Apple’s new iMessage Contact Key Verification at first glance seems to be a rather niche security feature, likely to be of interest only to the most paranoid or highly-targeted individuals. But it could turn out to be a privacy feature which protects us all from government spying.
That’s because it seems almost custom-designed to prevent a plan developed by the UK’s equivalent to the NSA – GCHQ …
iMessage uses end-to-end encryption, which means that only the intended message participants can read messages.
Or, more specifically: only devices used by intended message participants can decrypt messages. That’s an important distinction, because an Apple server keeps note of which specific devices are allowed to decrypt messages, and if that server were compromised, someone could add another authorized device to those owned by participants. That device would then be able to decrypt messages the same way you currently get copies on your iPhone, iPad, and Mac.
What Contact Key Verification does is to enable message participants to check that this hasn’t happened.
You’d think Apple’s iMessage servers being compromised seems like a rather low risk – but the company is likely less concerned about private hackers, and more concerned about government spy agencies.
This is the reason that WhatsApp and Signal already have similar protections of their own.
The ‘ghost proposal’ by government spy agencies
All of this goes back to ‘the ghost proposal’ made in 2019 by the UK’s Government Communications Headquarters (GCHQ) – the UK equivalent of the NSA.
Governments around the world have been trying to compromise end-to-end encryption for a great many years, but have so far been stopped by the argument that you can’t create a backdoor for use by the good guys without that weakness being detected and exploited by the bad guys.
But GCHQ came up with a plan with I think qualifies for the term ‘evil genius.’ Here’s how the ACLU described it.
“It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call…. In a solution like this, we’re normally talking about suppressing a notification on a target’s device… and possibly those they communicate with.”
In short, Apple — or any other company that allows people to privately chat — would be forced to allow the government to join those chats as a silent, invisible eavesdropper.
In other words, GCHQ or the NSA tells Apple to add an extra device which would appear to belong to you or another participant in the chat, and that device would get decrypted copies of all the messages, without anyone in the chat being any the wiser.
Apple, Google, Microsoft, and 44 other organisations and security experts signed an open letter condemning the ghost proposal, but there remained the possibility that they could be secretly forced to do it – with a classified court order, for example.
Normally, there would be no way for any of us to know it had happened.
But Contact Key Verification changes that. Now we have a method to verify each individual device in the chat.
Apple is effectively protecting all of us
It’s unlikely that many people will bother to use the new feature, but now that it exists, it essentially makes the ghost proposal pointless – because anyone who’s likely to be targeted by government surveillance would use it.
Because Contact Key Verification renders the ghost proposal useless, Apple is effectively telling government spy agencies not to bother trying it – and that ultimately protects all of us, by maintaining the integrity of end-to-end encryption.
FTC: We use income earning auto affiliate links. More.