Concentration Risk is the new Vendor Lock-In
The 'Five Eyes' collective of five nation states have called on tech giants to build backdoors into their users' encrypted data. If companies refuse to comply, they could face "technological, enforcement, legislative, or other measures.” The Five Eyes group includes the US, UK, Canada, Australia and New Zealand.
This week, the nations issued a memo stressing that encryption is vital to the "digital economy and a secure cyberspace, and to the protection of personal, commercial and government information." The Australian government issued the statement on behalf of the pact. Last month, Australia announced that its tech companies could receive fines of up to $10 million if they retain requested encrypted data.
Why is this necessary?
According to the statement, the increasing use and sophistication of certain encryption designs present challenges to nations. Encryption can often prohibit investigators from combatting "serious crimes and threats to national and global security." The decision is an effort to detect and prosecute criminals including child sex offenders, terrorists, and organised crime groups. The same principles have long permitted authorities to search "homes, vehicles, and personal effects with valid legal authority."
The Five Eyes Principles
Each of the Five Eyes jurisdictions will "consider how best to implement the principles" of the statement. The Attorneys General and Interior Ministers of the collective declared three principles in relation to encryption. The first principle is a mutual responsibility for all stakeholders. Providers of information and communications technology are "subject to the law", which may include assisting authorities to lawfully access data. The second refers to rule of law and due process.
This principle ensures that assistance requests maintain the "values of our democratic society" by following due process protections. Finally, the group encourages freedom of choice for lawful access solutions. This allows tech companies to voluntarily establish lawful access solutions of their choice and governments should not "favour a particularly technology." Nevertheless, it is evident that backdoors would only be voluntary to an extent. If tech companies refuse to give up encrypted data, they could face a number of consequences.
The morality question
Since the Edward Snowden disclosures five years ago, tech companies have been reluctant to share encrypted data with governments. Furthermore, security experts have stated that there is no possible way to create a backdoor that remains secure from hacking. Tech companies are already subject to hefty fines if they refuse to comply with the new GDPR standards. According to a BEUC report, the tech industry's most powerful firms are "still not GDPR-compliant." At present, the request for a backdoor is framed as a wish rather than a demand. However, the statement implies that while the group would prefer voluntary cooperation, they aren't afraid introduce a mandate.
"Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute."
The encryption debate is ongoing. Take a look at some expert opinions on the controversial topic here