back to article GCHQ pushes for 'virtual crocodile clips' on chat apps – the ability to silently slip into private encrypted comms

Britain's surveillance nerve-center GCHQ is trying a different tack in its effort to introduce backdoors into encrypted apps: reasonableness. In an essay by the technical director of the spy agency's National Cyber Security Centre, Ian Levy, and technical director for cryptanalysis at GCHQ, Crispin Robinson, the authors go out …

  1. Michael Jarve

    Quid pro quo, Clarice...

    If the government wants back doors for intercepting private communications, which they have in the past, without warrant, authorization, and against the law, they can offer something else, aside from “security” in return- uncompromising transparency. If someone has even a remotely legitimate reason to ask why they spied on so-and-so without warrant or authorization, they must provide a timely, well reasoned, and above all legitimate response or face the same dire consequences as their victims. Further, there must be sanctions for violating this principle, with real teeth- think multi- million dollar fines to the government, just as they would give The Face Book, Google, etc all. Ben Franklin, one of the founding fathers of my country famously said “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” This is as right today as it was then. The Brits may hold different views. Just remember that “....temporary safety...” more often becomes permanent in a nanny state.

  2. TheOldFellow

    Re: Quid pro quo, Clarice...

    Most Brits agree with you. It's just the rulers who don't. I am not talking about the elected misgovernment, but the deep perpetual misgovernment that lives in the Civil Service and the Old-Boys networks.

    We never had 'essential Liberty' to give up, it was never granted when the Crown passed it's open self-interest to the hidden deep-state.

  3. DJO Silver badge

    Re: Quid pro quo, Clarice...

    Further, there must be sanctions for violating this principle, with real teeth- think multi- million dollar fines to the government, just as they would give The Face Book, Google, etc all.

    So you want to penalise the tax payers?

    Fining the government has zero effect as the money just comes from the exchequer, no, if you want sanctions then disbarment from public office, personal fines to (then ex) ministers, confiscation of property, tar & feathers might be a bit too far but the principle of pubic humiliation as punishment for crimes against the people they are supposed to serve is correct.

  4. AndyS

    Re: Quid pro quo, Clarice...

    > ... the hidden deep-state

    OK, I was following you up to that point, but then... What is this, an Alt-Right US rag? Let me guess, Hillary runs this deep-state from a pizza parlour?

    Conspiracy theories don't do anyone any good. Adopting the same language as the nuts across the pond will do you no favours, any more than shouting "AM I BEING DETAINED" will get the police to take your civil liberties seriously.

  5. Voyna i Mor Silver badge

    Re: Quid pro quo, Clarice...

    "OK, I was following you up to that point, but then... What is this, an Alt-Right US rag?"

    It is difficult, because there really is a hidden British state. The security services have kept files on Labour Prime Ministers. Secret policemen really have infiltrated harmless pressure groups in order to make them more extreme. Senior civil servants really do come from an extremely narrow range of backgrounds and, mostly, schools. The public school system really does discourage social mobility. It isn't left or right but fundamentally authoritarianism versus liberalism, with the system, including GCHQ, very definitely on the side of authoritarianism. Brexit makes it easier because then nobody is poking around asking awkward questions.

    Hillary Clinton really is part of the authoritarian wing of the US Democratic Party.

    The difficulty, given the sheer stupidity and lack of critical thinking of the average person, is how to create a better system.

  6. jmch Silver badge

    Re: Quid pro quo, Clarice...

    As mentioned in the article, it's a question of trust. GCHQ etc have broken their trust and if they want to rebuild it, more than empty words are required.

    In principle I am not against law enforcement having access to the communications of nasty people. BUT they need a warrant that is targeted at a specific person or small group of people, and limited in scope (what they are looking for) and time (limited to a few months and needs to go through full process to reauthorise). Also, to guarantee that the powers are not being abused, the intercept HAS to be done through the 3rd-party service provider (eg Whatsapp) not directly by GCHQ etc, and these providers need to be paid by law enforcement to provide their services, AND most importantly be allowed, nay, required, to publish frequently and in detail how many intercepts they are being asked to make. Plus any other safeguards as may seem necessary including truly independent external oversight and heavy penalties (including jail time) for abusers.

