Tech giants and academics urge GCHQ to desert “ghost proposal”
Large technology companies, academics and civil rights campaigners have called on GCHQ to abandon a proposal that could see police and security services entering online encrypted conversations as a “ghost user”.
Encrypted messaging services, such as Whatsapp, currently use encryption schemes which deliver unique keys to corresponding parties to allow them to communicate.
This system relies on the public’s trust in the messaging service to deliver the unique key to only the intended communicants.
However, Ian Levy and Crispin Robinson of GCHQ proposed a new capability for law enforcement to be silently added to a group chat or call on Lawfare blog in November.
They suggested a “ghost” user enter into conversations by messaging services by suppressing normal notifications to users, so that they would be unaware that a law enforcement participant had been added.
They claimed that this “sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today in traditional voice intercept solutions”.
However, the open letter published today (May 30) and signed by tech giants such as Apple and Google, Ivy League academics and rights campaign groups such as Privacy International warned that changes to current encryption systems could create serious cybersecurity risks and violate users’ trust.
The ghost proposal would change how encryption systems work with respects to authentication, which allows users to “have confidence that the other users with whom they are communicating are who they say they are”.
Because services would have to rewrite all software to allow for this change, any mistake could result in an unintentional security vulnerability, which could be abused by malicious third parties, the letter claims.
Intentional vulnerabilities in the software were also of concern, and the authors raised the objection that individuals – such as stalkers and domestic abusers – and repressive regimes in foreign states could take advantage of these software changes.
It is not just malicious third parties who could abuse the vulnerabilities, but individuals and groups in law enforcement itself, they said.
One example cited was a former police officer in the U.S. who discovered that “104 officers in 18 different agencies across the state had accessed her driver’s license record 425 times, using the state database as their personal Facebook service.”
The letter also warned GCHQ that damages to trust would also increase security risks: “Its use could call into question the trustworthiness of established software update channels. Individual users aware of the risk of remote access to their devices, could also choose to turn off software updates, rendering their devices significantly less secure as time passed and vulnerabilities were discovered [but] not patched.”
It concluded that the security organisation should “abandon the ghost proposal, and avoid any alternate approaches that would similarly threaten digital security and human rights.
“We would welcome the opportunity for a continuing dialogue on these important issues,” it added.