Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages

Apple and other tech giants have joined civil society groups and security experts in condemning proposals from Britain's cybersecurity agency that would enable law enforcement to access end-to-end encrypted messages (via CNBC).

British Government's Communications HQ in Cheltenham, Gloucestershire

In an open letter to the U.K.'s GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp urged the U.K. eavesdropping agency to ditch plans for its so-called "ghost protocol," which would require encrypted messaging services to direct a message to a third recipient, at the same time as sending it to its intended user.

Ian Levy, the technical director of Britain's National Cyber Security Centre, and Crispin Robinson, GCHQ's head of cryptanalysis, published details of the proposal in November 2018. In the essay, Levy and Robinson claimed the system would enable law enforcement to access the content of encrypted messages without breaking the encryption.

The officials argued it would be "relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," and claimed this would be "no more intrusive than the virtual crocodile clips," which are currently used in wiretaps of non-encrypted chat and call apps.

Signatories of the letter opposing the plan argued that the proposal required two changes to existing communications systems that were a "serious threat" to digital security and fundamental human rights, and would undermine user trust.

"First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

"Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

"The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ's ghost proposal completely undermines this trust relationship and the authentication process."

Apple's strong stance against weakened device protections for the sake of law enforcement access was highlighted in the 2016 Apple vs. FBI conflict that saw Apple refuse to create a backdoor access solution to allow the FBI to crack the iPhone 5c owned by San Bernardino shooter Syed Farook.

Responding to the open letter, which was first sent to GCHQ on May 22, the National Cyber Security Centre's Ian Levy told CNBC: "We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion."

"We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," Levy said.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

(View all)
Avatar
13 months ago
Two recent news reports: Criminals in the USA are using malware stolen from the NSA to hack into companies' computers, encrypt files, and ask for ransom money. Criminals in China are using malware most likely stolen from the Chinese governments to hack into companies' servers and install malware for bitcoin mining.

If the NSA cannot keep its malware from being stolen by criminals, and the Chinese government cannot keep its malware from being stolen by criminals, what are the chances that GCHQ can read encrypted messages, without that ability getting stolen by criminals? Zero.
Score: 33 Votes (Like | Disagree)
Avatar
13 months ago

This is a better approach than forcing a backdoor. It's not the right solution yet but with tweaks (e.g., no changes to encryption, only done after a warrant) it could work. This is essentially wiretapping.

What you've just said is essentially acceptance of the status quo because wiretapping has been done in the past why not apply it to technology of today.

When instead we should be asking ourselves, should wiretapping be allowed at all? - Now that we have the technical means to withstand that kind of attack on our communications should we allow it to continue?

I think not. Also we need to keep mind of the slippery slope that is occuring. You cannot compel someone to give up a password to their device but they can force you to look at your FaceID or place your finger on a TouchID fingerprint reader.

What happens in 50 years from now when we get the ability to access people's memories directly from their brains using some kind of special sensor placed on the skull? - Well we had wiretaps to hear what people said on the phone, then we had that encryption law that let us add ourselves to conversations held in apps.. this is just a natural extension of that, now we can actually see what they said right from their own brains.
Score: 21 Votes (Like | Disagree)
Avatar
13 months ago
"We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists.

How about you physically remove from your country those responsible for creating the terrorists?

That's the only kind of help I'm going to seek from any "security forces".
Score: 17 Votes (Like | Disagree)
Avatar
13 months ago
The British Government has lost the plot when it comes to data collection.

Under a new program, police are demanding that victims of sexual assault turn over the entirety of the data on their mobile phones, or else they will refuse to prosecute ('https://www.independent.co.uk/news/uk/crime/rape-victims-phones-police-investigation-disclosure-forms-cps-a8888376.html').

Governments can rationalise pretty much anything. It's up to the people to stand up and say: Enough!
Score: 15 Votes (Like | Disagree)
Avatar
13 months ago
GCHQ = Mini Apple Park
Score: 12 Votes (Like | Disagree)
Avatar
13 months ago
"We welcome this response to our request for thoughts on exceptional access to data -- for example to stop terrorists..."

I love this - cause the terrorists are going to be using the messaging apps that can monitored by the governments? Um, no. This is about the government being able to monitor the general citizenry's communications cause they want to.
Score: 12 Votes (Like | Disagree)

Top Stories

Apple Doubles the Price of RAM Upgrade on Entry-Level 13-Inch MacBook Pro

Saturday May 30, 2020 4:00 pm PDT by
Apple today doubled the price for upgrading the RAM on the entry-level 13-inch MacBook Pro, with customers in the United States now being charged $200 to move from 8GB to 16GB compared to the previous $100 upgrade price. Similar increases are seen in other countries, such as moving from €125 to €250 in Germany and from £100 to £200 in the United Kingdom. Current pricing on RAM upgrade for ...

