Photo by Ivandrei Pretorius from Pexels
Here We Go Again: GCHQ’s Ghost User Proposal to Circumvent Encryption
Remember how the FBI wanted Apple to put a backdoor in iOS to enable decryption of the contents of iPhones used by criminals or terrorists? (We touched on the topic regularly back in 2016.) Apple pushed back hard, and the FBI eventually figured out a different way to get into the iPhone 5c used by one of the San Bernardino shooters. But the FBI and other government law enforcement and intelligence agencies around the world remain unhappy about encrypted communications.
The latest major proposal for circumventing encryption comes from the UK’s GCHQ, which is equivalent to the US’s NSA. The GCHQ proposal doesn’t require a backdoor but instead would require service providers to secretly add an extra user—the government—to all encrypted conversations. This “ghost user” would thus have decrypted access to all otherwise encrypted conversations.
Our old friend Jon Callas, who is now a Senior Technology Fellow at the ACLU on top of a 30-year career of developing encrypted software, hardware, and services at companies like Apple, PGP Corporation, and Silent Circle, has penned a four-part series in which he discusses the fatal flaws of the GCHQ’s proposal. Among other criticisms, he points out that such a system faces likely insurmountable technical and deployment hurdles at its proposed scale, that countries with few or no safeguards for individual rights will demand access once it’s built, and that “canary apps” would always be able to detect (or even deceive) the ghost user.
Start the discussion in the TidBITS Discourse forum