The UK’s GCHQ is working on a new proposal which lets it eavesdrop on encrypted communications, and tech companies aren’t happy.
First, the GCHQ’s proposed snooping method: It would essentially force encrypted messaging services to add the government as an invisible third party, practically forwarding them the encrypted messages so they could be read at leisure. The encryption would not need to be broken since the tech companies would be cc messages to the state allowing them to participate as ‘ghost’ agents in the chat. Hence the term, ghost protocol.
Tech companies like Apple and WhatsApp signed an open letter, arguing that the move would force firms to change how their encryption is implemented.
They also argued:
Currently the overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people that they think they are, and only those people. The GCHQ’s ghost protocol completely undermines this trust relationship and the authentication process
In response, the UK’s National Cyber Security Centre delivered the following statement:
We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion.
It is pleasing to see support for the six principles and we welcome feedback on their practical application. We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.