India, along with the Five Eyes intelligence alliance and Japan, wants companies to build backdoors to end-to-end encrypted platforms for access to law enforcement agencies, according to an international statement signed by the seven countries. They have argued that end-to-end encryption poses “significant challenges to public safety”, especially to the safety of “highly vulnerable members” of society like sexually exploited children. The Five Eyes alliance comprises of USA, UK, Australia, New Zealand and Canada.
What do they want? The seven nations want companies to:
- Build backdoors for law enforcement agencies so that they can access content in a readable and usable format with lawful, necessary and proportionate authorisation, and “strong safeguards and oversight”.
- Act against illegal content and activity without reducing safety and facilitate in investigation and prosecution of offences. The statement calls it “embed[ding] the safety of the public in system designs”.
Why do they want backdoors to E2E encrypted platforms? The seven countries have argued that lack of lawful access to such content:
- Undermines companies’ own ability to identify and respond to violations of terms of service including responding to child sexual abuse material (CSAM), terrorist propaganda, and violent crime.
- Prevents lawful authorities from investigating serious crimes and protecting national security.
Protecting children from sexual abuse and tracing paedophiles is not a new concern. This international statement reiterated USA, UK and Australia’s October 2019 letter to Facebook which said that the previous year, Facebook made 16.8 million of the 18.4 million reports to the US National Center for Missing and Exploited Children (NCMEC). The Sunday international statement also cited WePROTECT Global Alliance as per which reports of CSAM would disappear if end-to-end encryption is made the default option on Facebook Messenger.
Who signed the statement? US Attorney General William Barr, British Home Secretary Priti Patel, Australian Home Minister Peter Dutton, Canadian Minister of Public Safety William (Bill) Blair and Kiwi Minister of Justice Andrew Little. Little is also the “Minister Responsible” for the New Zealand Security Intelligence Service (NZSIS) and Government Communications Security Bureau (GCSB).
- Representatives from India and Japan who signed the statement have not been identified. We have reached out to the Indian Ministries of Home, External Affairs, and Information and Technology to find out which ministry and representative signed this statement.
Statement mischaracterises support from EU on backdoors
Interestingly, the international statement quoted a EU-US joint statement from December 2019: “the use of warrant-proof encryption by terrorists and other criminals — including those who engage in online child sexual exploitation — compromises the ability of law enforcement agencies to protect victims and the public at large”. However, the seven nations’ statement, despite acknowledging the importance of encryption for cybersecurity and privacy, doesn’t quote the EU-US statement in its entirety. Here is what the statement said on encryption:
“We also acknowledged that the use of warrant-proof encryption by terrorists and other criminals — including those who engage in on-line child sexual exploitation — compromises the ability of law enforcement agencies to protect victims and the public at large. At the same time, encryption is an important technical measure to ensure cybersecurity and the exercise of fundamental rights, including privacy, which requires that any access to encrypted data be via legal procedures that protect privacy and security. Within this framework, we discussed the critical importance of working towards ensuring lawful access for law enforcement authorities to digital evidence, including when encrypted or hosted on servers located in another jurisdiction.” — EU-US Joint Statement from December 2019 [emphasis ours]
Which makes sense because the European Union has categorially denied supporting backdoors to encrypted communications in email exchange with MediaNama. A European Commission spokesperson had told us, “This means that encryption software should not be weakened or be made vulnerable. The Commission does not support the development or mandatory introduction of backdoors (i.e. code that would allow one party alone to access encrypted content sent by other parties, without the knowledge of these parties).”
Growing clamour against E2E encryption
This is not the first time that these nations have called for backdoors to end-to-end encrypted platforms like WhatsApp and Signal.
- India has for a long time demanded a way to trace originator of messages on end-to-end encrypted platforms, especially WhatsApp that has over 400 million users in India, its largest market. While initially IT Minister Ravi Shankar Prasad had said that traceability would be WhatsApp’s job, in the WhatsApp traceability case, the government eventually demanded it. An ad hoc Rajya Sabha committee had also recommended that law enforcement agencies should be permitted to break end-to-end encryption to trace child abusers. It is interesting that the Indian representative did not talk about the malaise of misinformation on E2E encrypted platforms since that is the major reason the Indian government has been pushing for traceability.
- The Five Eyes intelligence alliance, in 2019, had asked technology companies to “include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format”.
- In October 2019, UK, USA and Australia had written an open letter to Facebook CEO Mark Zuckerberg, asking him not to introduce end-to-end encryption to Messenger and Instagram Messenger without backdoors for law enforcement agencies, citing loss of access to content that helps agencies nab terrorists, paedophiles, and other serious criminals as the reason. In response, Messenger and WhatsApp had refused to build backdoors citing privacy and cybersecurity. 129 signatories had urged the company to resist introducing end-to-end encryption on Facebook’s messaging platforms, and their subsequent integration while 58 civil society organisations had supported
- The Japanese Criminal Procedure Code allows law enforcement agencies to request courts to order for the decryption of encrypted information during criminal investigations. While telecommunications carriers are obligated to cooperate with law enforcement agencies in decryption, they are not penalised for refusing to do so. They are also not legally obligated to build backdoors or ways to intercept communications.
WhatsApp has long maintained that intercepting communications on an end-to-end encrypted platform is impossible, as is tracing the originator of a forwarded message. WhatsApp, had argued that even on a matter as serious as child pornography, WhatsApp’s hands were tied because of end-to-end encryption. However, WhatsApp also uses PhotoDNA to scan unencrypted profile photos of WhatsApp users to find and take down accounts of people and groups engaged in sharing CSAM. WhatsApp’s head, Will Cathcart, has repeatedly refused to build backdoors and called them a “horrible idea”.
- ‘Don’t introduce end-to-end encryption,’ UK, US and Australia ask Facebook in an open letter
- European Commission does not support backdoors to encrypted communications
- Big Tech launch Project Protect to fight online child sexual exploitation and abuse
- Tell us if traceability is technically possible: Madras HC to WhatsApp and IIT Madras professor
- Read about the WhatsApp traceability case in the Indian Supreme Court here.