Apple, Google, Microsoft and 44 other organisations and security experts have signed an open letter condemning a proposal to secretly add law enforcement organizations to encrypted chats and calls.
The proposal by GCHQ – Britain’s equivalent of the NSA – seeks to provide an encryption workaround that would breach privacy and security in apps like Messages, FaceTime, WhatsApp and Signal …
The proposed workaround, aka ‘ghost proposal’
So far, companies like Apple have been able to tell law enforcement that it has no way to provide them with access to Messages chats and FaceTime calls because the services use end-to-end encryption. This means that Apple doesn’t know the encryption key and therefore cannot access the content.
But Britain’s Government Communications Headquarters (GCHQ) thinks it has a clever workaround. First revealed back in February, it wants messaging companies to secretly add law enforcement agencies as invisible participants in chats.
It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call…. In a solution like this, we’re normally talking about suppressing a notification on a target’s device… and possibly those they communicate with.”
In short, Apple — or any other company that allows people to privately chat — would be forced to allow the government to join those chats as a silent, invisible eavesdropper.
For obvious reasons, the plan is being known as the ‘ghost proposal.’
The open letter was sent on May 22 and made public today. It says the ghost proposal must be rejected on three grounds:
- It violates fundamental human rights
- It creates new security risks
- It violates GCHQ’s own stated principles
As the letter puts it:
This proposal to add a “ghost” user would violate important human rights principles, as well as several of the principles outlined in the GCHQ piece. Although the GCHQ officials claim that “you don’t even have to touch the encryption” to implement their plan, the “ghost” proposal would pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression. In particular, as outlined below, the ghost proposal would create digital security risks by undermining authentication systems, by introducing potential unintentional vulnerabilities, and by creating new risks of abuse or misuse of systems. Importantly, it also would undermine the GCHQ principles on user trust and transparency set forth in the piece.
The signatories say that iMessage, WhatsApp and Signal go to particular lengths to guard against exactly this risk – of third-parties managing to add themselves to a conversation.
For example, iMessage, has a cluster of public keys – one per device – that it keeps associated with an account corresponding to an identity of a real person. When a new device is added to the account, the cluster of keys changes, and each of the user’s devices shows a notice that a new device has been added upon noticing that change […]
[Another method is known as] a “safety number” in Signal and a “security code” in WhatsApp (we will use the term “safety number”). They are long strings of numbers that are derived from the public keys of the two parties of the conversation, which can be compared between them – via some other verifiable communications channel such as a phone call – to confirm that the strings match. Because the safety number is per pair of communicators — more precisely, per pair of keys — a change in the value means that a key has changed, and that can mean that it’s a different party entirely. People can thus choose to be notified when these safety numbers change, to ensure that they can maintain this level of authentication. Users can also check the safety number before each new communication begins, and thereby guarantee that there has been no change of keys, and thus no eavesdropper.
This is why, when you add a new Apple device, you get an alert on your existing devices.
The letter emphasises the fundamental problem that any backdoor created for use by the good guys inevitably carries the risk that it will be exploited by the bad guys. This is, of course, the reason Apple refused to create a weakened version of iOS for the FBI in the San Bernardino shooting case.
The lengthy letter condemning the proposal to secretly add law enforcement agencies to encrypted chats is signed by tech giants, civil rights organizations and security experts. You can read it here.