Apple condemns British spy agency group's proposal to evade message encryption
Apple, Google, Microsoft and WhatsApp have co-signed an open letter urging the UK government to abandon what's being called a "ghost protocol" to allow intelligence services to read encrypted messages.
Apple has joined with Google, Microsoft, WhatsApp and other technology firms in an open and co-signed letter protesting against the UK government's proposal to require the right to eavesdrop on encrypted messages. GCHQ (Government Communications Headquarters) had proposed that services should automatically and secretly copy all messages from every user to law enforcement.
GCHQ's Ian Levy and Crispin Robinson proposed this system in a paper in November 2018 that laid out principles for how "service providers" could implement it. "It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," they wrote. "You end up with everything still being end-to-end encrypted, but there's an extra 'end' on this particular communication."
The paper's authors insist this was not the same as granting backdoor access to communications.
"This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorize today in traditional voice intercept solutions," they said, "and certainly doesn't give any government power that they shouldn't have."
Start of the open letter co-signed by Apple
The open letter, originally sent to GCHQ on May 22, describes this approach as adding a "ghost" to every message and decries what it calls this "ghost protocol," saying it would introduce "significant additional security threats."
"The GCHQ's ghost proposal creates serious threats to digital security," says the letter's writers. "Users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression."
While not requiring a backdoor that allowed law enforcement access to messages after they were sent, the proposal would make companies such as Apple alter how iOS handles messaging.
"There is no way to prevent other governments from relying on this newly built system," it says. "This is of particular concern with regard to oppressive regimes and any country with a poor record on protecting human rights."
The open letter asks that GCHQ abandon this "ghost protocol."
GCHQ has responded to the letter.
"We welcome this response to our request for thoughts on exceptional access to data -- for example, to stop terrorists," said author Ian Levy in an email to CNBC. "The hypothetical proposal was always intended as a starting point for discussion."
"We will continue to engage with interested parties," he continued, "and look forward to having an open discussion to reach the best solutions possible."
Apple has joined with Google, Microsoft, WhatsApp and other technology firms in an open and co-signed letter protesting against the UK government's proposal to require the right to eavesdrop on encrypted messages. GCHQ (Government Communications Headquarters) had proposed that services should automatically and secretly copy all messages from every user to law enforcement.
GCHQ's Ian Levy and Crispin Robinson proposed this system in a paper in November 2018 that laid out principles for how "service providers" could implement it. "It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," they wrote. "You end up with everything still being end-to-end encrypted, but there's an extra 'end' on this particular communication."
The paper's authors insist this was not the same as granting backdoor access to communications.
"This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorize today in traditional voice intercept solutions," they said, "and certainly doesn't give any government power that they shouldn't have."
Start of the open letter co-signed by Apple
The open letter, originally sent to GCHQ on May 22, describes this approach as adding a "ghost" to every message and decries what it calls this "ghost protocol," saying it would introduce "significant additional security threats."
"The GCHQ's ghost proposal creates serious threats to digital security," says the letter's writers. "Users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression."
While not requiring a backdoor that allowed law enforcement access to messages after they were sent, the proposal would make companies such as Apple alter how iOS handles messaging.
The nine-page, 3,000-word letter concludes by pointing out that if the UK is allowed to require this, other countries will follow."GCHQ's proposals would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat."
"There is no way to prevent other governments from relying on this newly built system," it says. "This is of particular concern with regard to oppressive regimes and any country with a poor record on protecting human rights."
The open letter asks that GCHQ abandon this "ghost protocol."
GCHQ has responded to the letter.
"We welcome this response to our request for thoughts on exceptional access to data -- for example, to stop terrorists," said author Ian Levy in an email to CNBC. "The hypothetical proposal was always intended as a starting point for discussion."
"We will continue to engage with interested parties," he continued, "and look forward to having an open discussion to reach the best solutions possible."
Comments
My bolding.
I trust they've got some serious data storage capability!
In fact I'm wondering if this is already in play in a couple of other countries. It would explain how Apple iMessage has escaped the same fate of the other encrypted messaging services who have refused to cow-tow in China and Russia. At least in China it is no longer Apple iCloud nor an Apple-controlled service, rebadged as GCBD iCloud and run by the Chinese. Simply inserting themselves as an additional recipient of still-encrypted iMessages would be the so-simple fix. Russia may bve in the process of doing something similar.
Man, who pays you to drop such copious amounts of FUD pellets on everything Apple? What do you get out suggesting such nonsense?
BUT If they do as they did in China and turn it all over to a Russian agency to operate, no longer even branded as an Apple service, then of course it would not be Apple making the choices. Clean hands.
https://www.google.com/amp/s/www.theverge.com/platform/amp/2018/7/18/17587304/apple-icloud-china-user-data-state-run-telecom-privacy-security
https://support.apple.com/en-us/HT208351
"iCloud services in China mainland are now operated by Chinese internet services company Guizhou on the Cloud Big Data Industrial Development Co., Ltd., (GCBD). This allows us to continue to improve iCloud services in China mainland and comply with Chinese regulations.
iCloud services and all the data you store with iCloud, including photos, videos, documents, and backups, will be subject to the new terms and conditions of iCloud operated by GCBD."
So no followup comment after reading my link, and directly from the horse's mouth, Apple themselves?
So, Apple does no longer provide iCloud services in China as we know it. All its role seems to be reduced to providing OS support to the Chinese iCloud on its devices. You still need to explain how you correlate that business model change with suggested British evasive maneuver over encryption...