WE’VE REACHED A bit of an impasse when it comes to encrypted messaging and the security conundrum it presents.
Short-termist politicians argue that if they can’t see everyone’s private messages, then how will law enforcement be able to track terrorists and child abusers from the comfort of their own desks? Civil liberties campaigners point out that everyone is entitled to privacy, and this would be the thin end of the wedge. Those with the technical knowledge point out that even disregarding that, there’s a severe problem: there’s no such thing as a back door that only the good guys can use. If you break encryption for the government, you break it for everyone.
So that’s where we are. The conversation had kind of stalled since David Cameron promised a crackdown, and Amber Rudd caused a spike in eye-roll related injuries when she argued that she didn’t need to understand encryption to push through Home Office reforms.
While all parliamentary discourse is consumed with Brexit, GCHQ has boldly stepped up with a solution of its own. The recommendation, written by GCHQ’s Ian Levy and Crispin Robinson is known as “the ghost proposal” – which sounds like a spooky Mills & Boon romance but is actually significantly worse.
The long and short of it is: why can’t WhatsApp, Telegram, Facebook Messenger and the like just add government spies to people’s group chats? As the report notes, this adds wiretapping abilities and “you don’t even have to touch the encryption.”
On one level, you have to admire the simplicity of the plan: it doesn’t break encryption, as they say. On the other hand, that’s kind of a semantic point. Celebrating maintaining encryption because you’ve created another security weakness elsewhere is at best a short-lived party.
And of course, it rides roughshod over that whole quaint ‘right to privacy’ belief that some people adorably hold onto. To be clear, GCHQ agents wouldn’t be added to the group with loud fanfare, a shower of GIFs and a funny avatar with shades and a fake moustache – they would be added silently and would stay quiet, gradually getting a feel for your in-jokes and your over-reliance on the aubergine emoji.
Understandably, the American Civil Liberties Union is unimpressed. “If companies like Apple are compelled to enable governments to participate silently in private conversations, that tool won’t be available only to democratic governments — it will be employed by the world’s worst human rights abusers to target journalists, activists, and others,” the group wrote.
“Any future discovery of a software flaw that enables eavesdropping, false identities, message tampering, or any other compromise of communications security should be treated the same way as this latest weakness: with serious emergency mitigations, followed as soon as possible by a software update that removes the flaw. And governments certainly shouldn’t consider adding such vulnerabilities on purpose.”
They shouldn’t. But it’s pretty clear they do all the damned time. µ
Source : Inquirer