    Now, law enforcement might look at that list and say... but that's really restrictive... to which we reply THAT'S THE BLOODY POINT!!!

  7. Velv Silver badge

    Re: Quid pro quo, Clarice...

    think multi- million dollar fines to the government

    Given the governments money is actually the people’s money this is a very bad solution. It needs to be jail time for the Directos and Managers (VPs) of the organisations involved.

  8. Michael Jarve

    Re: Quid pro quo, Clarice...

    In the US, at least, it would be a good option. If people were aware of their tax dollars being wasted in such a manner, they would vote the fools who support such a scheme (as proposed) out of office. Congress critters are, in their own way more vain than even the worst instagrammer, constantly trying to appease their supporters, and keeping an eye and a half on the polls (unless they’re going to retire, or run for another office). Look at how many times members of both parties flip-flop position on things based on popular sentiment in their district. “Not my tax dollars!” would certainly be the popular sentiment among conservatives, and liberals would invoke the fourth amendment. It almost, more or less, worked before after the Snowden revelations. In that case, though, there was only the carrot; now we need the stick.

    Things might be different in Blighty, where the House of Commons, (realative to our WhoRes) is so diluted they may not care. We have one Rep on average for every 1-million people, to put it in perspective- IIRC, Britain has something like 10 MPs for every million people.

  9. John Smith 19 Gold badge
    Gimp

    " but that's really restrictive... to which we reply THAT'S THE BLOODY POINT!!"

    Correct. But then GCHQ probably does not think it's part of "Law enforcement" so those restrictions should not apply to them. They are charged with "security."

    Note the "Virtual croc clips" is one of those nice verbal analogies that is simple to understand and so comforting."

    It is in fact bu***hit.

    "End-to-end encryption."

    The clue is in the name.

    And the (mass?) snooping capability added to UK System X digital exchanges bumped up the cost compared to competitors.

    BTW I am not opposed to proportionate, targeted and justifiable surveillance. But the senior data fetishsts who run GCHQ (and their like minded friends in the Home Office and elsewhere) are.

  10. NonSSL-Login
    Thumb Down

    Re: Quid pro quo, Clarice...

    WhatsApp has already gifted the alphabet agencies a backdoor to their users chats via a new 'feature' which backs up your chats to Google drive (unsure about apple version) totally un-encrypted. You might disable backups but has the other end you are speaking too?

    Expect to see more of these crafty backdoor ways to your chats as well as interference with keys at the service provider end to give real time access/mirroring capabilities.

  11. Cliff Thorburn

    Re: Quid pro quo, Clarice...

    To quote from the Guardian Michael Jarve -

    “Once you are the subject of unlimited surveillance, you’ve lost your ability to think freely”

    Henry Porter - Journalist and Writer

    So imagine being both the subject of unlimited surveillance and great game plays with daily death threat driver deliverables, combine this with an increasingly hostile environment, no income, blacklisted so you are unable to work, and increasing psychological torture, coercion and duress.

    What would a person do under such circumstances?, and imagine if such circumstances had carried on for a number of years?, 6 or more?, would such a ‘subject’ be the next Ed Sh eeran?, or Jump in the Yellow Submarine?

    I would suggest nothing more than a practical prisoner of war, or pet at home, when does a process become the next Stanford Prisoner Experiment?, one that perhaps would be better be dealt with by foresight as opposed to hindsight?

  12. Mark 65 Silver badge

    Re: Quid pro quo, Clarice...

