Apple condemns British spy agency group's proposal to evade message encryption
Apple, Google, Microsoft and WhatsApp have co-signed an open letter urging the UK government to abandon what's being called a "ghost protocol" to allow intelligence services to read encrypted messages.
Apple has joined with Google, Microsoft, WhatsApp and other technology firms in an open and co-signed letter protesting against the UK government's proposal to require the right to eavesdrop on encrypted messages. GCHQ (Government Communications Headquarters) had proposed that services should automatically and secretly copy all messages from every user to law enforcement.
GCHQ's Ian Levy and Crispin Robinson proposed this system in a paper in November 2018 that laid out principles for how "service providers" could implement it. "It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," they wrote. "You end up with everything still being end-to-end encrypted, but there's an extra 'end' on this particular communication."
The paper's authors insist this was not the same as granting backdoor access to communications.
"This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorize today in traditional voice intercept solutions," they said, "and certainly doesn't give any government power that they shouldn't have."
The open letter, originally sent to GCHQ on May 22, describes this approach as adding a "ghost" to every message and decries what it calls this "ghost protocol," saying it would introduce "significant additional security threats."
"The GCHQ's ghost proposal creates serious threats to digital security," says the letter's writers. "Users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression."
While not requiring a backdoor that allowed law enforcement access to messages after they were sent, the proposal would make companies such as Apple alter how iOS handles messaging.
"GCHQ's proposals would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat."
The nine-page, 3,000-word letter concludes by pointing out that if the UK is allowed to require this, other countries will follow.
"There is no way to prevent other governments from relying on this newly built system," it says. "This is of particular concern with regard to oppressive regimes and any country with a poor record on protecting human rights."
The open letter asks that GCHQ abandon this "ghost protocol."
GCHQ has responded to the letter.
"We welcome this response to our request for thoughts on exceptional access to data — for example, to stop terrorists," said author Ian Levy in an email to CNBC. "The hypothetical proposal was always intended as a starting point for discussion."
"We will continue to engage with interested parties," he continued, "and look forward to having an open discussion to reach the best solutions possible."