Tim Cook Addresses George Floyd's Death and Ensuing Protests and Riots as Apple Temporarily Closes Some U.S. Stores

Sunday May 31, 2020 8:04 pm PDT by
Amid unrest in numerous U.S. cities following last week's killing of George Floyd by police in Minneapolis, Apple CEO Tim Cook has shared an internal memo with employees (via Bloomberg) addressing the pain that many are feeling and urging others to commit "to creating a better, more just world for everyone." Cook also announced that Apple is making donations to several groups challenging...

Apple's First MacBook Pro With a Retina Display Will Become 'Obsolete' in 30 Days

Monday June 1, 2020 7:50 am PDT by
If you are still hanging on to a Mid 2012 model of the 15-inch MacBook Pro with a Retina display, and require a new battery or other repairs, be sure to book an appointment with a service provider as soon as possible. In an internal memo today, obtained by MacRumors, Apple has indicated that this particular MacBook Pro model will be marked as "obsolete" worldwide on June 30, 2020, just over...

Top Stories: macOS 10.15.5, New Powerbeats Pro Colors, iPhone 12 and 13 Rumors, and More

Saturday May 30, 2020 6:00 am PDT by
This week saw an interesting mix of news and rumors on the Apple front, led by the release of macOS 10.15.5, which brings a new battery health feature to newer Mac notebooks, while we also saw the official announcement of new colors for the Powerbeats Pro earphones. On the rumor front, we heard a few tidbits about not just this year's iPhone 12 but also next year's iPhone, while we saw...

8 Mac Tips and Tricks You Might Not Know

Friday May 29, 2020 12:36 pm PDT by
There are tons of hidden features and shortcuts for Macs that Apple has built into macOS over the years, ranging from shortcuts to keyboard commands to other little hacks to make Mac usage just a bit simpler. In our latest YouTube video, we highlighted several of these tips and tricks, and some of them might just be new to you. Subscribe to the MacRumors YouTube channel for more videos. Tr...

6.1-inch 'iPhone 12' Production to Begin in July Ahead of Other 2020 Models

Monday June 1, 2020 2:36 am PDT by
Volume production of Apple's forthcoming 6.1-inch "iPhone 12" models will start in July-August ahead of the rest of the company's flagship iPhone lineup this year, according to a new report by DigiTimes. Apple is widely rumored to be launching four new ‌iPhone‌ models in the usual September or October timeframe, although supply constraints and delays in production ramp-up could cause a...

Apple Releases iOS and iPadOS 13.5.1 With Fixes for Recent 'unc0ver' Jailbreak Vulnerability

Monday June 1, 2020 9:58 am PDT by
Apple today released iOS and iPadOS 13.5.1, minor updates that come a little over a week after the release of iOS and iPadOS 13.5, major updates that brought the Exposure Notification API, FaceTime changes, mask-related unlocking updates and more. The iOS and iPadOS 13.5.1 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to Settings >...

Apple Introducing New Internal USB-C Diagnostic Tool

Sunday May 31, 2020 7:26 pm PDT by
Apple is introducing a new internal USB-C Diagnostic Tool as a successor to its existing Serial Number Reader, which can be used to both collect a device's serial number directly from its logic board and test power on a device itself. Image via Giulio Zompetti With only a Lightning version previously available, images have surfaced of a new USB-C Diagnostic Tool (UDT) that appears to be known ...

Powerbeats Pro Debut in Four New Colors: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue

Friday May 29, 2020 10:00 am PDT by
Following a couple of leaks in recent weeks, Beats today is officially announcing four new colors for its Powerbeats Pro wireless earphones: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue. The new earphones will go on sale June 9 and sell for the same $249.95 price as the existing color options. Aside from the colors, the new Powerbeats Pro models are otherwise identical to the...

Apple Releases macOS Catalina 10.15.5 Supplemental Update With Security Fix

Monday June 1, 2020 10:56 am PDT by
Apple today released a supplemental update for macOS Catalina 10.15.5, the fifth update to the macOS Catalina operating system that was released in October 2019. The supplemental update comes a week after the release of the macOS Catalina 10.15.5 update. ‌macOS Catalina‌ 10.15.5 is a free update that can be downloaded from the Mac App Store using the Update feature in the System...