Google and Apple criticise GCHQ eavesdropping idea
Image copyright
Getty Images
The proposal would copy encrypted chats and share them with the security services
A proposal by the UK security agency GCHQ to eavesdrop on encrypted messages has been strongly criticised by big tech firms and rights groups.
Google and Apple were among 47 firms to sign an open letter, saying it was a “serious threat” to trust and security.
The GCHQ plan would effectively mean that a copy of every encrypted message would be sent to the security services.
The technique resembled the way that GCHQ currently used wiretaps to listen to unencrypted chat, said the agency.
Silent copy
The plan for a so-called “ghost protocol” was first floated by the UK National Cyber Security Centre’s technical director Ian Levy and GCHQ’s chief codebreaker Crispin Robinson in November 2018.
The proposal was intended to add to the debate about strongly encrypted messaging systems that security services have struggled to break.
Instead of asking for encryption systems to be weakened so they can be cracked, the plan would instead copy messages and send the duplicate on to a third recipient.
That other recipient would be able to read the message because they possessed a key corresponding to the one with which it was encrypted.
In their letter, rights groups, industry bodies and tech firms said the idea would “violate” important human rights principles.
Signatories include Google, Apple, WhatsApp and Microsoft as well as Big Brother Watch, Privacy International and the Center for Democracy and Technology.
The letter said that implementing GCHQ’s idea would require changes that “undermine user security and trust” and potentially introduce vulnerabilities into messaging systems.
“The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people,” said the letter.
“GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process,” it added.
It would also threaten privacy and free speech, wrote the signatories.
In response, Mr Levy said its idea was “hypothetical” and intended as a “starting point for discussion”.
He added: “We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.”