SoylentNews is people
SoylentNews
Submitted by chromas from IRC, as story from ZDNet:
"The governments of the United States, the United Kingdom, Canada, Australia, and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights," began a document agreed to last week. Sounds good. But wait.
The government ministers who met on Australia's Gold Coast last week went on to explain that the information and communications technology vendors and service providers have a "mutual responsibility" to offer "further assistance" to law enforcement agencies.
"Governments should recognize that the nature of encryption is such that there will be situations where access to information is not possible, although such situations should be rare," it said. That's clearly setting an expectation for industry to meet.
The good news is that service providers who "voluntarily establish lawful access solutions" will have "freedom of choice" in how they do it. "Such solutions can be a constructive approach to current challenges," the document said, cheerily, before ending with a warning.
"Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative, or other measures to achieve lawful access solutions."
The document is the Statement of Principles on Access to Evidence and Encryption. It's one of three statements to come out of the Five Country Ministerial (FCM) meeting of the homeland security, public safety, and immigration ministers of the five Anglosphere nations. They were joined by the attorneys-general of these nations, who have met annually as the so-called Quintet of Attorneys-General for a decade now.
These are, of course, the same nations that participate in the so-called "Five Eyes" signals intelligence (SIGINT) sharing arrangements under the UKUSA Agreement, although these close allies cooperate both diplomatically and operationally at a number of levels.
The FCM meeting also issued an Official Communiqué, and a Statement on Countering the Illicit Use of Online Spaces.
Taken together, the three documents represent a toughening-up of the governments' attitudes to the regulation of online communications. For diplomatic language, some of the communiqué's wording is blunt.
Related Coverage
Also found by Arthur and reported at CNET.
(Score: 3, Insightful) by Azuma Hazuki on Tuesday September 04 2018, @09:37PM (1 child)
That is, if your encryption is breakable on demand, what you have is an encoding, not en encryption. And key escrow is one of the worst, most fragile, most abusable ideas I've heard on the subject yet, the equivalent of "Hey Mr. Government, we've left the key under the at-may, don't tell anyone or let anyone else find it." The fewer keys there are held in escrow, the more valuable each becomes and the more likely *someone* is to steal it, maybe to sell it to some hostile third party. Then what of your encryption? Key escrow relies on humans being angels, and specifically some of the least angelic humans it is possible to find being responsible for said keys.
For N greater than or equal to 3, N people can only keep a secret if (N-1) of them are dead.
I am "that girl" your mother warned you about...
(Score: 3, Informative) by Fnord666 on Monday September 17 2018, @02:55PM
Key escrow also compromises all future conversations encrypted with that key or a key derived from it. Of course the "agencies" involved will not inform you that your escrowed key has been retrieved either.