Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages

by

Apple and other tech giants have joined civil society groups and security experts in condemning proposals from Britain's cybersecurity agency that would enable law enforcement to access end-to-end encrypted messages (via CNBC).

1280px GCHQ aerial

British Government's Communications HQ in Cheltenham, Gloucestershire

In an open letter to the U.K.'s GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp urged the U.K. eavesdropping agency to ditch plans for its so-called "ghost protocol," which would require encrypted messaging services to direct a message to a third recipient, at the same time as sending it to its intended user.

Ian Levy, the technical director of Britain's National Cyber Security Centre, and Crispin Robinson, GCHQ's head of cryptanalysis, published details of the proposal in November 2018. In the essay, Levy and Robinson claimed the system would enable law enforcement to access the content of encrypted messages without breaking the encryption.

The officials argued it would be "relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," and claimed this would be "no more intrusive than the virtual crocodile clips," which are currently used in wiretaps of non-encrypted chat and call apps.

Signatories of the letter opposing the plan argued that the proposal required two changes to existing communications systems that were a "serious threat" to digital security and fundamental human rights, and would undermine user trust.

"First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

"Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

"The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ's ghost proposal completely undermines this trust relationship and the authentication process."

Apple's strong stance against weakened device protections for the sake of law enforcement access was highlighted in the 2016 Apple vs. FBI conflict that saw Apple refuse to create a backdoor access solution to allow the FBI to crack the iPhone 5c owned by San Bernardino shooter Syed Farook.

Responding to the open letter, which was first sent to GCHQ on May 22, the National Cyber Security Centre's Ian Levy told CNBC: "We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion."

"We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," Levy said.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: Apple Privacy, Encryption, Security, United Kingdom

Popular Stories

App Store vs EU Feature 2

Apple Says It Doesn't Approve of EU Porn App

Monday February 3, 2025 1:15 pm PST by
Apple does not approve of the "Hot Tub" pornography app that was released for the iPhone in the EU using alternative app distribution, Apple said in a statement to MacRumors. Further, Apple is concerned about the potential user safety risks with a pornography app, and says that it undermines consumer trust in the Apple ecosystem. We are deeply concerned about the safety risks that hardcore...
Read Full Article475 comments
General Apple Invites Feature

Apple Launches New 'Invites' App

Tuesday February 4, 2025 8:00 am PST by
Apple today announced the launch of a new app called "Invites," which is designed to allow users to plan events like birthday parties, graduations, vacations, baby showers, and more. "With Apple Invites, an event comes to life from the moment the invitation is created, and users can share lasting memories even after they get together," said Brent Chiu-Watson, Apple's senior director of...
Read Full Article272 comments
iOS 18

iOS 18.4 Will Include These New Features for Your iPhone

Wednesday February 5, 2025 7:15 am PST by
iOS 18.3 was released last month, so the first iOS 18.4 beta should be coming soon. iOS 18.4 is expected to be a more substantial update for the iPhone, with several new features and changes related to Apple Intelligence and beyond. Apple's website suggests that iOS 18.4 will be released in April, following beta testing. Below, we outline what to expect from the update so far. Apple...
Read Full Article
maxresdefault

An Apple TV Refresh is Coming in 2025 - Here's What You Should Know

Wednesday February 5, 2025 10:17 am PST by
Apple hasn't refreshed the Apple TV since 2022, but rumors suggest that we're finally going to get an update in 2025. We don't have a full picture of what to expect yet, but we have some hints on what's coming. Subscribe to the MacRumors YouTube channel for more videos. Updated A-Series Chip The current Apple TV 4K uses the A15 Bionic chip that was in the iPhone 13 lineup, and it's time for...
Read Full Article138 comments
applecare apple care banner

Apple Raises Monthly AppleCare+ Subscription Price for All iPhones

Tuesday February 4, 2025 9:35 am PST by
Apple this week increased the prices for its monthly AppleCare+ subscription prices for the iPhone, raising the cost by 50 cents for all models in the United States. Standard AppleCare+ for the iPhone 16 models is now priced at $10.49 per month, for example, up from the prior $9.99 per month price. The 50 cent price increase applies to all available AppleCare+ plans for Apple's current...
Read Full Article136 comments
iCloud General Feature Redux

