Tech giants ask GCHQ to drop ghost proposal for accessing encrypted messages

GCHQ headquartersImage: Headquarters of GCHQ in Cheltenham, Gloucestershire. Photo: courtesy of GCHQ/Crown Copyright/MOD/Wikipedia.org.

A global coalition that includes the likes of tech giants such as Apple, Google, Microsoft and WhatsApp has written an open letter to the UK Government Communications Headquarters (GCHQ) urging it to drop its “ghost” proposal of accessing encrypted calls and chats.

The proposal made by GCHQ asks tech giants to consider adding a ghost user to a group chat or call as a law enforcement participant. According to the coalition, the proposal means that a third party will be allowed to see the plain text of an encrypted conversation without the knowledge of the participants.

To make that happen, the coalition said that two changes need to be made to systems – one being the addition of a new public key into a conversation and the second being a change in software to allow the government to take part in the chat or call secretly.

The coalition said that the proposal from GCHQ would result in the serious undermining of user security and trust.

Furthermore, the ghost proposal will seriously threaten digital security by compromising the authentication process that allows users to verify that they are communicating with the right people, wrote the coalition. It is also expected to give rise to potential unintentional vulnerabilities, and increase risks of abuse or misuse of communications systems.

The coalition claimed that the proposal can pose threats to basic human rights, including privacy and free expression.

The letter from the coalition to GCHQ reads: “Authentication is still a difficult challenge for technologists and is currently an active field of research. For example, providing a meaningful and actionable record about user key transitions presents several known open research problems, and key verification itself is an ongoing subject of user interface research.

“If, however, security researchers learn that authentication systems can and will be bypassed by third parties like government agencies, such as GCHQ, this will create a strong disincentive for continuing research in this critical area.”

The tech giants in the coalition are partnered by various civil society organisations, trade associations, and security and policy experts.

Be the first to comment on "Tech giants ask GCHQ to drop ghost proposal for accessing encrypted messages"

Leave a comment

Your email address will not be published.


*