Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages

Apple and other tech giants have joined civil society groups and security experts in condemning proposals from Britain's cybersecurity agency that would enable law enforcement to access end-to-end encrypted messages (via CNBC).

1280px GCHQ aerial

British Government's Communications HQ in Cheltenham, Gloucestershire

In an open letter to the U.K.'s GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp urged the U.K. eavesdropping agency to ditch plans for its so-called "ghost protocol," which would require encrypted messaging services to direct a message to a third recipient, at the same time as sending it to its intended user.

Ian Levy, the technical director of Britain's National Cyber Security Centre, and Crispin Robinson, GCHQ's head of cryptanalysis, published details of the proposal in November 2018. In the essay, Levy and Robinson claimed the system would enable law enforcement to access the content of encrypted messages without breaking the encryption.

The officials argued it would be "relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," and claimed this would be "no more intrusive than the virtual crocodile clips," which are currently used in wiretaps of non-encrypted chat and call apps.

Signatories of the letter opposing the plan argued that the proposal required two changes to existing communications systems that were a "serious threat" to digital security and fundamental human rights, and would undermine user trust.

"First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

"Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

"The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ's ghost proposal completely undermines this trust relationship and the authentication process."

Apple's strong stance against weakened device protections for the sake of law enforcement access was highlighted in the 2016 Apple vs. FBI conflict that saw Apple refuse to create a backdoor access solution to allow the FBI to crack the iPhone 5c owned by San Bernardino shooter Syed Farook.

Responding to the open letter, which was first sent to GCHQ on May 22, the National Cyber Security Centre's Ian Levy told CNBC: "We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion."

"We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," Levy said.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
New MacBook Pros Launching Tomorrow With These 4 New Features 2

M5 MacBook Models to Use New Compact Camera Module in 2025

Wednesday July 17, 2024 2:58 am PDT by
Apple in 2025 will take on a new compact camera module (CCM) supplier for future MacBook models powered by its next-generation M5 chip, according to Apple analyst Ming-Chi Kuo. Writing in his latest investor note on unny-opticals-2025-business-momentum-to-benefit-509819818c2a">Medium, Kuo said Apple will turn to Sunny Optical for the CCM in its M5 MacBooks. The Chinese optical lens company...
Apple Watch Series 9

2024 Apple Watch Lineup: Key Changes We're Expecting

Tuesday July 16, 2024 7:59 am PDT by
Apple is seemingly planning a rework of the Apple Watch lineup for 2024, according to a range of reports from over the past year. Here's everything we know so far. Apple is expected to continue to offer three different Apple Watch models in five casing sizes, but the various display sizes will allegedly grow by up to 12% and the casings will get taller. Based on all of the latest rumors,...

Top Rated Comments

gnasher729 Avatar
67 months ago
Two recent news reports: Criminals in the USA are using malware stolen from the NSA to hack into companies' computers, encrypt files, and ask for ransom money. Criminals in China are using malware most likely stolen from the Chinese governments to hack into companies' servers and install malware for bitcoin mining.

If the NSA cannot keep its malware from being stolen by criminals, and the Chinese government cannot keep its malware from being stolen by criminals, what are the chances that GCHQ can read encrypted messages, without that ability getting stolen by criminals? Zero.
Score: 33 Votes (Like | Disagree)
Quu Avatar
67 months ago
This is a better approach than forcing a backdoor. It's not the right solution yet but with tweaks (e.g., no changes to encryption, only done after a warrant) it could work. This is essentially wiretapping.
What you've just said is essentially acceptance of the status quo because wiretapping has been done in the past why not apply it to technology of today.

When instead we should be asking ourselves, should wiretapping be allowed at all? - Now that we have the technical means to withstand that kind of attack on our communications should we allow it to continue?

I think not. Also we need to keep mind of the slippery slope that is occuring. You cannot compel someone to give up a password to their device but they can force you to look at your FaceID or place your finger on a TouchID fingerprint reader.

What happens in 50 years from now when we get the ability to access people's memories directly from their brains using some kind of special sensor placed on the skull? - Well we had wiretaps to hear what people said on the phone, then we had that encryption law that let us add ourselves to conversations held in apps.. this is just a natural extension of that, now we can actually see what they said right from their own brains.
Score: 21 Votes (Like | Disagree)
DVD9 Avatar
67 months ago
"We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists.

How about you physically remove from your country those responsible for creating the terrorists?

That's the only kind of help I'm going to seek from any "security forces".
Score: 17 Votes (Like | Disagree)
vrDrew Avatar
67 months ago
The British Government has lost the plot when it comes to data collection.

Under a new program, police are demanding that victims of sexual assault turn over the entirety of the data on their mobile phones, or else they will refuse to prosecute ('https://www.independent.co.uk/news/uk/crime/rape-victims-phones-police-investigation-disclosure-forms-cps-a8888376.html').

Governments can rationalise pretty much anything. It's up to the people to stand up and say: Enough!
Score: 15 Votes (Like | Disagree)
GaryMumford Avatar
67 months ago
GCHQ = Mini Apple Park
Score: 12 Votes (Like | Disagree)
Sasparilla Avatar
67 months ago
"We welcome this response to our request for thoughts on exceptional access to data -- for example to stop terrorists..."

I love this - cause the terrorists are going to be using the messaging apps that can monitored by the governments? Um, no. This is about the government being able to monitor the general citizenry's communications cause they want to.
Score: 12 Votes (Like | Disagree)