GCHQ details how law enforcement could be silently injected into communications


Two of the United Kingdom’s highest cyber officers have detailed how they believe law enforcement could access end-to-end encrypted communications.

Written by Technical Director of the National Cyber Security Centre Ian Levy and Technical Director for Cryptanalysis for GCHQ Crispin Robinson, the essay claims that end-to-end encryption remains, but an extra “end” for law enforcement.

“It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call,” the pair said.

“The service provider usually controls the identity system, and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call.”

Read more…
Source: ZDNet

Related story: GCHQ opens kimono for infosec world to ogle its vulnerability disclosure process