Five Eyes wants to weaken encryption, or legislation may be needed

Five Eyes -- the government intelligence alliance between Australia, Canada, New Zealand, the U.K. and the U.S. -- issued a threat to tech companies that don't find ways to comply with law enforcement in the face of encrypted data and devices.

Following a meeting in Australia on Aug. 30, representatives of the Five Eyes nations detailed principles expressing support for privacy and claimed they did not want to weaken encryption. The coalition described a vision of cooperation between government and tech companies that would allow law enforcement to gain access to encrypted evidence. However, the Five Eyes partners reserved the right to take stronger action, if necessary.

Many of the points made by the Five Eyes governments are arguments the infosec community has heard before in pleas from the FBI, for example. But this is the first time the coalition of major Anglosphere countries has issued a joint statement on encryption.

In the "Statement of Principles on Access to Evidence and Encryption," Five Eyes claimed "encryption is vital" to economies and for protecting information, but added that these protections are also being abused by "child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution."

"Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute," the Five Eyes partners wrote. "It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards."

Although the statement did not mention encryption backdoors or how companies would have to weaken encryption in order to provide law enforcement access, there were also no details on how the Five Eyes partners expected tech companies to comply.

"The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries," the Five Eyes report read. "Governments should not favor a particular technology; instead, providers may create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements."

Much like past arguments about how to gain access without having to weaken encryption, the statement urged cooperation and said government access to encrypted data should be "underpinned by the rule of law and due process protections."

However, the statement ended with a threat: "Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions."