Over 50 companies, civil society organisations and security experts — including Apple, WhatsApp, Liberty and Privacy International — have signed an open letter calling on UK listening agency GCHQ to abandon its ‘ghost protocol' proposals, which would enable eavesdropping on encrypted chat services.
The proposal was first mooted November 2018 by senior intelligence officials Ian Levy, technical director of the UK's national cyber security centre, and Crispin Robinson, head of cryptanalysis at GCHQ, in November 2018.
Writing for the Lawfare blog, the pair said it would be "relatively easy" for a service provider to "silently add a law enforcement participant to a group chat or call".
Our open letter is available to read here: https://t.co/k1sDHeRcxj— Big Brother Watch (@bbw1984) May 30, 2019
"The service provider usually controls the identity system and so decides who's who and which devices are involved. You end up with everything still end-to-end encrypted, but there's an extra ‘end' on this particular communication. This sort of solution seems to be no more intrusive than virtual crocodile clips our democratically elected representatives and judiciary authorise today in traditional voice intercept solutions," they suggested.
However, the consortium claim the plan represents "serious threat" to digital security and human rights, and the agencies should instead focus on "protecting privacy rights, cybersecurity, public confidence, and transparency".
"To achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust. First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat. Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so it would change the encryption schemes used, and/or mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat," the letter states.
GCHQ's proposal differs slightly from recurrent government calls for "back doors" to be inserted into encrypted services, which experts argue would produce security flaws hackers could easily be exploited by hackers.
"The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The ghost proposal completely undermines this trust relationship and the authentication process," the letter continues.
"The hypothetical proposal was always intended as a starting point for discussion. We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," he added.
Apple, one of the signatories to the letter, has previously engaged in high-profile disputes with law enforcement agencies over privacy protection, for instance refusing to open a locked iPhone for the FBI. Eventually, the Bureau merely employed a hacker to break into the device in question without Apple's approval or assistance.