Ministers from the Five Eyes – five countries who’ve agreed to share surveillance data and expand their surveillance capabilities whenever they can – are calling on tech companies to give their governments backdoor access to encrypted private communications or face the consequences. They want to take away your online privacy at the cost of your security.
What are the Five Eyes?
In online privacy circles, the Five Eyes refers to a surveillance allianceformed between five countries after World War II between the United States, the United Kingdom, Canada, Australia, and New Zealand. Since then, these members’ surveillance capabilities have expanded significantly, as has their appetite for your data.
This isn’t a conspiracy theory – Wikipedia covers the history of the group in great detail. But we’re not talking about their history, we’re talking about what they’re doing now. Until now, Australia and the USA have been the group’s greatest agitator for undermining private encryption.
The FBI in the US has been looking for ways to undermine the encryption of Apple devices, and the Australian government seems to submit a new attempt to create encryption backdoors for social media networks like Facebook every year. Now, however, the Five Eyes have finally taken a unified approach.
An attack on fundamental online privacy and safety
Before we continue, there are two different things we must establish about encryption, whether it’s through a VPN like NordVPN or while sending end-to-end encrypted messages through an app like Telegram:
- Encryption means online security. Encryption is one of the best tools available for making your messages impossible to alter. It is the best guarantee we have that the message you sent is the message your recipient is getting. And that nobody has altered it in any way while encrypted.
- Encryption means online privacy. Encryption is also one of the best tools available to make sure your online digital messages are impossible to read by anyone other than the recipient. This overlaps significantly with security, of course, as it means that a hacker can’t discover your online banking password. However, it also means that it secures your basic right to private communication.
Now let’s talk about the Five Eyes’ recent meeting. The message shared by the Australian Department of Home Affairs begins on a cheery and positive note, but the main goal quickly becomes clear in their Statement of Principles on Access to Evidence and Encryption:
“Privacy is not absolute. It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards.
“Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
Both messages cite crime and terrorism as the primary justifications for these privacy violations, and while fighting these problems is very important, here’s why we still take issue:
- Governments make mistakes. They consist of people and they aren’t perfect. We already know that some of the most powerful governments in the world maintain terrible data security. If the government can freely access the private communication of any citizen, can we trust them to keep that information safe?
- Governments don’t always follow their own rules. They consist of people who can misbehave. As we saw in the Securus scandal, it was easy for a law enforcement officer to abuse his access to private location data. Can we trust our governments to behave as responsibly with access to our private lives as we’d like them to?
- Privacy is a basic right. The Five Eyes governments take it as a given that they deserve easy access to our private communications. This goes against NordVPN’s values.
- Encryption backdoors destroy online security. As the Five Eyes correctly note, secure encryption is critically important for thousands of businesses around the world (how would online banking, online shopping, or online medical services work without it?). However, they completely ignore the fact that backdoor encryption access can be abused by anyone, not just the government. As it currently exists, end-to-end encryption is like a brick wall stretching all the way from your device to the recipient’s device.
The Five Eyes want to add a door to that tunnel and say they won’t give anyone the key, but the door is still there! The key can be used abusively, stolen, or lost – or someone can pick the lock or force the door open. We are all better off if that door never exists in the first place.
What about non-Five-Eyes countries?
For now, the threat of these measures being enacted can be avoided by operating in a country that is not part of the Five Eyes or any of the other surveillance alliances (like the Fourteen Eyes). NordVPN is proud to operate from the jurisdiction of Panama, which is not a member of the Five Eyes or Fourteen Eyes alliances and does not mandate any sort of data logging or encryption access.
As such, this makes it an effective tool for maintaining your privacy no matter where you’re located. This is even the case in Five Eyes countries – NordVPN, for example, is a highly recommended VPN in Canada. If you’re interested in cybersecurity and privacy issues, sign up for our blog newsletter below!