https://community.isc2.org/t5/Industry-News/UK-GCHQ-demand-for-backdoor-key-criticised-by-tech-giants-in/m-p/23063#M2908 <P>Aw, geee guys!</P><P>&nbsp;</P><P>Please search the interWebs for Santayana, Skipjack, and Clipper chip.</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 31 May 2019 21:35:55 GMT CraginS 2019-05-31T21:35:55Z https://community.isc2.org/t5/Industry-News/UK-GCHQ-demand-for-backdoor-key-criticised-by-tech-giants-in/m-p/23041#M2904 <P><A href="https://www.lawfareblog.com/open-letter-gchq-threats-posed-ghost-proposal" target="_blank" rel="noopener">In an open letter signed by 47 organisations</A>,&nbsp;including Google, Apple and Microsoft, UK GCHQ was urged to abandon its proposal, warning that it would pose a threat to digital security and also undermine trust in messaging services.</P><DIV>&nbsp;</DIV><P>The organisation is demanding a 'ghost' protocol be built-in to messaging services that would effectively enable it to eavesdrop on any encrypted communications.&nbsp;</P><P>"GCHQ's ghost protocol creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused," the signatories wrote in their letter.</P><P>GCHQ first published its proposal last November, demanding that the services add a 'ghost participant' into all encrypted chats. GCHQ's plan means that a copy of each encrypted message would be sent to intelligence agencies, without users ever knowing that a&nbsp;third party also&nbsp;has access to&nbsp;all of their messages.</P><P>In support of its proposal, GCHQ argued that the idea is no more intrusive than practices currently being used to listen-in on unencrypted telephone conversations, and that it would also eliminate the need to add a back door to encryption protocols.</P><P>The coalition's open letter, however, criticises GCHQ's proposal, pointing out that such a practice would not only undermine user trust, but would also inject complexity into the entire system, with the risk of adding new vulnerabilities that could potentially be exploited by cybercriminals.</P><P>The ghost protocol would also result in messaging services getting a mechanism to overhear users' communications — thus thwarting the privacy benefits provided by end-to-end encryption in messaging.</P> Mon, 09 Oct 2023 09:13:16 GMT https://community.isc2.org/t5/Industry-News/UK-GCHQ-demand-for-backdoor-key-criticised-by-tech-giants-in/m-p/23041#M2904 leroux 2023-10-09T09:13:16Z https://community.isc2.org/t5/Industry-News/UK-GCHQ-demand-for-backdoor-key-criticised-by-tech-giants-in/m-p/23063#M2908 <P>Aw, geee guys!</P><P>&nbsp;</P><P>Please search the interWebs for Santayana, Skipjack, and Clipper chip.</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 31 May 2019 21:35:55 GMT https://community.isc2.org/t5/Industry-News/UK-GCHQ-demand-for-backdoor-key-criticised-by-tech-giants-in/m-p/23063#M2908 CraginS 2019-05-31T21:35:55Z https://community.isc2.org/t5/Industry-News/UK-GCHQ-demand-for-backdoor-key-criticised-by-tech-giants-in/m-p/23066#M2910 <P>I refer you, once again, to the <A href="https://community.isc2.org/t5/Industry-News/Crypto-Wars-Again-and-again-and-again-and-again/td-p/14344" target="_blank" rel="noopener">crypto wars</A> (recidivus) ...</P><P>&nbsp;</P><P>(Yeah, <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/780103681">@CraginS</a>, I remember Skipjack, and the Clipper chip ...)</P><P>&nbsp;</P><P>"Ghost protocol."&nbsp; Sounds like it's spelled "backdoor" to me ...</P> Sat, 01 Jun 2019 01:03:59 GMT https://community.isc2.org/t5/Industry-News/UK-GCHQ-demand-for-backdoor-key-criticised-by-tech-giants-in/m-p/23066#M2910 rslade 2019-06-01T01:03:59Z