    This is part of the classic 5-eyes bait and switch. Everyone starts complaining about encryption, terrorists, paedos, and other bogeymen du jour. Then they start talking about must-have access to encrypted comms. The IT community responds with outrage at the thought of breaking encryption. Cue various to-ings and fro-ings on each side about absolute need vs privacy and open access to criminals and despots. This goes on for some time. Then one of the 5-eyes agencies, normally the shitbags at GCHQ who (under the Snowden leaks) seem the worst of the bunch, come up with the solution they were likely after all along as a fall-back plan - namely to allow them to be inserted into encrypted conversations as an unseen fly-on-the-wall, thus preserving the encryption but tapping the information flow.

    This process needs to be looked at by all as a free-standing proposal rather than "as opposed to breaking encryption", at which point it will be seen to be equally as repulsive given we all know that they will extend it to "insert us into every chat automatically" via some secret court order.

  13. JohnFen Silver badge

    Define "security"

    "it doesn't require app developers to scale back security on their existing software"

    This is only true if you're using an unusually narrow definition of "security". Correctly reporting who is taking part in a conversation is a security measure itself, after all.

  14. Shadow Systems Silver badge

    Re: Define "security"

    Tell them that any modifications to public security methouds must be immediately & unilaterally mirrored to the government & military security methods. You want to be added to my otherwise secure conversation without my knowing? Then I want the same ability & "right" to do the same to that supposedly secure & scrambled phone on your desk. You want to listen in on my friends & I discussing how we hate your fucking traiterous asses, then we want the same capability to listen in on you discussing how you have been/currently are/plan to increase fucking us over. Don't like it? Neither do we.

  15. jmch Silver badge

    Re: Define "security"

    "Tell them that any modifications to public security methouds must be immediately & unilaterally mirrored to the government & military security methods"

    The usual question of quis custodiet ipsos custodes. Of course the problem with 'watching the watchers' is then who watches the watchers who are watching the watchers who are watching the watchers who are.... and so on ad infinitum.

    So in the end the solution to that problem is that the watchers are watched by whoever they are watching. Full reciprocity might be a dream, but... FOI requests that cannot be refused... full release of all government official data in 5 years, with even the most secret documents that have to be released after 10 years. The only guarantee of good behaviour is scrutiny. The cops etc believe this should only be applied to the plebs but it is far more appropriate for those in power

  16. Sir Runcible Spoon Silver badge

    Re: Define "security"

    At the conceptual level, security *is* binary.

    It's only when you try to achieve that in reality that it falls short.

    It's a bit like trust. Conceptually that is also binary, you can either trust someone or you can't.

    In reality it's a bit more vague and it depends on what you are trusting someone for. Trusting a friend to return your car after borrowing it is one thing, trusting them to manage your bank accounts is another.

    So here we have GCHQ, a known abuser of trust, asking us to trust it again. In response I would like to quote a well known security maxim back at them..

    'Trust, but verify'. Until we have a cast-iron method of verification that their powers are not being abused then there simply cannot be any trust. At least not from those with a modicum of security training.

  17. Anonymous Coward
    Anonymous Coward

    GCHQ compelling the quiet modification of software is a nasty tool. I appreciate the necessity that they must feel for it, given the information they must deal with day in/day out, but no UK legislation granting such powers would likely contain the nuance to prevent mass surveillance. Any legislation feels like an inevitability, but it could further make certain jobs in Software Development carry new responsibilities that'd need the money to match the pain entailed...

  18. big_D Silver badge

    It is the most reasonable attempt yet, but I still see too many unanswered questions about security of the connection - again, if the government can get access with a warrant, what is to stop a hacker with access to the network from also listening in? There is too little information about how this should be implemented, without breaking things or allowing unauthorized parties (rogue admins, hackers) access.

    The solution itself is almost reasonable, but the checks-and-balances need to be in place first and auditable, before such a solution can even be thought of.

    They need to prove that they are trustworthy and, until now, they have only shown that they can't be trusted as far as you can throw GCHQ.

  19. 2+2=5 Silver badge
    IT Angle

    Unanswered questions..

