5 June 2019

Tech giants sign letter condemning UK agency’s plan to spy on encrypted messages

BY JAMES FARRELL

Microsoft Corp., Google LLC, Facebook Inc.-owned WhatsApp and Apple Inc. have signed a letter condemning a U.K. government agency’s proposal to spy on its citizens.

The letter, which has 47 signatories including tech firms, security experts and civil society groups, is highly critical of the Government Communications Headquarters or GCHQ proposal to enable eavesdropping on encrypted chats.

The signatories are urging GCHQ to abandon what it calls the “ghost protocol,” stating that if such spying were allowed, it would pose a serious threat to digital security and human rights. It would also severely impact how users feel about the technology they are using, they said.

“The moment users find out that a software update to their formerly secure end-to-end encrypted messaging application can now allow secret participants to surveil their conversations, they will lose trust in that service,” said the letter.


What the proposal would mean, argued the signatories, is that the government could surreptitiously join a conversation. If the government so chose, it would also be able to join an existing group chat without the original participants knowing a thing.

The proposal discusses something called an “exceptional access mechanism,” which could bypass end-to-end encryption. The authors of the protocol said it’s “relatively easy for a service provider to silently add a law enforcement participant to a group chat or call.” The encryption is not comprised, rather only an extra set of eyes is on the conversation.

“In order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat,” said the letter.

In response, one of the authors of the proposal has said it was purely hypothetical and was only put forward to see how the idea floated.

“We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists,” he told CNBC. “The hypothetical proposal was always intended as a starting point for discussion. We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.”

No comments: