New Zealand joined its Five Eyes security partners to ask social media companies like Facebook to allow access to encrypted data.
Five Eyes is a security partnership that includes the United States, Britain, Canada, Australia and New Zealand. India and Japan also took part in the move.
At first sight this looks like a continuation of a long campaign by Western governments to unravel digital encryption. I talked to Kathryn Ryan about this on RNZ Nine-to-Noon last week.
Governments say they worry that criminals and terrorists can use encryption to keep illegal online activity private. There’s no question this goes on.
The difference this time is that the governments acknowledge encryption plays an important role. It gives people privacy and enables online commerce including banking. This would be difficult to do without encryption.
When Justice minister Andrew Little announced New Zealand’s support earlier this week he was clear that any access to encrypted data would require a warrant.
This would subject large technology companies like Facebook and Google to the same measures as local companies like Spark or Vodafone. New Zealand’s Telecommunications Interception Capability and Security Act (TICSA) means local companies must comply with proper warrants.
Hard to enforce
While New Zealand law applies to foreign technology giants, our system has little power to enforce warrants. An international agreement and a common legislative framework will make it easier for local law enforcement.
The UK and US have legislation to address this. Australia has anti-encryption legislation, which has not been effective because it can’t be enforce.
Five Eyes is not asking for carte blanch. At this stage it is making a request and asking the tech companies for their ideas.
The security partnership says it wants to embed public safety in system designs. This would let companies act against illegal content and activity without reducing user safety.
Five Eyes wants law enforcement access to content in a readable and usable format where an authorisation is lawfully issued. At the moment companies can respond to warrants with indecipherable encrypted data.
There are, as you’d expect, fears about privacy and freedom.
While we shouldn’t play these fears down, in part this is back to the question of social media companies taking more responsibility for what happens on their sites.
There’s a clear message here that governments remain frustrated by their inability to access encrypted material. In other words, encryption is working.
There’s a contraction here, earlier in the week GCSB director Andrew Hampton talked about this on Nine-to-Noon. The relevant clip is the last few minutes of a long 27 minute interview.
He rightly talked about the “threat surface” and security vulnerabilities. Yet encryption is on of the best tools we have to reduce these threats and vulnerabilities.
This action is not about making tech companies give government agencies back doors into encryption. That has been discussed in the past.
Back doors are a bad idea because the moment there is an entry point for government agencies there is one for criminals and terrorists. It takes one law enforcement officer anywhere in the world to hand those keys over to a criminal.