Just as more tech companies are starting to see the light when it comes to privacy and security, intelligence agencies would still like to be able to spy on encrypted communication, whether it’s text chats or calls.
The same goes for the British spies at GCHQ, who proposed back in November that they should be able to eavesdrop on encrypted messages. Several companies, including Apple, Google, Microsoft, WhatsApp, and others, have responded to GCHQ, criticizing its push to undermine the security of end-to-end encryption.
Apple has been making a big deal about the fact that its devices and services are meant to protect the privacy and security of users, and that includes using encryption to lock gadgets, as well as to protect the contents of iMessage texts and FaceTime calls. More recently, Facebook, which owns WhatsApp, announced a significant pivot to privacy and security, which includes using end-to-end encryption in chat apps. Google followed with a similar move, although the company looked to redefine what privacy means and to simultaneously suggest that its kind of privacy doesn’t come with as steep costs as Apple’s.
Apple, Google, Microsoft, and WhatsApp are just four of the 47 signatories that signed an open letter that was published on Lawfare to criticize the UK intelligence agency’s plans to listen in on encrypted calls whenever necessary. This isn’t the first time a coalition of tech giants has spoken out in favor of encryption.
The GCHQ seems to believe that adding a silent law enforcement participant to a group call or chat would be enough to allow them access to targeted groups. However, adding this “ghost” member would also imply that the tech companies who develop chat apps would go to great lengths to hide the existence of this ghost from the other members of the chat. That way, the law enforcement officer collecting information on a target would have access to all the contents of a chat or call in an unencrypted format.
Lawfare, which worked with those 47 entities on the response, explained in the letter what this proposal would actually mean if implemented, concluding that adding a ghost member to all of these chats would “undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused.”
“If users cannot trust that they know who is on the other end of their communications, it will not matter that their conversations are protected by strong encryption while in transit,” Lawfare writes. “These communications will not be secure, threatening users’ rights to privacy and free expression.”
The letter, available in full at this link, urges GCHQ to abandon the ghost proposal and any other approach that would pose similar risks to security and welcomes further discussion on the topic.