Tuesday, September 25, 2018

Five Eyes, Encryption and Your Privacy

A recent intergovernmental meeting in Australia received almost no coverage by the mainstream media, a factor that plays into the hands of the governments involved.  During this meeting, the five governments involved issued a statement that should send chills down the collective spines of those of us who really care about our privacy and who are increasingly concerned about how the state is advancing its efforts to know everything about us.

For those of you who are not aware, during the last week of August 2018, a meeting was held between the Five Eyes pact nations; the United States, the United Kingdom, Canada, Australia and New Zealand.  Five Eyes or FVEY was established in March 1946 by the United Kingdom and the United States as the UKUSA agreement with the mandate to share all signals intelligence (SIGINT).  In the aftermath of the Second World War when Britain had successfully cracked Germany's Enigma cipher and the United States had cracked Japan's Purple cipher, it became increasingly apparent that the developing Cold War would require further intelligence cooperation.  Canada joined the alliance in 1948 and New Zealand and Australia joined in 1956, creating a global intelligence sharing organization.   Here is a quote from an article on Five Eyes from the Journal of Political Sciences and Public Affairs about the duties of the Five Eyes member nations:

"The Five Eyes alliance allows its member nations to share the collection and analysis burden of global threats. Precise assignments are not publicly known, but research indicates that Australia monitors South and East Asia emissions. New Zealand covers the South Pacific and Southeast Asia. The UK devotes attention to Europe and Western Russia, while the US monitors the Caribbean, China, Russia, the Middle East and Africa.  This collaboration has allowed its members to concentrate on distinct areas that they would not have the resources to do otherwise. Governments across the Western world have responded and adapted, further integrating formerly separate intelligence capacities. As the technological barriers between information systems and previously stove-piped databases continue to fall, the sharing of data has become not merely possible, but routine.”

Here are the government organizations from each member state that are responsible for intercepting intelligence information of various types:

1.) United States: The National Security Agency (NSA) at Ft. Meade, Maryland, is the United States’ predominant SIGINT agency and therefore interacts with Five Eyes’ member agencies the most. In addition to the NSA, the Central Intelligence Agency (CIA) and Federal Bureau of Investigation (FBI) both contribute to, and draw resources from, Five Eyes member agencies. The CIA is the predominant collector of human intelligence (HUMINT), and the FBI is in charge of counter-terrorism investigations.

2.) Canada: Canada’s intelligence community is much smaller than that of the United States. However, Canada’s professionalism and unique geography continue to make it an ally as valuable now as during the Cold War. The Communications Security Establishment (CSE) is Canada’s SIGINT agency; the Canadian Security Intelligence Service (CSIS) is the HUMINT agency.

3.) Australia: Australia does not have an intelligence culture at the same level as the US. Due to its relative geographic isolation, it maintains a stronger intelligence community than Canada. Australia has been a large contributor toward the continued collaboration of intelligence among Five Eyes. Besides Five Eyes; Australia, New Zealand, and the United States are bound by the ANZUS collective security agreement established in 1951, further integrating defense intelligence.  Access to partners’ intelligence is a huge multiplier to the capabilities and effectiveness of our intelligence agencies.  Australia’s primary SIGINT agency is the Australian Signals Directorate (ASD), the Australian Secret Intelligence Service (ASIS) is the foremost HUMINT agency, and the Australian Security Intelligence Organization (ASIO) is the country’s main security, counterintelligence and counter-terrorism agency.

4.) New Zealand: The core New Zealand Intelligence Community (NZIC) comprises GCSB, the New Zealand Security Intelligence Service (NZSIS), and parts of the Department of the Prime Minister and Cabinet (DPMC).  The GCSB, Government Communications Security Bureau, has two main functions: information assurance and obtaining foreign signals intelligence. The NZSIS is New Zealand’s HUMINT collection agency. The parts of the DPMC that work alongside the rest of the NZIC are the National Assessments Bureau (NAB) which collates and analyzes information on foreign countries, and the Officials Committee for Domestic and External Security Co-ordination (ODESC) which coordinates all agencies in security situations.

