Attorney General William Barr and his Australian and British counterparts made headlines recently when they wrote an open letter urging Facebook to create backdoors in its encryption. Not content with open letters, the FBI has drafted a resolution for Interpol to release urging companies to create methods that would allow access to encrypted data.
Sources told Reuters the resolution “would be released without a formal vote by representatives of the roughly 60 countries in attendance.” A draft of the resolution seen by Reuters uses the threat of child exploitation as the reason behind the need for weakened encryption.
“Service providers, application developers and device manufacturers are developing and deploying products and services with encryption which effectively conceals sexual exploitation of children occurring on their platforms.
“Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and useable format.”
According to Nicole Perloth at the New York Times, however Interpol is denying the resolution was ever considered:
Interpol telling me this Reuter’s story is inaccurate:
Dear Ms Perlroth,
As per our statement there are, and were, no plans at this time for the INTERPOL General Secretariat to issue a statement in relation to encryption.
Regards,
Press Officehttps://t.co/EItFe0D3Je— Nicole Perlroth (@nicoleperlroth) November 18, 2019
There is no doubt the resolution was drafted, with both Reuters and Ars Technica having seen a copy of it. The only question is whether Reuters’ sources about Interpol’s intentions were incorrect, or whether Interpol is attempting to backpedal after the news broke.
Either way, it’s another disturbing escalation of attempts to weaken end-to-end encryption. The draft resolution itself is misleading in nature. Ars reports the resolution claims “technologists agree” that creating systems that “\[allow] for lawful access to data, while maintaining customer privacy…can be implemented in a way that would enhance privacy while maintaining strong cyber security.”
In point of fact, nothing could be further from the truth. As previously highlighted, mathematicians, cryptologist and privacy experts all agree there is no silver bullet. It is simple math—there is no way for encryption to be strong and protect its users, while simultaneously having backdoors or other means for companies or governments to access the encrypted data.
If Interpol could be persuaded to condemn strong encryption, it would make it easier for countries around the world to pass laws requiring companies to create backdoors. Such a result would be disastrous for journalists, whistleblowers, political dissidents, refugees and anyone else who values their privacy.