UK “Ghost Proposal” Threatens Security, Privacy and Human Rights

Would allow secret law enforcement participation in private calls and chats

Phil Zimmermann, Richard Stallman, Bruce Schneier, EFF, Privacy International, Startpage.com and Apple are among 47 signatories on a new Open Letter to GCHQ regarding its “Ghost Proposal.” The proposal, if adopted, would allow for “silently adding a law enforcement participant to a group chat or call.”

GCHQ (Government Communications Headquarters) is a UK government intelligence organization similar to the U.S. National Security Agency (NSA).

The Letter, spearheaded by Sharon Bradford Franklin and Andi Wilson Thompson of New America’s Open Technology Institute, provides insight into how the Ghost Proposal would allow government agents to slip unseen into private encrypted communications:

The “ghost key” proposal put forward by GCHQ would enable a third party to see the plain text of an encrypted conversation without notifying the participants. But to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust.

First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.

Second, in order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software so that it would

1) change the encryption schemes used, and/or

2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

The proposal requires what is, essentially, a government backdoor into encrypted communications software. This, the letter points out, would simply penalize law abiding users and drive “bad actors” to new tools beyond the reach of law enforcement. What’s more, mandatory changes could introduce unintentional vulnerabilities and make the software ripe for abuse by stalkers, overzealous government agents, and repressive regimes.

While the plan is simply in the proposal stage, security experts warn in the Letter that adoption would pose a “serious threat” to cybersecurity, human rights and privacy:

The GCHQ’s ghost proposal creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused. These cybersecurity risks mean that users cannot trust that their communications are secure, as users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression….

The Letter concludes:

For these reasons, the undersigned organizations, security researchers, and companies urge GCHQ to…abandon the ghost proposal, and avoid any alternate approaches that would similarly threaten digital security and human rights. …

GCHQ’s Ian Levy, the technical director of the UK’s National Cyber Security Centre, acknowledged the concerns, writing:

“We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion.”

“We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.”

Let’s hope the “Ghost Proposal” is simply talk that will be discarded on the trash heap of history’s bad ideas. In the meantime, we all need to keep an eye on developments to ensure world citizens maintain secure, trusted encrypted communication channels that keep out uninvited third-party eavesdroppers. This kind of shadowy surveillance has no place in a free society.