The Five Eyes countries want to avoid public encryption debate. They did so recently by telling the tech industry things like, “end-to-end encryption should be rare” and “privacy is not absolute.”
Five Eyes Countries
The Five Eyes are the United States, United Kingdom, Canada, Australia, and New Zealand. The term comes from the fact that these countries have an intelligence alliance and created the UKUSA Agreement.
In a joint communiqué and statement of principles created during a meeting, they subtly threaten the tech industry on matters of privacy and encryption. Nothing new, and nothing they haven’t tried before. They want to avoid a public sh*t storm if they try to legislate encryption back doors, something Australia is already working on.
Although the documents acknowledge that encryption is important, they don’t want it to be used often:
Encryption is vital to the digital economy, a secure cyberspace and the protection of personal, commercial and government information. The five countries have no interest or intention to weaken encryption mechanisms. We recognise, however, that encryption, including end-to-end encryption, is also used in the conduct of terrorist and criminal activities…
Governments should recognize that the nature of encryption is such that that there will be situations where access to information is not possible, although such situations should be rare.
National Security Letters
There’s a nasty rumor floating around the security industry that Apple has a National Security Letter requiring them to push people towards iCloud backup + have iMessage store keys in that backup.
This means even with E2E encryption the keys are stored in a backup NSA can access. This would let them decrypt iMessage in real time, as long as either party has icloud backup on.
Note that a critical aspect of NSL’s is that they gag the people responsible, Tim Cook would face jail time if he revealed it’s existence. If you think this is wrong/unconsitutional [sic] write your congressman and tell them you want a repeal of FISA/Section 702 and the criminals responsible held acountable [sic].
Obviously it’s just a rumor, but it’s a reminder that “the cloud” is really just someone else’s computer. Once you store your data on someone else’s computer, you lose control of it.