This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/uk-news/2019/may/30/apple-and-whatsapp-condemn-gchq-plans-to-eavesdrop-on-encrypted-chats
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
| Version 0 | Version 1 |
|---|---|
| Apple and WhatsApp condemn GCHQ plans to eavesdrop on encrypted chats | Apple and WhatsApp condemn GCHQ plans to eavesdrop on encrypted chats |
| (about 5 hours later) | |
| A GCHQ proposal that would enable eavesdropping on encrypted chat services has been condemned as a “serious threat” to digital security and human rights. | A GCHQ proposal that would enable eavesdropping on encrypted chat services has been condemned as a “serious threat” to digital security and human rights. |
| In an open letter signed by more than 50 companies, civil society organisations and security experts – including Apple, WhatsApp, Liberty and Privacy International – GCHQ was called on to abandon its so-called “ghost protocol”, and instead focus on “protecting privacy rights, cybersecurity, public confidence, and transparency”. | In an open letter signed by more than 50 companies, civil society organisations and security experts – including Apple, WhatsApp, Liberty and Privacy International – GCHQ was called on to abandon its so-called “ghost protocol”, and instead focus on “protecting privacy rights, cybersecurity, public confidence, and transparency”. |
| The proposal was first mooted by two senior intelligence officials, Ian Levy, the technical director of the UK’s national cyber security centre, and Crispin Robinson, head of cryptanalysis (the technical term for codebreaking) at GCHQ, in November 2018. | The proposal was first mooted by two senior intelligence officials, Ian Levy, the technical director of the UK’s national cyber security centre, and Crispin Robinson, head of cryptanalysis (the technical term for codebreaking) at GCHQ, in November 2018. |
| Inside the FBI's encryption battle with Apple | Inside the FBI's encryption battle with Apple |
| The pair put forward a technique that would avoid breaking encryption, instead requiring encrypted messaging services to – in effect – “cc” the encrypted message to a third recipient, at the same time as sending it directly. Levy and Robinson argued that the proposal was “no more intrusive than the virtual crocodile clips” which are used today in wiretaps of non-encrypted communications. | |
| Opposing the plan, the letter argues that “to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust. | Opposing the plan, the letter argues that “to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust. |
| “First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat. | “First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat. |
| “Second, in order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.” | “Second, in order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.” |
| While GCHQ’s proposal stops short of calling for “back doors” to encryption, which experts have argued inherently introduce security flaws that can be exploited by hackers, its opponents argue that it does almost as much damage by undermining trust in security altogether. | While GCHQ’s proposal stops short of calling for “back doors” to encryption, which experts have argued inherently introduce security flaws that can be exploited by hackers, its opponents argue that it does almost as much damage by undermining trust in security altogether. |
| “The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process,” the letter argues. | “The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process,” the letter argues. |
| Replying, the NCSC’s Ian Levy said: “We welcome this response to our request for thoughts on exceptional access to data - for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion. | |
| “We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.” | |
| Apple, one of the signatories to the letter, is no stranger to this argument. The company endured a widely publicised standoff with the FBI in 2015 and 2016 over the company’s refusal to breach a different sort of encryption, that which protects the contents of a locked iPhone. Eventually, the FBI backed down, finding another way into the device without Apple’s help. | Apple, one of the signatories to the letter, is no stranger to this argument. The company endured a widely publicised standoff with the FBI in 2015 and 2016 over the company’s refusal to breach a different sort of encryption, that which protects the contents of a locked iPhone. Eventually, the FBI backed down, finding another way into the device without Apple’s help. |
| GCHQ | GCHQ |
| Encryption | Encryption |
| UK security and counter-terrorism | UK security and counter-terrorism |
| Privacy | Privacy |
| Data protection | Data protection |
| Apple | Apple |
| news | news |
| Share on Facebook | Share on Facebook |
| Share on Twitter | Share on Twitter |
| Share via Email | Share via Email |
| Share on LinkedIn | Share on LinkedIn |
| Share on Pinterest | Share on Pinterest |
| Share on WhatsApp | Share on WhatsApp |
| Share on Messenger | Share on Messenger |
| Reuse this content | Reuse this content |
Previous version
1
Next version