    > It is the most reasonable attempt yet, but I still see too many unanswered questions about security of the connection

    I have some unanswered questions too.

    o How do I test the GCHQ interface? If I write a shiny new chat app, that is peer-to-peer, how do I test against an interface that doesn't yet exist? And if GCHQ intend to provide 'standard' interfaces, what happens if my app's design doesn't quite align with their standard interface?

    o Assuming GCHQ do eventually produce an interface that is dedicated to my app, or aligns with my app's modus operandi, then how do I retro-fit the changes back to existing sold copies without alerting users to a new version that they may choose not to install?

    o How will I prevent the users detecting a third data connection out of their device (cos it's peer-to-peer)?

    These can't be the only practical objections. Some more clarity on how GCHQ expect these issues to go away would be welcome.

  20. big_D Silver badge

    Re: Unanswered questions..

    o How do I test the GCHQ interface?

    That is for you to decide. You write the interface. You have to give them access on demand.

    o How will I prevent the users detecting a third data connection out of their device (cos it's peer-to-peer)?

    That is your problem, but it is your app, so you are in full control.

  21. 2+2=5 Silver badge
    Joke

    Re: Unanswered questions..

    > That is for you to decide. You write the interface. You have to give them access on demand.

    Ah, so if I write my app in two parts, one part is sold to the public and the other part is delivered to GCHQ to run so that they can eavesdrop. Wouldn't it be awful if the GCHQ part did coin mining at the same time. :-)

  22. DougS Silver badge

    Forcing software modification

    Basically they are trying to do what the FBI tried to get Apple to do, but on a grand scale that would allow them to snoop anything they wanted. At least the FBI's "request" was to get into a single phone, though of course we all know the slippery slope that would have led to.

    Because there's no way the GCHQ would settle for having to request to be added to a conversation in real time, or even being automatically added to every conversation with a given end point. They might say that's what they want now, but eventually they'd say the process is too cumbersome and they need to be able to add themselves to any number of calls they want to at any time, because "what if there's an active threat in downtown London and we don't know who the suspects are, we need to be able to look at all calls in a wide area to find the one that's of interest to save lives".

    No matter what intelligence services propose for eavesdropping encrypted comms, even if it seems "reasonable" at first glance, there's always a slippery slope immediately behind it.

  23. John Smith 19 Gold badge

    "The solution itself is almost reasonable,"

    No.

    It looks almost reasonable.

    But it isn't.

    Who is not thinking "Yeah, I could write a script to automatically ask to join every conversation. No problem?"

  24. bombastic bob Silver badge
    WTF?

    how can they do this [and keep the bad guys from doing the same] ?

    OK - demanding BOTH ends of encrypted conversation have a back door that's NOT a back door...

    W.T.F. ? (see icon)

    And how are you gonna stop THE BAD GUYS from taking advantage of it?

    And how are you going to PREVENT the bad guys from giving you the VIRTUAL FINGER and just doing encryption THEIR way and NOT telling you about it [until you try to back door them and it don't work] ???

    because bad guys don't care about obeying laws. Only honest people obey laws. Right?

  25. bombastic bob Silver badge
    Meh

    Re: Unanswered questions..

    "Wouldn't it be awful if the GCHQ part did coin mining at the same time"

    Wouldn't be EVEN FUNNIER if the GCHQ part scanned their network for vulnerabilities, planted viruses, inserted various back doors, and uploaded suspicious content to WIKILEAKS?

    just a thought...

  26. DavCrav Silver badge

    Re: Unanswered questions..

    "Wouldn't it be awful if the GCHQ part did coin mining at the same time. "

    Awful for you, sure. I mean, unless you like prison.

  27. Wellyboot Silver badge
    Joke

    Trying reasonableness?

    It'll be the comfy chair next.

  28. Michael Jarve

    Re: Trying reasonableness?

    True... many governments have stretched the definition to the breaking point. Some get caught out (extremely rarely), but that is where you have very ineffectual congressional oversight. At least in our case we have one senator, Ron Wyden, who is acting as a sort of canary and trying to alert people to an abuse of power; though at least ( not publicaly) it’s not as bad on this side of the pond.

