The GCHQ has a new idea to spy on encrypted messaging apps. Instead of breaking the encryption, it wants service providers to secretly add them to conversations.
[ACLU Asks Court to Reveal Details About Breaking Encryption]
GCHQ Messaging
Ian Levy, technical director for the U.K.’s National Cyber Security Center, along with Crispin Robinson, cryptanalysis director at GCHQ, wrote an op-ed in which they said:
It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call. You end up with everything still being end-to-end encrypted, but there’s an extra ‘end’ on this particular communication.
Of course, the plan is not without criticism. Edward Snowden for example took to Twitter, saying:
Absolute madness: the British government wants companies to poison their customers’ private conversations by secretly adding the government as a third party, meaning anyone on your friend list would become “your friend plus a spy.” No company-mediated identity could be trusted.
Mustafa Al-Bassam, a PhD student at University College London, said that the government is banking on the fact that many users don’t verify their public keys with each other. and this is a key way to avoid manipulation.