5.) United Kingdom: The United Kingdom’s primary SIGINT agency is the Government Communications Headquarters (GCHQ); the main HUMINT agency for threats outside the country is the Secret Intelligence Service (SIS or MI6), and its domestic security intelligence service is the Security Service (MI5). 

With that background on Five Eyes, let's look at the most recent developments from the meeting held in Australia on August 28 and 29, 2016.  In the official communique issued by the Five Country Ministerial (FCM) at the end of the meeting, we find the following:

"We, the Homeland Security, Public Safety, and Immigration Ministers of Australia, Canada, New Zealand, the United Kingdom, and the United States met on the Gold Coast, Australia, on August 28-29 2018, to discuss how we can better collaborate to meet our common security challenges. We reaffirmed that the close and enduring five country partnership, developed following the Second World War, remains fundamental to the security and prosperity of our nations...

The internet and digital technologies are increasingly central to contemporary life and to the social and economic development of our societies. Global connectivity enables faster communication, better access to services, and new ways to conduct business and share news and information. We affirmed our vision for a free, open, safe, and secure internet, which is fundamental to our economic growth and prosperity.

Just as the internet provides many benefits, it also provides opportunities for people to carry out crimes and spread illicit content.  Terrorism, child sexual abuse and exploitation, violent extremism, and coercive acts of interference and disinformation are enduring concerns of government. The anonymous, instantaneous, and networked nature of the online environment has magnified these threats and opened up new vectors for harm.  Governments have a responsibility to protect those within our borders against both physical and digital threats, and to ensure that the rule of law prevails online, as it does offline. We have a responsibility to tackle these challenges in a coordinated and effective way.

While senior digital industry representatives did not accept our invitation to participate in discussions on pressing issues regarding the illicit use of online spaces, we reiterated the need for digital industry to take more responsibility for content promulgated and communicated through their platforms and applications.  We agreed to a Joint Statement on Countering the Illicit Use of Online Spaces, outlining our communities' high expectations of digital industry companies, with a focus on countering online child sexual abuse and exploitation, and violent extremist and terrorist material. We called for the further development and expansion of capabilities to prevent upload of illicit content, and to execute urgent and immediate takedowns. We reiterated the importance of industry investment in human and automated detection capabilities, underscoring the need for major companies to set industry standards and to help smaller companies deploy these capabilities to their platforms, including through the Global Internet Forum to Counter Terrorism (GIFCT). And we called for increased efforts to counter foreign interference and disinformation conducted via online platforms." (my bolds)

So, what do the Five Eyes propose to reduce the risk of online terrorism, child sexual abuse and exploitation, violent extremism and coercive acts of interference and disinformation (all the rage since the 2016 American election)?  Here's their answer:

Here are some key quotes:

"Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute.  It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards.  

Governments should recognize that the nature of encryption is such that that there will be situations where access to information is not possible, although such situations should be rare...

The principle that access by authorities to the information of private citizens occurs only pursuant to the rule of law and due process is fundamental to maintaining the values of our democratic society in all circumstances – whether in their homes, personal effects, devices, or communications. Access to information, subject to this principle, is critical to the ability of governments to protect our citizens by investigating threats and prosecuting crimes. This lawful access should always be subject to oversight by independent authorities and/or subject to judicial review."

Note the use of "...privacy is not absolute..." and how the five governments use the threats of terrorism, organized crime and child sex offenders as the "stick" to put fear into the hearts of a non-thinking public.

This is a groundbreaking technological change.  Basically, Five Eyes are calling on technology companies to build back doors into their products so that law enforcement (aka "The State") will always be able to access encrypted data.  While the Five Eyes statement appears rather benign on the surface by politely asking tech companies to voluntarily submit to this "suggestion", however, this sentence appears at the end of the Statement of Principles:

"Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions."

While many among us feel that we aren't doing anything wrong  we have nothing to hide.  With that sentiment in mind, I would ask that you watch this video interview of Edward Snowden and see how you feel about "The State" demanding that your encrypted communications be accessible to the intelligence structure of the Five Eyes member states at their whim:

No comments:

Post a Comment