Joint letter to Five Eyes intelligence agencies regarding encryption
This week’s Five Eyes meeting (comprised of ministers from the United States, United Kingdom, New Zealand, Canada and Australia) discussed “plans to press technology firms to share encrypted data with security agencies” and hopes to achieve “a common position on the extent of … legally imposed obligations on … device-makers and social media companies to cooperate.” In a Joint Communiqué following the meeting, participants committed to exploring shared solutions to the perceived impediment posed by encryption to investigative objectives.
While the challenges of modern day security are real, such proposals threaten the integrity and security of general purpose communications tools relied upon by international commerce, the free press, governments, human rights advocates and individuals around the world.
Last year, many of us joined several hundred leading civil society organizations, companies, and prominent individuals calling on world leaders to protect the development of strong cryptography. This protection demands an unequivocal rejection of laws, policies, or other mandates or practices—including secret agreements with companies—that limit access to or undermine encryption and other secure communications tools and technologies.
Today, we reiterate that call with renewed urgency. We ask you to protect the security of your citizens, your economies, and your governments by supporting the development and use of secure communications tools and technologies, by rejecting policies that would prevent or undermine the use of strong encryption, and by urging other world leaders to do the same.
Attempts to engineer “backdoors” or other deliberate weaknesses into commercially available encryption software, to require that companies preserve the ability to decrypt user data, or to force service providers to design communications tools in ways that allow government interception are both shortsighted and counterproductive. The reality is that there will always be some data sets that are relatively secure from state access. On the other hand, leaders must not lose sight of the fact that even if measures to restrict access to strong encryption are adopted within Five Eyes countries, criminals, terrorists, and malicious government adversaries will simply switch to tools crafted in foreign jurisdictions or accessed through black markets. Meanwhile, innocent individuals will be exposed to needless risk. Law-abiding companies and government agencies will also suffer serious consequences. Ultimately, while legally discouraging encryption might make some useful data available in some instances, it has by no means been established that such steps are necessary or appropriate to achieve modern intelligence objectives.
Notably, government entities around the world, including Europol and representatives in the U.S. Congress, have started to recognize the benefits of encryption and the futility of mandates that would undermine it.
We urge you, as leaders in the global community, to remember that encryption is a critical tool of general use. It is neither the cause nor the enabler of crime or terrorism. As a technology, encryption does far more good than harm. We therefore ask you to prioritize the safety and security of individuals by working to strengthen the integrity of communications and systems. As an initial step we ask that you continue any engagement on this topic in a multistakeholder forum that promotes public participation and affirms the protection of human rights.
We look forward to working together toward a more secure future.