New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages

Apple and other tech giants have joined civil society groups and security experts in condemning proposals from Britain's cybersecurity agency that would enable law enforcement to access end-to-end encrypted messages (via CNBC).

British Government's Communications HQ in Cheltenham, Gloucestershire

In an open letter to the U.K.'s GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp urged the U.K. eavesdropping agency to ditch plans for its so-called "ghost protocol," which would require encrypted messaging services to direct a message to a third recipient, at the same time as sending it to its intended user.

Ian Levy, the technical director of Britain's National Cyber Security Centre, and Crispin Robinson, GCHQ's head of cryptanalysis, published details of the proposal in November 2018. In the essay, Levy and Robinson claimed the system would enable law enforcement to access the content of encrypted messages without breaking the encryption.

The officials argued it would be "relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," and claimed this would be "no more intrusive than the virtual crocodile clips," which are currently used in wiretaps of non-encrypted chat and call apps.

Signatories of the letter opposing the plan argued that the proposal required two changes to existing communications systems that were a "serious threat" to digital security and fundamental human rights, and would undermine user trust.
"First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

"Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

"The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ's ghost proposal completely undermines this trust relationship and the authentication process."
Apple's strong stance against weakened device protections for the sake of law enforcement access was highlighted in the 2016 Apple vs. FBI conflict that saw Apple refuse to create a backdoor access solution to allow the FBI to crack the iPhone 5c owned by San Bernardino shooter Syed Farook.

Responding to the open letter, which was first sent to GCHQ on May 22, the National Cyber Security Centre's Ian Levy told CNBC: "We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion."

"We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," Levy said.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.



Top Rated Comments

(View all)

7 weeks ago
Two recent news reports: Criminals in the USA are using malware stolen from the NSA to hack into companies' computers, encrypt files, and ask for ransom money. Criminals in China are using malware most likely stolen from the Chinese governments to hack into companies' servers and install malware for bitcoin mining.

If the NSA cannot keep its malware from being stolen by criminals, and the Chinese government cannot keep its malware from being stolen by criminals, what are the chances that GCHQ can read encrypted messages, without that ability getting stolen by criminals? Zero.
Rating: 33 Votes
7 weeks ago

This is a better approach than forcing a backdoor. It's not the right solution yet but with tweaks (e.g., no changes to encryption, only done after a warrant) it could work. This is essentially wiretapping.


What you've just said is essentially acceptance of the status quo because wiretapping has been done in the past why not apply it to technology of today.

When instead we should be asking ourselves, should wiretapping be allowed at all? - Now that we have the technical means to withstand that kind of attack on our communications should we allow it to continue?

I think not. Also we need to keep mind of the slippery slope that is occuring. You cannot compel someone to give up a password to their device but they can force you to look at your FaceID or place your finger on a TouchID fingerprint reader.

What happens in 50 years from now when we get the ability to access people's memories directly from their brains using some kind of special sensor placed on the skull? - Well we had wiretaps to hear what people said on the phone, then we had that encryption law that let us add ourselves to conversations held in apps.. this is just a natural extension of that, now we can actually see what they said right from their own brains.
Rating: 21 Votes
7 weeks ago
"We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists.

How about you physically remove from your country those responsible for creating the terrorists?

That's the only kind of help I'm going to seek from any "security forces".
Rating: 17 Votes
7 weeks ago
The British Government has lost the plot when it comes to data collection.

Under a new program, police are demanding that victims of sexual assault turn over the entirety of the data on their mobile phones, or else they will refuse to prosecute ('https://www.independent.co.uk/news/uk/crime/rape-victims-phones-police-investigation-disclosure-forms-cps-a8888376.html').

Governments can rationalise pretty much anything. It's up to the people to stand up and say: Enough!
Rating: 15 Votes
7 weeks ago
"We welcome this response to our request for thoughts on exceptional access to data -- for example to stop terrorists..."

I love this - cause the terrorists are going to be using the messaging apps that can monitored by the governments? Um, no. This is about the government being able to monitor the general citizenry's communications cause they want to.
Rating: 12 Votes
7 weeks ago
GCHQ = Mini Apple Park
Rating: 12 Votes
7 weeks ago
Secret service‘s wet dreams...

Glad we have so much encryption and privacy these days, we don’t need governments spying on its citizens.
Rating: 11 Votes
7 weeks ago

Ahh Britain again at the forefront of bad ideas.

A few Brits tried to warn us — George Orwell predicted the rise of the surveillance state long ago.
Rating: 10 Votes
7 weeks ago
Yeah, let's collect all private keys for all encrypted messages and store them under one roof and hope no one breaks their encryption to steal them all, because that's worked in the past.
Rating: 9 Votes
7 weeks ago

The UK has more video surveillance in London alone than the whole of the UdSSR had in the entire country. The UK is a big brother state.


Let's say, for example only, that London was being run by elected religious fanatics. You really want the religious fanatics to be able to read every single message you exchange with anybody even close family and see every place you visit?

You really want criminals, which we now know can get access to everything the government has access to, to read every single message you exchange with anybody even close family and see every place you visit?

People need to wake up and see surveillance as the single greatest danger modern society faces.
Rating: 8 Votes

[ Read All Comments ]