11 Jan 2019

Should tech companies provide governments with access to encrypted data?

Soon, technology companies will be compelled to provide governments with a decryption key

Recently, 5 governments asked internet companies to give officials back-door access to users’ online activities. The idea was to compel tech companies to provide a key to encrypted software so that no users’ software will be beyond the governments’ reach. From the governments’ point of view, those decryption keys are required to allow security officials to carry out each governments’ primary duty which is to protect its citizens.

The 5 governments which are known as the Five Eyes consist of the US, the UK, Canada, Australia and New Zealand. They have recently issued a memo to tech companies urging them to “create customised solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements”.

Despite the confusion which surrounded the early internet days, where it seemed unclear whether governments’ traditional powers to regulate individuals’ activities extended to the online world, democratic governments are now certain of the obvious. There is no difference between the offline and online laws. The internet isn’t the “planet of the people” or the place where governments are not welcomed. It is in fact precisely the place where governments should base their protective activities. The internet is where citizens’ protection is needed the most nowadays.

The memo by the Five Eyes is a powerful statement that projects the serious intention of the 5 governments to get involved. They no longer wish to leave the internet unregulated and insecure. The online society is still a society consisting of people who require protection and it is likely that governments’ access to encrypted software, under the right circumstances and with the correct degree of scrutiny, will result in combatting serious criminal activities and particularly of terrorism.

What the governments are really after is the ability to track money laundering activities which end up sponsoring terrorism across the world and to have the ability to uncover planned terrorist attacks. It is likely however, that once in possession of decryption keys, governments will use the right of access to also tackle issues such as people trafficking and other criminal activities which are currently sheltered by internet and technology companies through encryption.

It is unknown how many of the internet and technology companies have already conceded to the request to provide decryption keys to new software. It is clear however, that the request for a voluntary co-operation is a signal to technology companies that the governments are thinking of new laws which would remove the choice from technology companies whether to assist or not. The real threat is that the power to act reasonably will be taken away from technology companies who will eventually be compelled by laws to provide those keys. European traditional favouritism of big state over free speech could provide the right space for relevant legislation to be enacted in a way that will effectively force US based companies to comply.

The real question is, should the normative internet or technology user be worried? The answer is that they probably shouldn’t. The governments are saying that they are intending to only access encrypted data following a thorough legal process.  This will involve the approval by a judge of any attempt to access internet users’ data. They want their officials to act within the law and for the law to be clear about when, how and who can access the encrypted information. They want, at the same time, not to be seen as attempting to over-regulate the internet hence, the starting point of a “polite request”.

Upcoming Events

May 2018

17May2018
18May2018

Internet Law Leadership Summit

An annual gathering of the world’s greatest internet law attorneys’ network. Attendance is by invitation only

From 08:30 until 18:00

At ARIA Resort Las Vegas

Find out more...

April 2018

09Apr2018

Data Protection Practitioners' Conference 2018

UK's most informative ICO data protection law annual conference for law practitioners

From 08:30 until 16:45

At At: Manchester Central Conference Centre

Find out more...