GCHQ has proposed tech companies grant state spies access to encrypted chats and calls as part of new surveillance measures, dubbed the “ghost protocol”, reports the Guardian.
The new measure would allow a government agent to “sit in” on seemingly secure private conversations unbeknown to the participants.
The demand for a “ghost protocol” was defended by a GCHQ spokesmen with the argument that such a method would uphold security and privacy of encrypted communication, since encryption itself would not be broken.
In what is deemed a “serious threat” to digital security and human rights, the proposed measure has been condemned by over 50 companies, organisations and security experts, who signed an open letter on the issue addressed to the UK government.
Co-authored by Google, Apple, WhatsApp, Microsoft, Liberty, Privacy International and others, it explains that “to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust.”
The first change, they write, is requiring service providers to secretly inject a new public key into a conversation. Thus, what started out as a two-way conversation is transformed into a group chat with the government or secret government participant added.
For this to be feasible, a second change would be required: messaging apps, service providers, and operating systems would have to “change their software so that it would change the encryption schemes used, and/or mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.”
The news comes as earlier in June MI5 and GCHQ were forced to admit in court they act illegally in their use of bulk data, gathered by eavesdropping on millions of innocent people.
The admissions were made in the wake of a court case brought by civil rights organisation Liberty. In its latest challenge to the 2016 Investigatory Powers Act, Liberty argued that government surveillance practices breach human rights law.
The court was told that what has been dubbed the “snooper’s charter” permits interfering with computers, mobiles, and other devices in a way that amounts to an invasion of individuals’ privacy.
Responding to the legal action, UK Security Minister Ben Wallace said:
“It is imperative that our law enforcement and security and intelligence agencies have the tools they need to protect us all from very real threats to our security, prosperity and our way of life.”