Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
Ghostly image of a mask

Photo by Ivandrei Pretorius from Pexels

No comments

Here We Go Again: GCHQ’s Ghost User Proposal to Circumvent Encryption

Remember how the FBI wanted Apple to put a backdoor in iOS to enable decryption of the contents of iPhones used by criminals or terrorists? (We touched on the topic regularly back in 2016.) Apple pushed back hard, and the FBI eventually figured out a different way to get into the iPhone 5c used by one of the San Bernardino shooters. But the FBI and other government law enforcement and intelligence agencies around the world remain unhappy about encrypted communications.

The latest major proposal for circumventing encryption comes from the UK’s GCHQ, which is equivalent to the US’s NSA. The GCHQ proposal doesn’t require a backdoor but instead would require service providers to secretly add an extra user—the government—to all encrypted conversations. This “ghost user” would thus have decrypted access to all otherwise encrypted conversations.

Our old friend Jon Callas, who is now a Senior Technology Fellow at the ACLU on top of a 30-year career of developing encrypted software, hardware, and services at companies like Apple, PGP Corporation, and Silent Circle, has penned a four-part series in which he discusses the fatal flaws of the GCHQ’s proposal. Among other criticisms, he points out that such a system faces likely insurmountable technical and deployment hurdles at its proposed scale, that countries with few or no safeguards for individual rights will demand access once it’s built, and that “canary apps” would always be able to detect (or even deceive) the ghost user.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Here We Go Again: GCHQ’s Ghost User Proposal to Circumvent Encryption

Start the discussion in the TidBITS Discourse forum