Apple and Other Tech Giants Condemn GCHQ Proposal to Eavesdrop on Encrypted Messages

Apple and other tech giants have joined civil society groups and security experts in condemning proposals from Britain's cybersecurity agency that would enable law enforcement to access end-to-end encrypted messages (via CNBC).

1280px GCHQ aerial

British Government's Communications HQ in Cheltenham, Gloucestershire

In an open letter to the U.K.'s GCHQ (Government Communications Headquarters), 47 signatories including Apple, Google and WhatsApp urged the U.K. eavesdropping agency to ditch plans for its so-called "ghost protocol," which would require encrypted messaging services to direct a message to a third recipient, at the same time as sending it to its intended user.

Ian Levy, the technical director of Britain's National Cyber Security Centre, and Crispin Robinson, GCHQ's head of cryptanalysis, published details of the proposal in November 2018. In the essay, Levy and Robinson claimed the system would enable law enforcement to access the content of encrypted messages without breaking the encryption.

The officials argued it would be "relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," and claimed this would be "no more intrusive than the virtual crocodile clips," which are currently used in wiretaps of non-encrypted chat and call apps.

Signatories of the letter opposing the plan argued that the proposal required two changes to existing communications systems that were a "serious threat" to digital security and fundamental human rights, and would undermine user trust.

"First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

"Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

"The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ's ghost proposal completely undermines this trust relationship and the authentication process."

Apple's strong stance against weakened device protections for the sake of law enforcement access was highlighted in the 2016 Apple vs. FBI conflict that saw Apple refuse to create a backdoor access solution to allow the FBI to crack the iPhone 5c owned by San Bernardino shooter Syed Farook.

Responding to the open letter, which was first sent to GCHQ on May 22, the National Cyber Security Centre's Ian Levy told CNBC: "We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion."

"We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," Levy said.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

gnasher729 Avatar
41 months ago
Two recent news reports: Criminals in the USA are using malware stolen from the NSA to hack into companies' computers, encrypt files, and ask for ransom money. Criminals in China are using malware most likely stolen from the Chinese governments to hack into companies' servers and install malware for bitcoin mining.

If the NSA cannot keep its malware from being stolen by criminals, and the Chinese government cannot keep its malware from being stolen by criminals, what are the chances that GCHQ can read encrypted messages, without that ability getting stolen by criminals? Zero.
Score: 33 Votes (Like | Disagree)
Quu Avatar
41 months ago
This is a better approach than forcing a backdoor. It's not the right solution yet but with tweaks (e.g., no changes to encryption, only done after a warrant) it could work. This is essentially wiretapping.
What you've just said is essentially acceptance of the status quo because wiretapping has been done in the past why not apply it to technology of today.

When instead we should be asking ourselves, should wiretapping be allowed at all? - Now that we have the technical means to withstand that kind of attack on our communications should we allow it to continue?

I think not. Also we need to keep mind of the slippery slope that is occuring. You cannot compel someone to give up a password to their device but they can force you to look at your FaceID or place your finger on a TouchID fingerprint reader.

What happens in 50 years from now when we get the ability to access people's memories directly from their brains using some kind of special sensor placed on the skull? - Well we had wiretaps to hear what people said on the phone, then we had that encryption law that let us add ourselves to conversations held in apps.. this is just a natural extension of that, now we can actually see what they said right from their own brains.
Score: 21 Votes (Like | Disagree)
DVD9 Avatar
41 months ago
"We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists.

How about you physically remove from your country those responsible for creating the terrorists?

That's the only kind of help I'm going to seek from any "security forces".
Score: 17 Votes (Like | Disagree)
vrDrew Avatar
41 months ago
The British Government has lost the plot when it comes to data collection.

Under a new program, police are demanding that victims of sexual assault turn over the entirety of the data on their mobile phones, or else they will refuse to prosecute ('https://www.independent.co.uk/news/uk/crime/rape-victims-phones-police-investigation-disclosure-forms-cps-a8888376.html').

Governments can rationalise pretty much anything. It's up to the people to stand up and say: Enough!
Score: 15 Votes (Like | Disagree)
GaryMumford Avatar
41 months ago
GCHQ = Mini Apple Park
Score: 12 Votes (Like | Disagree)
Sasparilla Avatar
41 months ago
"We welcome this response to our request for thoughts on exceptional access to data -- for example to stop terrorists..."

I love this - cause the terrorists are going to be using the messaging apps that can monitored by the governments? Um, no. This is about the government being able to monitor the general citizenry's communications cause they want to.
Score: 12 Votes (Like | Disagree)

Popular Stories

top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
13 inch macbook pro m2 mock feature 2

M2 MacBook Pro Much Slower Than Previous Model

Friday July 1, 2022 2:24 am PDT by
Apple's new 13-inch MacBook Pro with the M2 chip features a significantly slower SSD compared to the previous model, resulting in poorer performance in some workflows, it has been discovered. Specifically, it has been found that the $1,299 base model with 256GB of storage has significantly slower SSD read and write speeds compared to the equivalent previous-generation 13-inch MacBook Pro....