Translated Article: Campaign of the Spy Alliance “Five Eyes” against WhatsApp and Co

Sanna/ January 8, 2019/ Discussion, High Entropy, Security

Feldzug der Spionageallianz „Five Eyes“ gegen WhatsApp und Co for fm4 by Erich Moechel

The current scattered news and reports on “encryption” belong together. The military secret services of the “Five Eyes” conduct a global campaign; in Australia they’ve already reached their first milestone.

Every two years, around the same time, a campaign of the espionage alliance “Five Eyes” against encryption programs takes place. Unlike in 2016, the new campaign has reached its first goal in a flash. In early December, a bill was passed in the Australian Parliament obliging Internet companies to break up encrypted communications.

The providers of Whatsapp, Snapchat, and Co are hereby required to build surveillance interfaces into their apps to give hidden access to the Australian law enforcement. In a parliamentary coup – without discussion or amendments – the “Assistance and Access Act” created a global precedent. The campaign is orchestrated by the British GCHQ, which had published a programmatic plea for backdoors a few days before the coup took place.

Moderate Proposal for Conference Calls

It was written by Ian Levy, the director of the British National Cyber Security Center, which belongs to the military intelligence service GCHQ. The essay, which was published in late November on the prestigious “Lawfare” blog, was very moderately titled “Principles for a More Informed Exceptional Access Debate”. This holds true for the first two thirds of the text, which is about “necessary transparency”, “privacy and security”, and about all things planed for monitoring. To enable these “exceptions”, providers of messaging services such as Apple, Facebook, Snapchat, et al. should be required to install surveillance interfaces in the same way as telecoms providers.

In a chat of two or more people a hidden account should be added secretly – that’s the core message of the GCHQ. It refers to conference calls that were used by analog telephony until the early days of mobile networks for monitoring purposes, ie before there were standardized, specialized monitoring interfaces. This was done to meet the legal requirements for the monitoring of all networks.

Cloak and Dagger Operation in Down under

Just a few days after these moderate proposals of the GCHQ, a law was passed by the Parliament of Australia through a covert operation of the two major parties. Because of 171 amendments of the Labour party one had prepared for a lengthy debate but, quite unexpectedly, the Social Democrats had withdrawn all applications last week. This cleared the way and the “Assistance and Access Act” was passed with a large majority, and the vague promise that objections would be considered later on.

The law does not only impose severe penalties if a provider doesn’t cooperate, even the consultation of technicians is punishable if it serves to circumvent these measures, and the consultant will be also prosecuted. First the Australian IT industry was caught off guard by this coup, then there was riot. They, of course, immediately understood what consequences this overarching law would have on its industry. Whoever operates communication channels, would have to incorporate a “trap-and-trace” for the concealed monitoring by third parties. The Australian market leader Telstra is one of the largest IT players in the South Pacific, with branches in 20 states, from the Philippines to China to Malaysia.

GCHQ Campaign Number Two

Clearly, the GCHQ’s moderate proposals for conference calls lead to serious interventions in the software of the apps themselves. In fact, options have to be built in to manipulate the display of the chat participants. In the service operator’s network, specially secured “conference servers” have to be set up to transfer these “conferences” to the prosecutors in audio, video or text format. Not surprisingly, this is not mentioned in the GCHQ’s proposals, but emphasized that these would only apply in “exceptional cases” and not expected that 100 percent of the orders could be executed.

At the same time, the GCHQ has raised a second, intertwining campaign. The GCHQ complains about the prevalence of encrypted communications, which rose to 95 percent of the data exchange. If it’s not possible to create new legal frameworks that allow for targeted monitoring of messenger services, then the GCHQ would find itself forced to significantly increase its metadata monitoring on the fibre optics. So the problem is that 95 percent of the traffic is encrypted. How this fits in with the claim that access to encrypted records shall only be required in “exceptional cases” is not explained.

The Purpose of the moderate Proposal

The same day the moderate proposals of the GCHQ were published, US Attorney General Rod Rosenstein met the press and complained about the increase of encrypted communication. This would make it more and more impossible for police authorities to do their job, said the top US prosecutor. Similar comments were also received from Canada and New Zealand, so all Five Eyes are represented. Unlike in 2016, this time, not the prosecutors, but the military intelligence services are in charge, which are now touchingly concerned with the issues of civilian prosecutors.

The reason: in the UK and the other Five Eyes states, more complex surveillance measures are carried out by the military secret services on behalf of the prosecutors. That’s the consequence of these moderate intelligence proposals, suspiciously similar to the NSA’s notorious PRISM program, where the US services had demanded access from the Internet companies to data, which they could not get in an unencrypted state at the mass tap points of the optical fibres.

What happens next

In the meantime, further traces of this campaign have been discovered in international standardization committees. The matter requires a certain amount of research, a follow-up therefore will not be published in direct succession, but can be expected to be released still in 2018. As for the term “moderate proposal”, it was coined by the Irish satirist Jonathan Swift. In view of the famine in Ireland in 1729, which killed tens of thousands, the satirist proposed, in an essay of the same name (“A Modest Proposal”), to slaughter infants at the age of one year and serve them either boiled, grilled, or as a fricassee.

Share this Post