Tech industry bands together to oppose GCHQ snooping

Google, Apple, WhatsApp, Microsoft and others to sign an open letter imploring GCHQ to understand implications of its 'ghost protocol'

Internet snooping

Google, Apple, WhatsApp and Microsoft have signed an open letter with 43 other signatories opposing GCHQ's plans to embed itself in every encrypted messaging service in the UK.

The proposal put forth by the British cyber security agency would entail adding a "ghost" user to an end-to-end encrypted messaging service to oversee the content of messages, much like how a group chat would work within the service.

Advertisement - Article continues below

The 47 signatories which include privacy advocate groups, tech giants and Ivy League academics all say that while the principles outlined by GCHQ in November 2018 regarding the need to protect privacy and security are "a step in the right direction", but putting them in practice "would violate important human rights principles".

"The ghost proposal would create digital security risks by undermining authentication systems by introducing unintentional vulnerabilities and by creating new risks of abuse or misuse of systems," read the open letter. "Importantly, it would undermine the GCHQ principles on user trust and transparency."

"Any functioning democracy will ensure that its law enforcement and intelligence methods are overseen independently and that the public can be assured that any intrusions into people's lives are necessary and proportionate," said Ian Levy and Crispin Robinson of GCHQ in a joint essay.

Advertisement
Advertisement - Article continues below

"In the UK, under the Investigatory Powers Act 2016, that means a Secretary of State and an independent judge must both sign-off the use of the most intrusive powers," they added. "We believe this provides world-class oversight of our law enforcement and intelligence agencies."

Advertisement - Article continues below

You can think of end-to-end encryption of messages like an archaic tin can and rope method of communication. Only those with access to that rope can send or receive the communication, keeping everyone else out. That's how messages over services such as WhatsApp and iMessage are conducted, using public key cryptography.

GCHQ plans to embed a "ghost" agent within these messages, creating a three-way communication line with one invisible participant so the agency can oversee messages that would usually be hidden from them.

"It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," said Levy and Robinson. "You end up with everything still being end-to-end encrypted, but there's an extra 'end' on this particular communication."

"We're not talking about weakening encryption or defeating the end-to-end nature of the service," they added. "In a solution like this, we're normally talking about suppressing a notification on a target's device, and only on the device of the target and possibly those they communicate with. That's a very different proposition to discuss and you don't even have to touch the encryption."

Advertisement - Article continues below

The reason why GCHQ wants access to these messaging services isn't to spy on regular civilians' personal conversations out of perversion, it's to reduce the powers held by criminal and terrorist organisations that can use these services to plan crimes without law enforcement knowing.

While most can agree that GCHQ should have these powers to protect national security, it does present a conflict, namely between protecting the interests of national security against the fundamental human rights of freedom of expression and privacy of one's own correspondence.

It's a similar conflict of rights that Google had to wrestle with when drafting and imposing its 'right to be forgotten' after a lengthy legal battle with the European courts.

It isn't the first time Apple, in particular, has openly opposed breaking end-to-end encryption of messages sent between members of the public. In a famous legal battle with the FBI, the company refused to unlock an iPhone belonging to the terrorists who committed the San Bernadino shootings in 2015.

Apple wasn't prepared to sacrifice user privacy, their trust in the company's commitment to user security and the sacrosanct encryption of their devices, despite heavy pressure from the FBI amid a major case of national security.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Most Popular

How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
Why it’s time to expand beyond 16:9 monitors
Advertisement Feature

Why it’s time to expand beyond 16:9 monitors

21 Jul 2020