The U.S. and four major allies warn new legislation might be necessary to ensure law enforcement can access communications.
Homeland Security Secretary Kirstjen Nielsen joined leaders of the U.S.’s four major intelligence sharing partners Thursday in a statement urging tech companies to help law enforcement access otherwise-encrypted communications from criminals and terrorists.
The joint statement stopped short of urging new laws to mandate that cooperation but warned that “should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
The statement from the U.S., Canada, the United Kingdom, Australia and New Zealand, collectively known as the Five Eyes, describes law enforcement’s inability to access encrypted communications as “a pressing international concern that requires urgent, sustained attention.”
While “governments should recognize that the nature of encryption is such that there will be situations where access to information is not possible,” the statement notes, “such situations should be rare.”
Obama and Trump administration officials have warned since 2014 that end-to-end encryption systems, which shield the content of communications even from the communications provider, are allowing criminals and terrorists to plan operations outside law enforcement’s reach.
Legislative proposals that would make it easier for police to access those communications have failed to gain traction, however, even after a 2015 showdown between the FBI and Apple over an encrypted iPhone used by San Bernardino shooter Syed Farook.
An inspector general’s investigation in March found the FBI rushed to court in that case, seeking to compel Apple’s assistance without exploring other options for cracking into the phone.
Thursday’s statement notes that: “Providers of information and communications technology and services … are subject to the law, which can include requirements to assist authorities to lawfully access data, including the content of communications.”
The statement does not go into detail, however, about what laws would justify those requirements and how they should be interpreted. The San Bernardino case was never decided in court because an unknown third party sold the FBI a method for breaking through the phone’s passcode and accessing its encrypted contents.
U.S. tech companies, for the most part, have resisted calls to cooperate with law enforcement. They argue that any effort to weaken encryption would be found and exploited by criminal hackers or foreign spies.
Technologists, civil libertarians and many members of Congress have urged police to use other methods to break through encrypted communications without forcing companies to help or installing government backdoors into encryption systems.
Those methods include obtaining a warrant to hack into the communications and building a case using unencrypted metadata.
During the summit, Nielsen and other Five Eyes officials also agreed to strengthen cooperation between their nations’ cyber centers and to cooperate on improving the cybersecurity of supply chains for critical infrastructure such as energy plants and airports.