Statement of Principles on Access to Evidence and Encryption (United States, the United Kingdom, Canada, Australia and New Zealand)
From the preamble:
The Governments of the United States, the United Kingdom, Canada, Australia and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights. Encryption is vital to the digital economy and a secure cyberspace, and to the protection of personal, commercial and government information.
However, the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security. Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution.
Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute. It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards. The same principles have long permitted government authorities to search homes, vehicles, and personal effects with valid legal authority.
The increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention and informed discussion on the complexity of the issues and interests at stake. Otherwise, court decisions about legitimate access to data are increasingly rendered meaningless, threatening to undermine the systems of justice established in our democratic nations.
Each of the Five Eyes jurisdictions will consider how best to implement the principles of this statement, including with the voluntary cooperation of industry partners. Any response, be it legislative or otherwise, will adhere to requirements for proper authorization and oversight, and to the traditional requirements that access to information is underpinned by warrant or other legal process. We recognize that, in giving effect to these principles, governments may have need to engage with a range of stakeholders, consistent with their domestic environment and legal frameworks.
…
This joint statement memorializes Five Eyes jurisdictions’ ignorance of computer encryption. Or perhaps basic logic, that material cannot be accessible and yet not accessible (encrypted) at the same time. It’s called a contradiction in terms.
The Five Eye jurisdictions may as well decide to round Pi off to 3.14. (STOP! That was sarcasm, please don’t meddle with Pi. All sorts of things, missiles, rockets, aircraft, etc., will suddenly go horribly wrong.)
Do not engage with any of the Five Eye jurisdictions on any proposal to give governments access to encrypted materials.
I mean that quite literally. There are no facts to be produced, no trade-offs to discuss, no supervisory mechanisms to considered. Cybersecurity experts have already established that data either is or is not encrypted. Any backdoor into an encryption system means it isn’t secure. (full stop)
There aren’t any viable issues open for discussion.
By your non-participation, the Five Eye jurisdictions will write their regulations more poorly than with your presence.
The poorer the regulations, the more easily breached the resulting encryptions will be.