Skip to main content

GCHQ’s not-so-smart idea to spy on encrypted messaging apps is branded ‘absolute madness’

Nobody wants to be a third wheel. Unless you’re a British spy.

Two of the most senior officials at British eavesdropping agency GCHQ say one way that law enforcement could access encrypted messages is to simply add themselves to your conversations.

“It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call,” said Ian Levy, technical director of the U.K.’s National Cyber Security Center, and Crispin Robinson, cryptanalysis director at GCHQ, in an op-ed for Lawfare.

“The service provider usually controls the identity system and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call,” they said. “You end up with everything still being end-to-end encrypted, but there’s an extra ‘end’ on this particular communication.”

Law enforcement and intelligence agencies have long wanted access to encrypted communications, but have faced strong opposition to breaking the encryption for fears that it would put everyone’s communications at risk, rather than the terror suspects or criminals that the police primarily want to target. In this case, two people using an end-to-end encrypted messaging app would be joined by a third, invisible person — the government — which could listen in at will.

This solution, Levy and Robinson say, would be “no more intrusive than the virtual crocodile clips” that lawmakers have already authorized police to use to wiretap communications.

Presumably that would require compelled assistance from the tech companies that built the encrypted messaging apps in the first place, like Apple, Facebook’s WhatsApp, Signal, Wire and Wickr. That poses not only an ethical problem for the companies, which developed their own end-to-end encrypted services so that even they can’t access people’s communications, but also a technical one, which would require the government to ask a court to compel the companies to rework their own technologies to allow government spies in.

It wouldn’t be the first time the government’s pushed for compelled assistance.

Only recently that the U.S. government lost its bid to force Facebook to re-architect its Messenger app to allow the government to listen in on suspected gang members. And not just the U.S. or the U.K.. Russia, the west’s favorite frenemy, forced Telegram, another encrypted messaging app, to turn over its private keys in an effort to allow its intelligence agencies to snoop in on possible kompromat.

Suffice to say, the U.K.’s plan has drawn strong criticism.

And NSA whistleblower Edward Snowden, an outspoken commentator and critic of global surveillance, branded the move “absolute madness.”

“No company-mediated identity could be trusted,” said Snowden, suggesting that the move would effectively render the trust in any end-to-end encrypted messaging app redundant.

Exactly what the U.K.’s solution looks like isn’t entirely clear, but Mustafa Al-Bassam, a PhD student at University College London, said that the ability for users to verify their keys — which proves the identity of a person in a conversation — in an end-to-end messaging app is “is going to be increasingly important” to prevent government manipulation.

WhatsApp and Signal, for example, tell you when a user’s key changes, indicating that a new device is in use — and requires verification — or that a device has been manipulated by a third-party and that the conversation isn’t secure.

“They’re proposing to exploit the fact that users don’t verify each other’s public keys, and inject bad keys,” said Al-Bassam.

ACLU asks court to release a secret order forcing Facebook to wiretap Messenger



from TechCrunch https://ift.tt/2TZzesY
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

The Silent Revolution of On-Device AI: Why the Cloud Is No Longer King

Introduction For years, artificial intelligence has meant one thing: the cloud. Whether you’re asking ChatGPT a question, editing a photo with AI tools, or getting recommendations on Netflix — those decisions happen on distant servers, not your device. But that’s changing. Thanks to major advances in silicon, model compression, and memory architecture, AI is quietly migrating from giant data centres to the palm of your hand. Your phone, your laptop, your smartwatch — all are becoming AI engines in their own right. It’s a shift that redefines not just how AI works, but who controls it, how private it is, and what it can do for you. This article explores the rise of on-device AI — how it works, why it matters, and why the cloud’s days as the centre of the AI universe might be numbered. What Is On-Device AI? On-device AI refers to machine learning models that run locally on your smartphone, tablet, laptop, or edge device — without needing constant access to the cloud. In practi...
1 comment
Read more

Apple’s AI Push: Everything We Know About Apple Intelligence So Far

Apple’s WWDC 2025 confirmed what many suspected: Apple is finally making a serious leap into artificial intelligence. Dubbed “Apple Intelligence,” the suite of AI-powered tools, enhancements, and integrations marks the company’s biggest software evolution in a decade. But unlike competitors racing to plug AI into everything, Apple is taking a slower, more deliberate approach — one rooted in privacy, on-device processing, and ecosystem synergy. If you’re wondering what Apple Intelligence actually is, how it works, and what it means for your iPhone, iPad, or Mac, you’re in the right place. This article breaks it all down.   What Is Apple Intelligence? Let’s get the terminology clear first. Apple Intelligence isn’t a product — it’s a platform. It’s not just a chatbot. It’s a system-wide integration of generative AI, machine learning, and personal context awareness, embedded across Apple’s OS platforms. Think of it as a foundational AI layer stitched into iOS 18, iPadOS 18, and m...
Post a Comment
Read more

RIP to FTX?

Image Credits: TechCrunch We had to talk about the news that rocked the crypto world this week in our  Thursday episode :  the Binance/FTX deal that never was . To begin, we gave you a rundown of WTF just happened with the beef between two of the largest crypto exchanges in the world and how Sam Bankman-Fried’s storied exchange  fell so far so fast , bringing down investors, cryptocurrencies and other companies in the space tumbling down with it. Welcome to  Chain Reaction , where we unpack and explain the latest in crypto news, drama and trends, breaking things down block by block for the crypto curious. You can listen to the episode below: Once we ran through the background behind the situation that’s been unfolding in real-time this week, we shared our thoughts on the massive implications this fiasco might have for the rest of the crypto industry, from  venture capitalists and startups  to  regulation across the globe . It’s a fascinating ...
Post a Comment
Read more