Governments of the world have a testy relationship with encrypted messaging services, to say the least. They don't like the fact that they can't snoop at our private messages remotely, and have been demanding tech companies install backdoors for what seems like forever. If you thought they were quietening down about that topic, you were sadly mistaken, because the Five Eyes intelligence alliance (which includes the UK) have renewed demands that such services install backdoors for government snooping.
So now we've back to that same argument, with governments insisting that such backdoors are safe, and a great idea because terrorists. On the other side of the argument are the companies in question, plus a bunch of people who actually know what they're talking about, pointing out that this is a horrendously bad idea. And so continues the constant circle of debate, with governments adamantly refusing to take in information they don't want to hear.
In this instance we have the governments of the UK, USA, Canada, Australia, and New Zealand submitting proposals that would take a stronger stance on encrypted messaging. Specifically they said the following:
“The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries.
Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
While it wasn't mentioned directly, it wouldn't surprise me if someone in these meeting suggested that such backdoors would only be available to the governments in question. Because they've said this before, oblivious to the fact that a backdoor is a backdoor and insecure by definition. Anyone with the right skills and knowledge can find it, and exploit it, which we have seen happen so many times in the past.
But this shouldn't be a surprise. Our former Home Secretary once admitted that she didn't understand encryption, and insisted "real people" don't need it. Similarly Australia seems to think that it can force the laws of mathematics to bend the knee to the laws of Australia, which is so mind-numbingly stupid it makes my head hurt thinking about it. More so when you remember that they've doubled down on this, and proposed laws that would fine tech companies who don't hand over the content of encrypted messages.
It's even dafter when you remember that creating encrypted messaging is not a skill restricted to companies with giant budgets. You hack holes into existing services, and all that'll do is drive the bad people towards services that don't have the same vulnerabilities - even if they end up making it themselves. [TechRadar]