[ad_1]
(Image: Microsoft)
Two of Britain's top cyber-officers explained how, according to them, law enforcement could have access to encrypted communications from end to end.
Written by Ian Levy, the technical director of the National Cybersecurity Center, and GCHQ Crispin Robinson's Cryptbadysis Technical Director, the text says that end-to-end encryption remains, but is an additional "end" for the security forces. l & # 39; order.
"It is relatively easy for a service provider to silently add a law enforcement participant to a group discussion or call," the couple said.
"The service provider usually controls the identity system and therefore really decides who is who and what devices are involved. They are usually involved in the introduction of a dialogue or an appeal between the parties. "
It is argued that such a solution would not be more intrusive than the crocodile-type phone intercept used in the last century and emphasized the first digital exchanges using the conference call feature to allow for lawful interception .
The pair further argued that the solution would not result in "weakening of encryption or an end-to-end nature of the service" and instead delete a notification on the target devices.
SEE: What is cyberwar? All you need to know about the scary future of digital conflict
Another proposal to rely on the cracking of seized devices has been ruled out because it may be harder and disproportionate. It has been argued that since software changes more than hardware, the former should be the preferred target.
What is proposed is a topic of discussion, writes the couple, and more work is needed.
"We need to be able to openly discuss these issues, and we need to be very careful not to take any element or proposition and say that it proves that the problem is either totally solved or totally unsolvable. bad science and solutions are going to be more complex than that, "writes the pair on lawfare.
"[More work] must happen without people being vilified for having a point of view or dare to work there as a problem. The alternative will almost certainly be bad for everyone. "
The blog has been called "absolute madness" by Edward Snowden on Twitter.
"The UK government wants companies to poison their customers' private conversations by secretly adding the government as a third party, which means that anyone on your friend list would become" your friend plus a spy, " wrote the Russian whistleblower.
"You can not trust an identity conveyed by a company."
Earlier in the day, GCHQ revealed how it chose security vulnerabilities on which to inform technology providers.
The spy agency said it would not tell a company if its software is vulnerable to cyber-attacks and hackers if it is considered the best option for security national.
Related coverage
GCHQ: We do not talk to tech companies about any software flaws
British intelligence says when they will not tell suppliers that their software is vulnerable to attack and why.
GCHQ's latest start-up choices focus on small business security
The British intelligence agency chooses the next group of companies that will follow its startup accelerator program.
DHS and GCHQ join Amazon and Apple to deny Bloomberg's story
US and UK authorities support Amazon and Apple's statements about the history of Bloomberg chip piracy.
Cybersecurity: Nation-state cyberattacks threaten everyone, warns former GCHQ boss
Citing Russian cyber-attacks and WannaCry, Robert Hannigan, former director of GCHQ, said national campaigns had become "a problem for everyone".
Ransomware: a reminder for professionals (TechRepublic)
This guide covers the attacks of Locky ransomware, WannaCry, Petya and others, systems targeted by hackers and ways to avoid becoming the victim and paying ransom to cyber criminals in case of infection.
[ad_2]
Source link
