Apple, Google, Microsoft and 44 other organizations and security experts have signed an open letter condemning a secret proposal to add police authorities to encrypted chats and calls.
The GCHQ proposal – the UK's corresponding NSA – seeks to provide an encryption solution that would violate the privacy and security of apps such as Messages, FaceTime, WhatsApp and Signal …
The proposed solution, aka & # 39; ghost suggestions & # 39;
So far, companies like Apple have been able to tell law enforcement that it has no way of giving them access to Messaging chats and FaceTime calls because the services use end-to-end encryption. This means that Apple does not know the encryption key and therefore cannot access the content.
But the UK Government Communications Headquarters (GCHQ) believes it has a smart solution. First revealed in February, it wants messaging companies to secretly add police authorities as invisible chats.
It is relatively easy for a service provider to silently set a law enforcement participant to a group chat or call. The service provider usually checks the identity system and then decides rightly who is who and which entities are involved – they are usually involved in introducing the parties to a chat or call …. In such a solution we usually talk about suppressing a review on a target's device … and possibly those with whom they communicate. "
In short, Apple – or any other company that allows individuals to chat – would be forced to allow the government to join these chats as a silent, invisible interception.
reasons, the plan is known as the "ghost proposal."
The open letter was sent on May 22 and published today, saying the ghost proposal has to be rejected for three reasons:
- It violates fundamental human rights  It creates new security risks
- It violates GCHQ's own set principles
As the letter puts it:
This proposal to add a "ghost" user would violate important human rights principles, as well as several of the principles that are described in the GCHQ paragraph Although GCHQ officials claim that "you should not even touch encryption" to implement their plan, the "ghost proposal" would pose serious threats. or cybersecurity and thereby also threaten basic human rights, including privacy and free expression. Especially as described below, the ghost proposal will create digital security risks by undermining authentication systems, by introducing potential unintentional vulnerabilities, and by creating new risks of abuse or abuse of systems. It is important that it also undermines the GCHQ principles of user trust and transparency set out in the paragraph.
The signatories say that iMessage, WhatsApp and Signal go to specific lengths to protect exactly this risk – third parties who can add themselves to a conversation.
For example, iMessage has a cluster of public keys – one per. device – as it connects with an account that corresponds to an identity of a real person. When a new device is added to the account, the keys are changed by keys, and each user's device displays a message that a new device has been added when it notices this change […][Another method is known as] a "security number" in Signal and a "security" code "in WhatsApp (we want to use the term" security number "). They are long strings of numbers derived from the two parties' public keys in the conversation, which can be compared between them – via another verifiable communication channel as a phone call – to Confirm that strict matches Because the security number is per pair of communicators – more precisely, per pair of keys – a change in value means that a key has changed, and that may mean that it is completely different. be notified when these security numbers change, to ensure that they can maintain this level of authentication, users can also check the security number before each new communication begins, thereby guaranteeing that no has been no change of keys and thus no interception.
That's why when you add a new Apple device, you get a warning about your existing devices.
The letter underlines the fundamental problem that any back door created for the good guys will inevitably carry the risk of being exploited by the evil ones. This, of course, is why Apple refused to create a weakened version of iOS for the FBI in the San Bernardino shooter.
The long letter condemning the secret secret to adding police authorities to encrypted chats is signed by tech giants, civil rights organizations and security experts. You can read this here.
Check out 9to5Mac on YouTube for more Apple news: