to comply.

The international pact — the US, UK, Canada, Australia and New Zealand, known as the so-called “Five Eyes” group of nations — quietly issued the memo last week demanding that providers “create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.”

This kind of backdoor access would allow each government access to encrypted call and message data on their citizens. If the companies don’t voluntarily allow access, the nations threatened to push through new legislation that would compel their help.

“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions,” read the memo, issued by the Australian government on behalf of the pact.

It’s the latest move in an ongoing aggression by the group of governments, which met in Australia last week.

The Five Eyes pact was born to collect and share intelligence across the five countries, using each nations’ diplomatic power and strategic locations as chokepoints to gather the rest of the world’s communications.

Since the Edward Snowden disclosures in 2013, tech companies have doubled down on their efforts to shut out government’s lawful access to data with encryption. By using end-to-end encryption — where the data is scrambled from one device to another — even the tech companies can’t read their users’ messages.

Without access, law enforcement has extensively lobbied against companies using end-to-end encryption, claiming it hinders criminal investigations.

Security researchers and other critics of encryption backdoors have long said there’s no mathematical or workable way to create a “secure backdoor” that isn’t also susceptible to attack by hackers, and widely derided any backdoor effort.

In 2016, rhetoric turned to action when the FBI launched a lawsuit to force Apple to force the company to build a tool to bypass the encryption in an iPhone used by the San Bernardino shooter, who killed 14 people in a terrorist attack months earlier.

The FBI dropped the case after it found hackers able to break into the phone.

But last month, the US government renewed its effort to set legal precedent by targeting Facebook  Messenger’s end-to-end encryption. The case, filed under sealed, aims to break the encryption on the messaging app to wiretap conversations on suspected criminals.

It’s not the first time the Five Eyes nations have called for encryption backdoors. An Australian government memo last year called for action against unbreakable encryption.

Although the UK’s more recent intelligence laws have been interpreted as allowing the government to compel companies to break their own encryption, wider legal efforts across the other member states have failed to pass.

https://techcrunch.com/2018/09/03/five-eyes-governments-call-on-tech-giants-to-build-encryption-backdoors-or-else/

....

This is the type of news story which could definitely benefit from greater exposure.  

I'm not certain if crypto currencies will be affected by these political agendas aimed at weakening encryption standards. If financial institutions have been targeted by this political movement, its not something that has been publicized much.

Such anti encryption measures could weaken security measures on smart phones, desktops, laptops and other hardware utilized to conduct financial transactions or conduct business. Although crypto currencies may not be directly targeted by this, it is possible thieves and criminals could utilize the type of backdoors governments demand to steal bitcoins and other electronic tokens.

There could be cause for concern over these measures.

[1714894653]

1714894653

[1714894653]

1714894653

[1714894653]

1714894653

[audaciousbeing]

The war on privacy and control is a forever war that would continue to resurface every time and I don't see government backing down any time soon because they will always have reasons to gain access to data in other to protect the larger citizens and forestall any damage that might happen whether they will then use it right or not, is another discussion.

Personally, I don't see government having access to information but should be done the right way. Rather than profiling citizens who can be manipulated in behaving the way they wanted, they should do more than that. Gather your facts, do investigation, then get a court order to have the access to whatever information you need. Its that simple. But suggesting that there should be a backdoor to data gathering organisations is willing shooting ourselves in the back as that would mean giving allowance of unauthorized individuals to have access to such information.

This is the type of news story which could definitely benefit from greater exposure.  

I'm not certain if crypto currencies will be affected by these political agendas aimed at weakening encryption standards. If financial institutions have been targeted by this political movement, its not something that has been publicized much.

Such anti encryption measures could weaken security measures on smart phones, desktops, laptops and other hardware utilized to conduct financial transactions or conduct business. Although crypto currencies may not be directly targeted by this, it is possible thieves and criminals could utilize the type of backdoors governments demand to steal bitcoins and other electronic tokens.

There could be cause for concern over these measures.

If they are targeting crypto, its not what they would announced it via a memo that would leaked and which organization would they have referred it to? I don't see any influence on crypto at the moment.

[o_e_l_e_o]

Can we stop having technologically illiterate people making potentially world-changing tech laws? There is no such thing as a "secure backdoor". If you put a backdoor in a product, it will be found and it will be exploited.

In addition, as soon as you put a backdoor in the product, the very people you are trying to monitor will simply move to another product. What are you going to do, ban all programs except government built ones? Ban programmers?

The problem is the general public don't care about issues like this. The whole "nothing to hide, nothing to fear" mentality is strong. As long as they can share photos of their meals on Instagram and seek attention on Facebook, they are quite willing to hand over all their personal details, backdoor or not.

[jseverson]

The tech giants are against this though right? I remember the issue with FBI planning to sue Apple because they refused to help them unlock some shooter's phone. The FBI ended up not suing because they apparently found a third party that unlocked the phone for them. Google also issued a statement condemning the push for backdoors I believe.

This is concerning though, and I hope whichever companies comply with this get exposed somehow.

I don't think this affects crypto very much as it's targeted towards surveillance, not necessarily for breaking into devices. People should be safe for as long as they don't share private keys over messaging software even if hackers somehow exploit these backdoors.

[vapourminer]

“create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.”

so thats what, everything from smoke signals to every computer and smart device on the planet?

a back door into all communication devices. communications devices that the governments themselves need to securely communicate with each other. that hackers and "questionable" nations can use to access another governments internal, banking, law enforcement, infrastructure and businesses communications.

we all know how good governments are at keeping secret stuff secret. what could go wrong.

[1Referee]

There is no such thing as a "secure backdoor". If you put a backdoor in a product, it will be found and it will be exploited.

In addition, as soon as you put a backdoor in the product, the very people you are trying to monitor will simply move to another product. What are you going to do, ban all programs except government built ones? Ban programmers?

How about the whole Intel security "flaw"? The best engineers in the world haven't been able to know about it until it was thrown into the public.

The main point isn't will we be flooded with software and hardware containing backdoors, but more so what backdoors are we currently overlooking? I'm pretty certain there is plenty of more that could potentially be exploited in the software and hardware that we're using right now. We'll only find out when it's too late. We rely on others as non tech geeks to point us at these flaws, because we in no shape or form will be able to spot any ourselves.

It's basically the same with people blatantly downloading crypto wallets. Have they checked the code? Nope. Do they know that the private keys these clients generate might not be that random at all? Nope.

[vapourminer]

How about the whole Intel security "flaw"? The best engineers in the world haven't been able to know about it until it was thrown into the public.

if you mean specter etc or the intel MME stuff it was not intel that just came out and admitted it one day. it was others that found and publicized it, then intel admitted it to the public. so other "engineers," for want of a better term, did find it.

and just because there are/were no known exploits, that just means the possible exploits were not common or severe enough (for the general public) to be noticed by the general public.

[1Referee]

if you mean specter etc or the intel MME stuff it was not intel that just came out and admitted it one day. it was others that found and publicized it, then intel admitted it to the public. so other "engineers," for want of a better term, did find it.

I never said it was Intel itself that came out. What I was referring to is the fact that the best engineers haven't been able to spot it themselves, even though the "flaw" was there for ever basically.

and just because there are/were no known exploits, that just means the possible exploits were not common or severe enough (for the general public) to be noticed by the general public.

Are you trying to comfort yourself thinking that everything is under control to the degree where the general public isn't exposed to any sort of harmful exploit right now?

[vapourminer]

I never said it was Intel itself that came out. What I was referring to is the fact that the best engineers haven't been able to spot it themselves, even though the "flaw" was there for ever basically.

understood. but is was found and disclosed by responsible people eventually. if they hadnt come out with it intel probably would have happily ignored it even now assuming intel even knew about it internally at some point. flaws just ripe for the pickings.

and just because there are/were no known exploits, that just means the possible exploits were not common or severe enough (for the general public) to be noticed by the general public.

Are you trying to comfort yourself thinking that everything is under control to the degree where the general public isn't exposed to any sort of harmful exploit right now?

lol heavens no. we are at the mercy of both the government and the hardware/software manufactures. neither really care about our security or privacy.

exploits are all over just waiting for someone to find them. hopefully white hats will get to the worst ones first.

[xWolfx]

I am one who believes surveillance is needed. With some regulations of course.

It will happen anyways, why not make sure they do it the right way?.

Backdoors and exploits can be built into different levels, already a lot exists and people is not aware of them - Reason why the real solution is pushing towards the regulation of such technologies more than to make them disappear thing that won't happen.

The biggest issue with tech giants right now is some not letting the others compete. That is something the European Union is addressing now it seems and is a big problem because it starts with competition but later might be targeted towards costumers and governments also.

[hatshepsut93]

I am one who believes surveillance is needed. With some regulations of course.

It will happen anyways, why not make sure they do it the right way?.

Backdoors and exploits can be built into different levels, already a lot exists and people is not aware of them - Reason why the real solution is pushing towards the regulation of such technologies more than to make them disappear thing that won't happen.

The biggest issue with tech giants right now is some not letting the others compete. That is something the European Union is addressing now it seems and is a big problem because it starts with competition but later might be targeted towards costumers and governments also.

This stuff targets non-criminals more than criminals, these governments want to spy on millions of people who use those services, while any semi-competent criminal uses other channels of communication that don't rely on third party services for secrecy. They always use criminals and terrorists as an excuse to get more control over the population, and then use that control to preserve their power. But in our age people are getting powerful privacy tools that allow them to hide from government, and in some cases it literally save lifes, like when journalists, activists and whistleblowers use them to avoid getting imprisoned/killed by authoritarian regimes.

[aso118]

I'm not certain if crypto currencies will be affected by these political agendas aimed at weakening encryption standards. If financial institutions have been targeted by this political movement, its not something that has been publicized much.

There is no question of encryption backdoors for financial institutions. Government can walk in through the front door and grab any data they want, by the truckloads, from financial institutions. Financial institutions will even slice and dice the data, sift through it for anything which might interest the government and give it to them on a platter, as a BAU process.

[davis196]

If the big tech giants lower their encryption standarts,a part of their customers(the more tech savvy ones,who want more security) might move to the crypto world.I don't think that the crypto world will abide by such rules ever.If the people are afraid that the govenments are spying them,they will choose desentralized paltforms with strong encryption.This is just a theory.

[dothebeats]

I think that at some point, governments will demand to create an encryption backdoor on cryptocurrencies, but knowing that crypto's strong suit lies within its encryption, it will be a dire effort for the governments to convince the devs that that is for the greater good. Idk why they come to such thoughts; this to me seems like they just want to 'own' the data of us citizens by spying in every way possible, even if they tell us that they'd only use the backdoors if needed. I know for one that backdoors already exist in everything we use, tech companies just don't want people to learn about it, and the governments are trying to sensationalize it just so we can 'agree' that it is something not to worry about.

Perhaps we reached the age of pseudo-security and pseudo-privacy, people.

[jseverson]

I am one who believes surveillance is needed. With some regulations of course.

It will happen anyways, why not make sure they do it the right way?.

What is the right way though? As another person has mentioned, there is no such thing as a safe backdoor. There are supposed to be no backdoors to services nowadays, and yet hacks are still common. If they intentionally create a weak point, someone will find it and exploit it, if it doesn't leak first. Even if we ignore law enforcement, the services you use themselves can freely spy on your data. They may as well store your messages, password, etc. in plaintext.

[Hydrogen]

If they are targeting crypto, its not what they would announced it via a memo that would leaked and which organization would they have referred it to? I don't see any influence on crypto at the moment.

This is the last time I remember something like a visible effort being made to undermine systems created to support anonymous browsing, etc.

Developer of anonymous Tor software dodges FBI, leaves US

May 17, 2016

In its mission to hunt criminals, the FBI has been keen to hack Tor, the Internet browser that hides your true location.
The FBI's attempts to break into Tor are starting to manifest in strange ways.

FBI agents are currently trying to subpoena one of Tor's core software developers to testify in a criminal hacking investigation, CNNMoney has learned.

But the developer, who goes by the name Isis Agora Lovecruft, fears that federal agents will coerce her to undermine the Tor system -- and expose Tor users around the world to potential spying.

That's why, when FBI agents approached her and her family over Thanksgiving break last year, she immediately packed her suitcase and left the United States for Germany.

https://money.cnn.com/2016/05/17/technology/tor-developer-fbi/index.html

....

Although it is not publicized, it is possible the FBI and other government agencies put pressure on tech corporations and developers to engineer deliberately made backdoors into their products. Example: intels CPU "bug". Twitter also had a "bug" which "accidentally" recorded user passwords in plaintext not long ago.

The worst case scenario here, could be crypto software wallets like electrum as well as platforms like blockchain.info having zero day backdoors built into them. We've seen evidence of nano ledgers as well as bitfi hardware wallets having vulnerabilities.

Anyways, I'm far from being an expert on this topic. Would be interested to hear what others have to say about this.

[inding]

Does it mean that the government is afraid of Bitcoin? Why build a back door, and if so, the coin will definitely depreciate quickly. Bitcoin is a true free coin.

[Ucy]

Nothing about government cracking Internet security  bothers me anymore.
 I've decided not to build my life (and my kids lives) on the Internet. They say the "evolving" ones will leave people like us behind... am not bothered by that at all .
There is nothing free about the WEB (Spider-Web?)/Internet (Net for Fishes).   We will instead build and use alternatives that are totally decentralized or free from central control.

Won't be surprised if they already have secret agencies (unknown to even the known security agencies) that can easily crack or decrypt all Internet encryptions and security. These current tools only give us false sense of security?

[Chris!]

End-to-end encryption would be the obvious resolution to this. In the meantime, decentralized internets will be coming out in droves and let's just hope that one of them is half decent and we can avoid all of this crap (mostly).

[0t3p0t]

There is no such thing as a "secure backdoor". If you put a backdoor in a product, it will be found and it will be exploited.

In addition, as soon as you put a backdoor in the product, the very people you are trying to monitor will simply move to another product. What are you going to do, ban all programs except government built ones? Ban programmers?

How about the whole Intel security "flaw"? The best engineers in the world haven't been able to know about it until it was thrown into the public.

The main point isn't will we be flooded with software and hardware containing backdoors, but more so what backdoors are we currently overlooking? I'm pretty certain there is plenty of more that could potentially be exploited in the software and hardware that we're using right now. We'll only find out when it's too late. We rely on others as non tech geeks to point us at these flaws, because we in no shape or form will be able to spot any ourselves.

It's basically the same with people blatantly downloading crypto wallets. Have they checked the code? Nope. Do they know that the private keys these clients generate might not be that random at all? Nope.

I totally agree with you mate.  People without technical capabilities like those normal individuals having no idea of it kinda struggle and will be victimized by these kind of spionage by the governments. They could help the entire city from an attack of lawless elements but they also trespass or exploit everybody's privacy and I think that was against our rights and freedom as a law abiding citizens in every country.