Some of the world’s largest technology companies including Apple, Google, Microsoft, WhatsApp, and others have condemned a proposal by the UK’s intelligence agency — GCHQ (Government Communications Headquarters) to spy on encrypted messaging services such as WhatsApp.
In an open letter to GCHQ, 47 signatories including big tech giants like Apple and Google have jointly urged the U.K. cybersecurity agency to abandon its plans for a so-called “ghost protocol.” The signatories explained their motive in the letter that the agency’s ghost protocol posses serious threats to the digital security of millions of people if implemented, as the letter reads;
“It (ghost protocol) will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused.”
So, what exactly that proposal suggested? In actual, the proposal suggests a tool which would require encrypted messaging services; such as WhatsApp that while sending a message to the intended use it would also a direct a message to a third recipient and that’s going to be a govt’s spying agency of course.
Meanwhile, the idea was presented in an article published last year on the Lawfare blog, written by the National Cyber Security Centre’s (NCSC) Ian Levy and GCHQ’s Crispin Robinson. They said that the proposal was only intended to open a discussion about the ‘going dark’ problem which robust encryption poses for security agencies. It must be noted that the NCSC is a public facing branch of GCHQ. According to a statement given to TechCrunch and attributed to Levy,
“We welcome this response to our request for thoughts on exceptional access to data — for example, to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion.”
However, opposing this plan, tech companies who signed the open letter argued that “to achieve this result, their proposal requires two changes to systems” and those changes would seriously undermine user security and trust.