Photo by Ivandrei Pretorius of Pexel
Do you remember how the FBI wanted Apple to put a back door in iOS to allow decryption of the contents of iPhones used by criminals or terrorists? (We regularly touched on the issue back in 2016.) Apple pushed back hard, and the FBI eventually found another way to get into the iPhone 5c used by one of the San Bernardino shooters. But the FBI and other law enforcement and intelligence agencies around the world remain unhappy with encrypted communications.
The last major proposal to bypass encryption comes from the UK's GCHQ, which corresponds to the United States NSA. The GCHQ proposal does not require a backdoor, but instead requires that service providers secretly add an additional user ̵
Our old friend Jon Callas, now the Senior Technology Fellow at ACLU at the top of a 30-year career in developing encrypted software, hardware, and services at companies such as Apple, PGP Corporation and Silent Circle, has written a quarter series in which he discusses the fatal flaws in GCHQ's proposal. Among other criticisms, he points out that such a system faces presumably insurmountable technical and distribution barriers on the proposed scale, that countries with few or no individual rights guarantees will require access when built, and that "canary apps" will always be able to discover (or even fool) the ghost user.