UK’s GCHQ spy agency seems to be planning to carry on with its business of surveillance in any manner it sees fit. The latest is the intention to intercept and divert messages from, up until that point, secure messaging apps like WhatsApp while allowing a copy to at the same time go through to the intended recipient.
In fact, it would be the apps themselves that would be tasked with doing this “dirty work” – consisting of “quietly” adding a spy to a group chat or call – thus allowing them to access end-to-end encryption.
And in GCHQ’s world, this would “not undermining the privacy, security or confidence of users.”
CNBC said that the idea, the so-called ghost protocol, was first proposed late last year by GCHQ officials.
But now a group of 47 signatories, including Apple, Google, Facebook’s WhatsApp, civil society groups and academician has penned an open letter telling GCHQ that it’s a terrible idea.
For one thing, it would threaten human rights and undermine digital security and user trust, they are warning.
Messaging services would be under obligation to secretively introduce a new public key into conversations.
Three’s a crowd: especially in a supposedly private, encrypted conversation, and especially when the third participant is a government spy. And then apps, services, and operating systems would have to rewrite their code to accommodate the new encryption scheme.
And in another “user-trust building exercise” they would have to lie to users by hiding notifications about a new participant joining a chat.
The signatories reminded the GCHQ that users trust “reputable providers” to perform “authentication functions and verify that the participants in a conversation are the people they think they are, and only those people.”
Reacting to the letter, one of the pair behind the “ghost protocol” idea, Ian Levy of National Cyber Security Center, played the terrorist card, saying their hypothetical proposal was to secure “exceptional access to data – for example to stop terrorists.”
Levy said that conversation would continue in an open manner, with the goal of reaching “the best possible solutions.”
Apple, one of the signatories of the letter, takes the idea of privacy very seriously as part of its branding and has in the past refused to help the FBI access the iPhone of the San Bernardino shooter – even though the agency later found another way to do it.