Apple and WhatsApp fight proposal to let spies tap encrypted comms
Apple, Google, Microsoft, and WhatsApp have opposed a proposal by UK spy agency GCHQ to give spies access to end-to-end encrypted communications.
Rather than add a backdoor or undermine encryption itself, technical whizzes from GCHQ and its cybersecurity unit, the National Cyber Security Centre (NCSC), suggested that service provides like Apple, Google, and Facebook could “silently add a law enforcement participant to a group chat or call”. The proposed solution would be no more intrusive than the crocodile clip-style telephone interception used in the last century, the techies contended.
The idea would allow a company like Apple to add a “ghost” user, a law enforcement agent, to a chat. Encryption would remain intact, but a chat or messaging group would be compromised by the addition of a ghost user.
Despite the lack of a backdoor, the signatories think such a power could be harmful to users because it would break authentication systems and damage trust in mainstream identity systems.
“The ghost proposal would create digital security risks by undermining authentication systems, by introducing potential unintentional vulnerabilities, and by creating new risks of abuse or misuse of systems,” reads an open letter signed by more than 50 companies, civil rights organisations and security experts – including Apple, Google, Microsoft, and WhatsApp.
The ghost proposal was floated by NCSC technical director, Ian Levy, and GCHQ technical director for cryptanalysis, Crispin Robinson. The pair put it out there to kick off a discussion about a possible answer to the seemingly unresolvable conflict between lawful intercept on traditional phone lines and encrypted messaging apps on smartphones.
The open letter aims to explain the pitfalls of the ghost proposal to public-private key based encryption if it were to be put into practice.
“The ‘ghost key’ proposal put forward by GCHQ would enable a third party to see the plain text of an encrypted conversation without notifying the participants. But to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust,” the letter reads.
“First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.
“Second, in order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software.”
In turn this would “change the encryption schemes used, and could “mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.”
The letter also draws attention to the damage it could inflict on authentication processes that users rely on to ensure they’re communicating with the intended person.
“Currently the overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process.”
The group warns that the ghost function would undermine the ability for service providers to prevent their own staff from viewing the content of messages.
“By requiring an exceptional access mechanism like the ghost proposal, GCHQ and UK law enforcement officials would require messaging platforms to open the door to surveillance abuses that are not possible today.”
In response to the letter, the NCSC’s Levy said: “We welcome this response to our request for thoughts on exceptional access to data – for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion.
“It is pleasing to see support for the six principles and we welcome feedback on their practical application.
“We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.”