  29. Yet Another Anonymous coward Silver badge

    Re: Trying reasonableness?

    The village bobby nodding to you as you walk down the street in public.

    GCHQ tracking everywhere you go, everything you buy or read online, everyone you communicate with, and everyone they talk to.

    It's all the same really - just a virtual village bobby.

  30. Mark 85 Silver badge

    Re: Trying reasonableness?

    No. This is more like the village bobby coming home with you and listening to everything you say and watching everything you do. See 1984 for where this is headed.

  31. Geoffrey W Silver badge

    Re: Trying reasonableness?

    @ Yet Another Anonymous coward

    Is my sarcasm detector malfunctioning in the opposite direction? I read that as sarcasm but down votes disagree with me.

  32. Yet Another Anonymous coward Silver badge

    Re: Trying reasonableness?

    The goal of el'reg is to make an ironic comment that ONLY gets downvotes

  33. James 51 Silver badge

    Re: Trying reasonableness?

    I can't remember the name of it off hand but there's another internet law about satire being mistaken for a serious position. Need something like the joke icon to prevent the misunderstanding.

  34. Norman Nescio Bronze badge

    Re: Trying reasonableness?

    I can't remember the name of it off hand but there's another internet law about satire being mistaken for a serious position. Need something like the joke icon to prevent the misunderstanding.

    That'd be Poe's law:

    ...without a clear indicator of the author's intent, it is impossible to create a parody of extreme views so obviously exaggerated that it cannot be mistaken by some readers for a sincere expression of the parodied views.

  35. Tigra 07 Silver badge
    Big Brother

    Re: Trying reasonableness?

    No. This is more like the village bobby coming home with you and listening to everything you say and watching everything you do. See 1984 for where this is headed.

    The government wants that bobby to sit in your bed and read all the communications you have with anyone, know what you're doing at all times, contacting at all times, watch TV with you, browse the internet with you. Be under no illusion, we live in a rapidly expanding 1984-esque police state.

  36. Anonymous Coward
    Anonymous Coward

    Re: The goal of el'reg is to make an ironic comment that ONLY gets downvotes

    You should be downvoted for that!

    ...

    Unfortunately, I can't log in to vote (up or down), even though I can log in to comment. This is seriously spooky...

  37. Teiwaz Silver badge

    Re: Trying reasonableness?

    Is my sarcasm detector malfunctioning in the opposite direction? I read that as sarcasm but down votes disagree with me.

    Problem is the parallel existence of the internet of nutters alongside the real one, posting nonsense or naivety in all seriousness.

  38. bombastic bob Silver badge
    Unhappy

    Re: Trying reasonableness?

    next, they'll demand that loyal cops must be 'quartered' in your home. because, if you're not hiding anything, that should be ok too, right?

    wait... didn't something like that happen in the 1770's? Only it was soldiers. Yeah. There was an actual WAR fought over that, and other things.

  39. DavCrav Silver badge

    Re: Trying reasonableness?

    "wait... didn't something like that happen in the 1770's? Only it was soldiers. Yeah. There was an actual WAR fought over that, and other things."

    No. The Quartering Acts specifically excluded people's private dwellings.

    The main reason the War was fought is that the Colonies wanted to be defended by England, but not have to pay anything towards that defence. They weren't happy with being taxed to pay for their own defence, so rebelled. Amusingly it's now Donald of Trump who is making that argument, but the other way round.

  40. Esme

    If anyone from GCHQ is reading this - I have no sympathy for your current position. As a result of your past actions, the UK population now finds itself wanting to be kept safe from bad actors, but regarding GCHQ as being amongst the bad actors we want protection from. You've effectively turned yourselves into a state-salaried criminal gang. Were it down to me, I'd fire the bulk of you, cut the salaries of those remaining by ten percent, and make it clear to those remaining that any future blatant disregard of the law and unfettered snooping would result in serious personal fines and jail sentences for everyone involved in those actions. I'm well aware of the need for intelligence agencies to sometimes transgress societal norms - but only in limited circumstances. Damn you for taking the piss, breaching our trust and then having the gall to lie about it. Damn you for being a security service we are ashamed of, rather than proud of.

