Tech Companies Unite Against UK's Proposed Alternative to Encryption Backdoors
Microsoft, Google, Apple and dozens of other tech companies released an open letter last week the United Kingdom's Government Communications Headquarters to reconsider a proposal experts say could create new cybersecurity vulnerabilities in consumer communication applications.
June 04, 2019 at 09:30 AM
3 minute read
No fewer than 47 tech companies—including Apple, Microsoft, Google and WhatsApp—signed their names to an open letter last week urging the United Kingdom's Government Communications Headquarters (GCH) not to move forward with a proposal that would allow the furtive addition of law enforcement participants to encrypted group chats or calls.
The concerns outlined in the letter will be familiar to anyone who has followed the ongoing efforts to find some kind of middle ground between privacy and the needs of law enforcement. Some believe, however, that the GCH's proposal has the potential to create new threats while still invoking the same human rights concerns.
“I would say that [the GCH proposal] actually escalates all of the tensions that are present now. It really opens it up to a much larger security risk,” said Jason Rebholz, a founder of the specialized claims management firm MOXFIVE.
The source of much of that original tension has to do with the encryption protecting communications channels and just how impenetrable it should be. Tech companies balked last fall after Five Eyes, an intelligence alliance comprised of Canada, New Zealand, Australia, the United Kingdom and the United States, issued a communiqué advocating for the installation of law enforcement accessible backdoors to encryption.
The companies argued that a backdoor of any kind can still be opened by the wrong people. The GCH proposal attempts to sidestep the issue by making the case that tech companies wouldn't have to touch their encryption in order to silently add law enforcement to a group chat or call. According to Rebholz such a measure would mean completely bypassing the encryption altogether. But there's also the potential for new vulnerabilities to be inadvertently created.
“When you're introducing this type of functionality, it's a very heavy undertaking from the coding perspective. It's going to open it up for a greater risk of just coding errors that others can take advantage of and essentially hack into,” Rebholz said.
He thinks that the scariest part is that those vulnerabilities in turn could subvert the very nature of the function itself, allowing bad actors to slip into conversations or calls unannounced and unnoticed. There's also a possibility that the reward doesn't justify the risk.
Jarno Vanto, a partner in the privacy and cybersecurity group at Crowell & Moring, said the GCH proposal still affords the same potential for governmental misuse that has dogged more traditional back doors.
“Half these tools—and this always happens—they're leaked out there and then they will be used by governments who are not Western human rights member governments,” he said.
Meanwhile, the “ghost” function's original intention may quickly become moot. After all, the ability to silently monitor a platform isn't very useful if you're the only one there. Users—especially potential bad actors—could be inclined to abandon a messaging platform if they suspect that the integrity of their communications has been compromised.
Dan Greene, a certified information privacy professional with Beckage, doesn't think that user awareness will begin and end with the content of their messages much longer. He foresees a rising concern with regards to the metadata that can be mined from those communications.
“What can you determine about who I am, where I am, how frequently I'm communicating with somebody, without knowing the content of my information. And I think that that will sort of be the next wave,” Greene said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1'Fulfilled Her Purpose on the Court': Presiding Judge M. Yvette Miller Is 'Ready for a New Challenge'
- 2Litigation Leaders: Greenspoon Marder’s Beth-Ann Krimsky on What Makes Her Team ‘Prepared, Compassionate and Wicked Smart’
- 3A Look Back at High-Profile Hires in Big Law From Federal Government
- 4Grabbing Market Share From Rivals, Law Firms Ramped Up Group Lateral Hires
- 5Navigating Twitter's 'Rocky Deal Process' Helped Drive Simpson Thacher's Tech and Telecom Practice
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250