Apple and WhatsApp are trying to fight off plans from British spies to ‘ghost’ their way into your encrypted messages

Government Communications Headquarters (GCHQ).

caption
Government Communications Headquarters (GCHQ).
source
Ministry of Defence

  • Nearly 50 tech firms, human rights organisations, and researchers have called for Britain’s spy agency GCHQ to drop plans to eavesdrop on encrypted messages.
  • Tech giants, including Apple and Facebook-owned WhatsApp, are among those who signed the open letter.
  • GCHQ’s so-called “ghost proposal” would require messaging services to build a system for secretly adding government entities to private chats.
  • The letter argues that building such as system would pose serious cybersecurity issues, as well as paving the way for human rights violations.
  • Visit Business Insider’s homepage for more stories.

“Ghosting” could soon take on a more sinister meaning.

A group of human rights organisations, cybersecurity researchers, and tech companies – including the likes of Apple, Google, Microsoft, and WhatsApp – published an open letter calling on Britain’s spy agency to kill plans to eavesdrop on encrypted messages.

The method was proposed in a paper published online by GCHQ’s cybersecurity technical director Ian Levy and head of cryptanalysis (a.k.a. deciphering code) Crispin Robinson in November last year.

Rather than breaking into encrypted chats, the method would involve encrypted messaging services like WhatsApp or iMessage surreptitiously blind copying government agencies in on a chat without alerting the other users. The letter refers to the method as the “ghost proposal,” and says it poses numerous threats.

“We write to express our shared concerns that this particular proposal poses serious threats to cybersecurity and fundamental human rights including privacy and free expression,” the open letter said.

In a statement sent to Business Insider, GCHQ boss Levy said it was a “hypothetical proposal” designed to provoke a discussion. “We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible,” he added.

Cybersecurity threat

The open letter’s signatories argue that reconfiguring messaging services’ software to allow them to quietly add the government to private chats could introduce unforeseen vulnerabilities, which in turn could be exploited by hackers.

Read more: Apple’s privacy promises would have been useless against a simple missed call from WhatsApp hackers

It would also mean redesigning services like WhatsApp so that the company could access and view individual chats, which is intentionally designed to be impossible at the moment as it would constitute a serious invasion of privacy by the company.

Facebook is currently working up plans to double down on encrypted messaging by stitching together the backends of WhatsApp, Messenger, and Instagram Direct Messages.

Opening a backdoor to human rights violations

As well as representing a baseline invasion of privacy for service users, the letter points out that creating a point of access to private chats for the UK government could result in an international domino effect.

“If UK officials were to demand that providers rewrite their software to permit the additions of a ghost UK government participant in encrypted chats, there is no way to prevent other governments from relying on this newly built system. This is of particular concern with regard to repressive regimes and any country with a poor record on protecting human rights.”

Destroying user trust

The letter further argues the ghost proposal could bankrupt public trust in encrypted services.

“The moment users find out that a software update to their formerly secure end-to-end encrypted messaging application can now allow secret participants to surveil their conversations, they will lose trust in that service.”

The letter adds that the public wouldn’t necessarily be made aware of which specific services had received requests to introduce the ghost proposal, as the UK Investigatory Powers Act would allow officials to slap them with non-disclosure agreements.

A spokesman for Privacy International – one of the signatories – told Business Insider that the UK government would be able to compel even American companies like Apple to comply under the same act.

Apple is fiercely protective of user privacy. It famously refused to help the FBI break into the phone of Syed Rizwan Farook, a perpetrator of the 2015 San Bernardino shooting, which left 14 people dead.