A GCHQ proposal that will allow eavesdropping on encrypted chat services has been condemned as a "serious threat" to digital security and human rights.
In an open letter signed by more than 50 companies, civil society organizations and security experts – including Apple, WhatsApp, Liberty and Privacy International – GCHQ were encouraged to leave the so-called "ghost protocol" and instead focus on "privacy protection" , cyber security, public trust and openness ".
The proposal was Ian Levy, Technical Director of the UK National Network Security Center, and Crispin Robinson, Crypt Analysis Technical Term at GCHQ, was in November 201
The couple presented a technique that would avoid breaking encryption instead, encrypted messaging requires – in fact – "cc" the encrypted message to a third receiver, at the same time as sending it directly. Levy and Robinson argued that the proposal was "no more intrusive than the virtual crocodile clips" used today in wiretaps of non-encrypted communications.
Contrary to the plan, the letter claims that "to achieve this result, their proposals require two changes to systems that will severely undermine the user's security and trust.
" First, it will require service providers to surreptitiously inject a new public key into a conversation in response to a government requirement. This would turn a two-way conversion into a group chat where the state is the additional participant, or add a secret ruling participant to an existing group chat.
"Second, to ensure that the government adds the call in secret, GCHQ's proposal would require messaging, service providers, and operating systems to change their software so that they would 1) change the encryption systems used, and / or 2) mislead users by suppressing the routines that are routinely displayed when a new communicator merges a chat. "
While GCHQ's proposal briefly stops calling for" backdoors "for encryption, which experts have inherently introduced, introduces security flaws that can be exploited by hackers , the opponents argue that it does almost as much damage by undermining confidence in security altogether.
"The overwhelming majority of users rely on their trust in reputable providers to perform authentication functions and verify that the couple's participants in a conversation are the people they believe they are and only the people. GCHQ's ghost suggestions undermine this trust and authentication process," the letter said. .
The answer said NCSCs Ian Levy: "We welcome this response to our request for thoughts of exceptional access to data – for example, stopping terrorists. The hypothetical proposal was always intended as a starting point for discussion.
"We will continue to engage with interested parties and look forward to having an open discussion to reach the best possible solutions."
Apple, one of the signatories to the letter, is no stranger to this argument. The company experienced a publicly announced standoff with the FBI in 2015 and 2016 over the company's refusal to break another form of encryption, protecting the contents of a locked iPhone. Finally, the FBI supported and found another way into the device without Apple's help.