Computerworld

Five Eyes to tech industry: Make access to online communications possible, or else

Five Eyes nations call for ICT service providers to make it easier for police to access data

The attorneys-general and interior ministers of the Five Eyes nations — Australia, Canada, New Zealand, the UK and the US — have called for ICT service providers “to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries”.

The ‘Statement of Principles on Access to Evidence and Encryption’ was one of the outcomes of a five country ministerial meeting held on the Gold Coast on August 28 and 29.

“Governments should not favor a particular technology; instead, providers may create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements,” the statement says. “Such solutions can be a constructive approach to current challenges.”

If the governments “continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries” they may “pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”

The statement adds that governments should “recognize that the nature of encryption is such that that there will be situations where access to information is not possible, although such situations should be rare.”

The Australian government recently released draft legislation that is intended to boost the ability of police and intelligence agencies to access online communications services during investigations.

The exposure draft of the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 includes a system of “technical capability notices” that can be used to compel tech companies to develop new measures to allow access to the data of suspects during investigations. However, the bill includes a prohibition on requiring the implementation of a “systemic weakness” or a “a new decryption capability”.

A separate statement issued by the ministerial meeting called for online service providers to heighten efforts to combat the posting of violent extremist and child exploitation material.

That should include capabilities “to prevent illegal and illicit content from ever being uploaded, and to execute urgent and immediate takedown where there is a failure to prevent upload” and deploying “human and automated capabilities to seek out and remove legacy content.”

Capabilities including “photo DNA tools” should be used to “detect, remove and prevent re‑upload of illegal and illicit content, as well as content that violates a company's terms of service.”

User safety should be built into the design of all platforms and services, the statement said.

Companies should also build upon “successful hash sharing efforts to further assist in proactive removal of illicit content.”

In addition, efforts should be made to “counter foreign interference and disinformation” and counter live streaming of child sexual abuse.

The official communique of the meeting said that “senior digital industry representatives” did not accept an invitation to participate in discussions on the illicit use of online spaces.

The meeting agreed to boost transnational sharing of information to “support more effective responses to serious criminal threats” and to increase cyber security collaboration including strengthening “connectivity between our cyber watch offices to enhance shared 24/7 monitoring of hostile cyber activity”.