The GCHQ has a new idea to spy on encrypted messaging apps. Instead of breaking the encryption, it wants service providers to secretly add them to conversations.
Ian Levy, technical director for the U.K.’s National Cyber Security Center, along with Crispin Robinson, cryptanalysis director at GCHQ, wrote an op-ed in which they said:
It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call. You end up with everything still being end-to-end encrypted, but there’s an extra ‘end’ on this particular communication.
Of course, the plan is not without criticism. Edward Snowden for example took to Twitter, saying:
Absolute madness: the British government wants companies to poison their customers’ private conversations by secretly adding the government as a third party, meaning anyone on your friend list would become “your friend plus a spy.” No company-mediated identity could be trusted.
Mustafa Al-Bassam, a PhD student at University College London, said that the government is banking on the fact that many users don’t verify their public keys with each other. and this is a key way to avoid manipulation.