Intelligence agencies in the UK try to find a way to bypass end-to-end encryption
Digital forensics specialists from the International Cyber Security Institute report that intelligence officers in the United Kingdom are proposing a “solution” to one of the main problems facing law enforcement agencies. Given the inability of police agencies to intercept communications through services such as WhatsApp, British government officials propose that law enforcement agencies participate in chats or calls as ‘silent users’.
A first background on this kind of policy was secretly discussed by US officials during Barack Obama government period, although this is the first time that a similar measure is publicly promoted by a government in any country.
Crispin Robinson and Ian Levy, officials of the GCHQ (one of the three intelligence agencies in the United Kingdom), included the proposal in an article published last week, detailing a number of principles designed to reduce the controversy surrounding access to digital evidence protected with encryption by several communications services providers.
Digital forensics experts point out that the controversy arose due to the increase of communication services with end-to-end encryption, present in messaging services such as WhatsApp or in Apple’s default privacy settings. The highest point of this debate came with a case presented by the FBI in trying to access the iPhone of an alleged terrorist; the device was blocked by Apple.
No resolution has yet been issued by any authority, but Levy and Robinson hope that their proposal will revive the debate about the authorities’ need to access encrypted information when needed.
“It would be relatively easy for communication service providers to add law enforcement agencies as ‘silent users’ during a phone call or in a WhatsApp chat group, for example,” says Levy, Director of the GCHQ National Cyber Security Center, in conjunction with Robinson, the agency cryptanalysis director. “The service provider controls the identity system, so it decides who’s who during the use of these services,” officials mention. “Actually, end-to-end encryption would still be present, just adding an additional ‘endpoint’. It’s the least intrusive solution possible.”
This solution already has detractors. “It’s a terrible idea” says Matthew Green, a digital forensics expert at Johns Hopkins University. “Services such as WhatsApp notify participants of a group chat when a new member is included; deleting this feature involves modifying the entire app code. Creating a loophole where it previously did not mean creating security vulnerabilities,” the expert mentions; “the app cannot lie to us about the identity of the users we exchange messages with”.
On the other hand, the digital forensics specialist Lorrie Cranor of Carnegie Mellon University believes that the measure “could be reasonable only if this access is presented in truly exceptional cases and keeps the guidance of a legal process”. The specialist added that “users should be aware that access to their encrypted communications is indeed possible”.