Encryption Backdoor Threatens Privacy of All

Commentary, Fergus Hodgson, Information Technology

Canada’s spy agencies want access to your encrypted communication, and they have a ploy to get it without going through Parliament.

Australia is where the action is taking place since she has fewer constitutional protections for privacy. The 2018 Assistance and Access Bill would force tech companies such as Wickr and Telegram to provide state agencies with backdoor access to otherwise encrypted messages.

If passed, this legislation would be even more invasive than the United Kingdom’s notorious 2016 Investigatory Powers Act, also known as the Snoopers’ Charter. Access Now, an international NGO that advocates for individual rights online, explains that the Australian version grants “broad authorities that will increase government hacking.”

Their greatest concern is unpredictability. There is “almost no understanding of the limitations, the implications, or oversight … It is unclear who could be implicated, what could be requested, what the effects would be, and how oversight would work.”

The bill’s likely passage affects Canadians because three federal intelligence agencies—the CFIC, CSE, and CSIS—participate in the Five Eyes alliance. Australia, without a bill of rights, is a member of the sophisticated data-sharing scheme, along with New Zealand, the United Kingdom, and the United States.

The rising pressure on tech companies suggests their prevailing encryption methods are a barrier. That has been the impetus for the five-nation initiative, announced after an August meeting.

The meeting attendees contend rising and elaborate “encryption designs present challenges for nations in combating serious crimes and threats to national and global security.… [Encryption is] being used by criminals, including child sex offenders, terrorists, and organized crime groups, to frustrate investigations and avoid detection and prosecution.”

While the alliance members claim to oppose “arbitrary or unlawful interference,” they also state ominously that “privacy is not absolute.” They are already pressuring tech firms to “voluntarily establish lawful access solutions to their products and services.”

The challenge in this situation is that we face an unprecedented level of surveillance capacity. This is not a matter of simply searching “homes, vehicles, and personal effects,” although the Five Eyes representatives seek to draw the parallel. Even those conventional domains are vulnerable to pernicious invasions from state agents, as High River residents know all about in Alberta.

While there is no doubt that some bad actors use encryption to hide their tracks, we must consider whether that compels us to make all-encompassing data available to state agencies. Will these agencies respect our privacy and work in our best interests, rather than their own? Once tech companies construct backdoor access, how likely is that access to fall into the wrong hands?

We need not look far to find the answers.

Canada’s spy agencies have a documented history of abusing their powers and misleading those appointed to limit agency overreach. As reported by the Globe and Mail in 2013, Federal Judge Richard Mosley rebuked the CSIS and CSE for illegally utilizing US and British surveillance dragnets and for their “deliberate decision to keep the court in the dark.”

CSIS officials, Mosley wrote, “strategically omit information in [warrant] applications … about their intention to seek the assistance of the foreign partners.”

Documents released by US-exile and whistleblower Edward Snowden demonstrate a nonchalant attitude towards privacy from the Five Eyes intelligence agencies. The Guardian has reported that in 2008 the Australian Defence Signals Directorate (DSD) was already able to “share bulk material” without the sort of privacy restraints Canadians would expect. With or without the DSD, the United States and the United Kingdom have been sharing metadata on each other’s constituents and targeted foreigners, even German Chancellor Angela Merkel.

The temptation to use these backdoors is great, not only for snooping state agencies. Such private information commands lucrative returns on the black market. Victoria Henderson, a doctoral candidate at Queen’s University at Kingston, has written how Five Eyes intelligence has been used for corporate espionage. That includes Canadian spying on Petrobras of Brazil, as the state company sought to auction off oil rights.

Henderson writes that economic espionage, going both ways, is widely acknowledged and should be protected against not hastened. It merits concern because it costs “Canada billions every year and [puts] Canadian companies at a competitive disadvantage in international markets.”

As Henderson writes, “Nothing is arguably more naive than giving government a blank cheque for national security.” Digital spying from Canadian intelligence agencies and their collaborators has already compromised Section Eight of the Charter of Rights and Freedoms. The borderless nature of online information compounds our challenge, since our privacy is vulnerable to foreign powers.

The Assistance and Access Bill in Australia is neither the beginning nor the end of the tussle for private data. The surreptitious nature of the strategy indicates the lines are already drawn and the need for vigilance towards Canada’s intelligence agencies. The burden of proof is on them to demonstrate they need and will be responsible with expanded surveillance powers.