'Apple Invites' Leaked on iCloud Website

Tuesday February 4, 2025 7:11 am PST by
Update: The new Apple Invites app has officially been announced. The main iCloud.com page has seemingly confirmed Apple's rumored invites tool, which has yet to be officially announced by the company. The page says "Apple Invites" will be an iCloud+ feature:Upgrade to iCloud+ to get more storage, plan events with Apple Invites, and have peace of mind with privacy features like iCloud...
Read Full Article28 comments
apple power beats pro 2

Apple Expected to Announce Powerbeats Pro 2 on February 11 With These New Features

Sunday February 2, 2025 6:15 am PST by
Apple previously teased that Powerbeats Pro 2 would be released in 2025, and now an announcement date has leaked. Bloomberg's Mark Gurman today said Apple plans to unveil the wireless earbuds on Tuesday, February 11. Powerbeats Pro 2 will be priced at $250 in the U.S., he said. Powerbeats Pro are a sportier, fitness-focused alternative to AirPods Pro with built-in, adjustable ear hooks...
Read Full Article44 comments
hot tub app eu

EU's AltStore Gets First Native iOS Pornography App

Monday February 3, 2025 11:13 am PST by
In the European Union, the Digital Markets Act allows developers to distribute iOS apps through alternate app stores. While Apple checks those apps for malware and other malicious content, there are few restrictions on subject matter, unlike Apple's own App Store. As a result, EU users can now download the first dedicated native pornography app created for the iPhone. Called Hot Tub, the app ...
Read Full Article206 comments

Top Rated Comments

gnasher729 Avatar
gnasher729
74 months ago
Two recent news reports: Criminals in the USA are using malware stolen from the NSA to hack into companies' computers, encrypt files, and ask for ransom money. Criminals in China are using malware most likely stolen from the Chinese governments to hack into companies' servers and install malware for bitcoin mining.

If the NSA cannot keep its malware from being stolen by criminals, and the Chinese government cannot keep its malware from being stolen by criminals, what are the chances that GCHQ can read encrypted messages, without that ability getting stolen by criminals? Zero.
Score: 33 Votes (Like | Disagree)
Quu Avatar
Quu
74 months ago
This is a better approach than forcing a backdoor. It's not the right solution yet but with tweaks (e.g., no changes to encryption, only done after a warrant) it could work. This is essentially wiretapping.
What you've just said is essentially acceptance of the status quo because wiretapping has been done in the past why not apply it to technology of today.

When instead we should be asking ourselves, should wiretapping be allowed at all? - Now that we have the technical means to withstand that kind of attack on our communications should we allow it to continue?

I think not. Also we need to keep mind of the slippery slope that is occuring. You cannot compel someone to give up a password to their device but they can force you to look at your FaceID or place your finger on a TouchID fingerprint reader.

What happens in 50 years from now when we get the ability to access people's memories directly from their brains using some kind of special sensor placed on the skull? - Well we had wiretaps to hear what people said on the phone, then we had that encryption law that let us add ourselves to conversations held in apps.. this is just a natural extension of that, now we can actually see what they said right from their own brains.
Score: 21 Votes (Like | Disagree)
DVD9 Avatar
DVD9
74 months ago
"We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists.

How about you physically remove from your country those responsible for creating the terrorists?

That's the only kind of help I'm going to seek from any "security forces".
Score: 17 Votes (Like | Disagree)
vrDrew Avatar
vrDrew
74 months ago
The British Government has lost the plot when it comes to data collection.

Under a new program, police are demanding that victims of sexual assault turn over the entirety of the data on their mobile phones, or else they will refuse to prosecute ('https://www.independent.co.uk/news/uk/crime/rape-victims-phones-police-investigation-disclosure-forms-cps-a8888376.html').

Governments can rationalise pretty much anything. It's up to the people to stand up and say: Enough!
Score: 15 Votes (Like | Disagree)
GaryMumford Avatar
GaryMumford
74 months ago
GCHQ = Mini Apple Park
Score: 12 Votes (Like | Disagree)
Sasparilla Avatar
Sasparilla
74 months ago
"We welcome this response to our request for thoughts on exceptional access to data -- for example to stop terrorists..."

I love this - cause the terrorists are going to be using the messaging apps that can monitored by the governments? Um, no. This is about the government being able to monitor the general citizenry's communications cause they want to.
Score: 12 Votes (Like | Disagree)
Read All Comments