Five Eyes Campaign Against Encryption Threatens Democracy

Mallory Knodel is Chief Technology Officer at the Center for Democracy & Technology (CDT). Udbhav Tiwari is the Head of Global Product Policy and Noam Kantor is a Senior Public Policy and Government Relations Analyst at Mozilla,.

At the end of July, UK Home Secretary Suella Braverman, along with her Five Eyes surveillance colleagues, launched a campaign of opposition to Meta’s recent proposal to encrypt messages sent through its Messenger product. The Home Secretary’s comments mirror statements made by intelligence and law enforcement officials for years: Simply let down your encryption defenses and we will protect you. This campaign also lends support to recent anti-encryption legislative activity around the world.

Braverman’s remarks may sound familiar, because they echo a nearly identical statement that Five Eyes made in October of 2020. The Global Encryption Coalition has over 300 members distributed across every region of the world that promote and defend encryption in key countries and multilateral fora where it is under threat. We also support efforts by companies to offer encrypted services to their users. So we remember the 2020 statement, and the ones before that, going all the way back to the 1990’s.

We called Five Eyes out on their weak arguments then, and we do so now to put their newest anti-encryption campaign and accompanying legislation in the context of the Five Eyes spying apparatus. When viewed in this context, it is even more clear that the pretext of online safety, abuse reduction, or any of the other concerns raised by policymakers simply cannot justify weakening encryption through the policy proposals that have begun to crop up in Five Eyes nations.

What are these proposals? Recently, hundreds of civil society organizations, including many members of the Global Encryption Coalition (GEC), have been forced to raise the alarm about anti-encryption legislative proposals such as the UK’s Online Safety Bill (OSB), EU CSAM legislation, and the EARN-IT Act in the US. A vast array of public interest organizations agree that these bills fail to address the problems they purport to address (whether child safety, national security, or online harms), and instead create serious security risks, as well as undermine human rights.

Proposals under consideration in the Five Eyes countries would:

• Create encryption backdoors or otherwise weaken encryption in critical services (US EARN-IT Act and STOP CSAM Act);
• Force communication service providers to scan messages before they are sent, thereby opening the door to broken encryption promises (UK OSB);
• Impose Codes of Practice that would effectively require companies to circumvent or backdoor encrypted communication services (AU Online Safety Act); and
• Give the government unprecedented authority to squelch innovations in communications security (UK Investigatory Powers Act Consultation on Technical Capability Notices).

These proposals, which would undermine privacy and confidentiality on the internet to the benefit of surveillance agencies, would exacerbate the concerning trends of Five Eyes surveillance:

• Recently declassified documents show that US intelligence authorities are targeting judges, members of Congress, and Black Lives Matter protesters – all of whom are supposed to be protected by the US Constitution’s Fourth Amendment because they are in the US. Documents revealed by Edward Snowden in 2013 indicate that for people outside of the US, the impacts of American bulk surveillance have been even more drastic.
• In 2019, the European Court of Human Rights found that the UK’s surveillance regime violated both the right to privacy and the right to free expression in the European Convention on Human Rights. Even after decades of pushback against broad surveillance, the Court found that the UK had failed to set up proper oversight mechanisms.
• In 2018, Australia adopted the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (TOLA). This legislation allows the Australian government to force technology companies to circumvent encryption on their services. A 2021 study Commissioned by the Internet Society found that the impact of TOLA, in terms of dollars lost to the Australian economy by companies that newly risked their customer and business partner trust, was in the range of billions of dollars.

These governments’ underlying belief is that democratic countries committed to the rule of law shouldn’t be stymied by technologies like encryption. But they have it backward: any government that infringes on the right to privacy of its populace cannot claim the democratic high ground. Democracy, of course, is not just about strong rule of law. Democracy also requires checks and balances on the most sensitive and frightening aspects of governmental power, including surveillance. And because of its covert nature, surveillance can so easily be abused without checks and balances.

- - -

The harmful proposals under consideration would give the Five Eyes countries, and other governments, democratic and otherwise, legal precedent and technical capabilities for vast new powers no longer checked by strong and ubiquitous end-to-end-encryption. These proposed policies not only endanger the rights of the citizens of those countries - they endanger us all. We urge the Five Eyes governments to cease their anti-encryption campaigns immediately.