June 13, 2019
The purpose of encryption is to keep organizations and individual’s data secure, private and confidential. All over the world, Governments and law enforcements agencies can be frustrated by the technology, but can backdoors into encryption ever work?
An open letter signed by 47 signatories, including organizations like Apple, Microsoft and Google, has said a proposed idea by GCHQ, the UK intelligence agency, would undermine the purpose of encryption.
GCHQ back in November of last year opened up the idea of ghost encryption. Essentially, it suggested that a third party, i.e. the government could be included in encrypted messaging services. It would allow intelligent services to receive a plaintext copy of every encrypted message by being a silent and anonymous third party. It would be like every conversation was a group chat, with a silent member.
In the open letter, organizations, security experts and civil right groups outline how such an approach would “undermining authentication systems”. It would introduce potential unintentional vulnerabilities and create new risks of abuse or misuse of systems.
To quote fully from the open letter:
“The ‘ghost key’ proposal put forward by GCHQ would enable a third party to see the plain text of an encrypted conversation without notifying the participants. But to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust. First, it would require service providers to surreptitiously inject a new public key into a conversation…”
“Second, in order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software so that it would change the encryption schemes used, and/or mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.”
The letter goes on to warn about the dangers of opening up such backdoors to governments, especially those with poor human rights records.
Ian Levy, from GCHQ and behind the original proposal, said:
“We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion.”
Here at Global Data Sentinel, encryption makes up a major part of our security solution for organizations. We offer centrally-managed cyber defense solutions designed to maintain data security, integrity, and confidentiality. GDS provide solutions such as hybrid cloud security, secure collaboration, email encryption, data backup and recovery, data encryption, key encryption, identity management, and audit data and reporting.
Find out more about the Global Data Sentinel approach to encryption.