  41. streaky Silver badge
    Black Helicopters

    I have sympathy but you're right the situation they're in is completely self-inflicted. They wanted to see all data all the time and when anybody found out - as was remarkably inevitable - the public were massively alarmed. Nothing has changed in GCHQ (and at the NSA, BND, others FWIW) since the events that led us to where we are now; without competent civilian oversight (there's civilian oversight, but it isn't competent) of what GCHQ are playing at with regards to what they're doing to perfectly innocent citizens minding their own business for a purpose that could easily be defined as "nothing good" long may it continue. I don't even see where competent oversight comes from by the way, they're never going to let people like me who _understand_ what the tools they use do and what the effect might be on national, personal and business security - as long as that remains true people like me are going to do everything we can to ensure they stay shut out of everywhere it matters. I've said it here before but their remit as defined in law is to protect the national security of the country, work in the interests of the economic well-being of the UK and support the prevention and detection of serious crime. Trawling comms of Joe Average minding his own business isn't that - in fact it plainly makes their job far far harder.

    I don't even have confidence that they're even restricting themselves to working within the rather open legal framework they're allowed to act.

  42. Yet Another Anonymous coward Silver badge

    But in the past GCHQ protected us from striking miners, investigative journalists, labour governments and the Bishop of Durham.

    Now they need our help to protect us from pedophiles and muslims

  43. Anonymous Coward
    Anonymous Coward

    GCHQ are still needed...to protect us from the reprisals from the people whom we’ve decided to destroy their countries. Retribution, who’d have thunk?

    Perhaps when Jezza wins and he stops all these mad wars and agitations we’ll finally get the long overdue peace dividends our citizens are crying out for? Or may be due to that very prospect, GCHQ will be helping to ensure Jezza doesn’t get elected?

  44. Keith 12

    Thank You Esme - very well said.

  45. the Jim bloke Bronze badge
    Unhappy

    Upvote for the sentiment

    but the historical experience with low paid '"security" forces is that they will use their position to supplement their incomes.

    Options include selling of data, using the company toolkit for 'weekend work', your usual assortment of bribery extortion and corruption, etc, etc...

    Somehow, they need to create a culture of integrity... no idea how

  46. Nick Kew Silver badge

    Social Engineering

    Couched in a more convincing spiel, leaving the poor bugger no option ...

    Hello telco, this is GCHQ (honest guv). We urgently need to listen to those terrorists: they may be about to attack imminently. Yes of course they're terrorists: the Nether Blighty Sunday Cricket League is just a front! Yes, NOW, we can't wait while you complete all the red tape: that'll be too late, and your refusal to cooperate will be responsible for many deaths!

  47. ElReg!comments!Pierre

    Not really what they have in mind

    I don't think GCHQ plan to ask anything; they want "ghost" accounts able to slip in unnoticed, without the communication provider's authorisation: "We expect providers to validate that such an authorization is in place, but not try to independently judge the details of the case.". That means blanket pre-auth to bulk spying, no oversight or record-keeping needed, thankyouverymuch.

  48. ElReg!comments!Pierre

    Re: Not really what they have in mind

    (as for transparency, they most certainly plan to prevent "providers" from disclosing how and when such "ghost" accounts have been used)

  49. TJ1
    Thumb Up

    End-to-End and Open Source

    This is where open-source and end-to-end encryption strengths really lie.

    Open-source means experts in the field have the ability to test via reproducible builds that any binaries match the source code, and that the source code does not allow unauthorised parties.

    End-to-End encryption and Perfect Forward Secrecy (correctly implemented) can properly protect against a communications provider (MITM) being able to add a party to the 'conference'.

  50. MacroRodent Silver badge

    Re: End-to-End and Open Source

    Exactly. It is not proper end-to-end encryption, if someone can silently add a middleman or a "virtual crocodile clip".

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018