Friday November 30, 2018

GCHQ Calls for Encrypted Chat Access and Vulnerability Confidentiality

The GCHQ, the hub of the UK's surveillance program, recently published a piece in Lawfare that calls for "virtual crocodile clips in today’s digital exchanges," among other things. While the agency isn't advocating weak encryption, they do want law enforcement to be a "third end" in end-to-end encryption. That piece also calls for greater transparency and partially condemns the hoarding of security vulnerabilities for "lawful hacking." However, that same day, another part of the GCHQ published a blog post arguing that vendors shouldn't necessarily be notified of security vulnerabilities. While the two posts are talking about vulnerabilities in different contexts, they seem to be calling for policy changes in opposite directions.

News Image

So, to some detail. For over 100 years, the basic concept of voice intercept hasn't changed much: crocodile clips on telephone lines. Sure, it's evolved from real crocodile clips in early systems through to virtual crocodile clips in today's digital exchanges that copy the call data. But the basic concept has remained the same. Many of the early digital exchanges enacted lawful intercept through the use of conference calling functionality.