Apple and WhatsApp are trying to fight off plans from British spies to 'ghost' their way into your encrypted messages
- Nearly 50 tech firms, human rights organisations, and researchers have called for Britain's spy agency GCHQ to drop plans to eavesdrop on encrypted messages.
- Tech giants, including Apple and Facebook-owned WhatsApp, are among those who signed the open letter.
- GCHQ's so-called "ghost proposal" would require messaging services to build a system for secretly adding government entities to private chats.
- The letter argues that building such as system would pose serious cybersecurity issues, as well as paving the way for human rights violations.
- Visit Business Insider's homepage for more stories.
"Ghosting" could soon take on a more sinister meaning.
A group of human rights organisations, cybersecurity researchers, and tech companies - including the likes of Apple, Google, Microsoft, and WhatsApp - published an open letter calling on Britain's spy agency to kill plans to eavesdrop on encrypted messages.
The method was proposed in a paper published online by GCHQ's cybersecurity technical director Ian Levy and head of cryptanalysis (a.k.a. deciphering code) Crispin Robinson in November last year.
Rather than breaking into encrypted chats, the method would involve encrypted messaging services like WhatsApp or iMessage surreptitiously blind copying government agencies in on a chat without alerting the other users. The letter refers to the method as the "ghost proposal," and says it poses numerous threats.
"We write to express our shared concerns that this particular proposal poses serious threats to cybersecurity and fundamental human rights including privacy and free expression," the open letter said.
In a statement sent to Business Insider, GCHQ boss Levy said it was a "hypothetical proposal" designed to provoke a discussion. "We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible," he added.
The open letter's signatories argue that reconfiguring messaging services' software to allow them to quietly add the government to private chats could introduce unforeseen vulnerabilities, which in turn could be exploited by hackers.
It would also mean redesigning services like WhatsApp so that the company could access and view individual chats, which is intentionally designed to be impossible at the moment as it would constitute a serious invasion of privacy by the company.
Facebook is currently working up plans to double down on encrypted messaging by stitching together the backends of WhatsApp, Messenger, and Instagram Direct Messages.
Opening a backdoor to human rights violations
As well as representing a baseline invasion of privacy for service users, the letter points out that creating a point of access to private chats for the UK government could result in an international domino effect.
"If UK officials were to demand that providers rewrite their software to permit the additions of a ghost UK government participant in encrypted chats, there is no way to prevent other governments from relying on this newly built system. This is of particular concern with regard to repressive regimes and any country with a poor record on protecting human rights."
Destroying user trust
The letter further argues the ghost proposal could bankrupt public trust in encrypted services.
"The moment users find out that a software update to their formerly secure end-to-end encrypted messaging application can now allow secret participants to surveil their conversations, they will lose trust in that service."
The letter adds that the public wouldn't necessarily be made aware of which specific services had received requests to introduce the ghost proposal, as the UK Investigatory Powers Act would allow officials to slap them with non-disclosure agreements.
A spokesman for Privacy International - one of the signatories - told Business Insider that the UK government would be able to compel even American companies like Apple to comply under the same act.
Apple is fiercely protective of user privacy. It famously refused to help the FBI break into the phone of Syed Rizwan Farook, a perpetrator of the 2015 San Bernardino shooting, which left 14 people dead.
Receive a single WhatsApp every morning with all our latest news: click here.
Also from Business Insider South Africa:
- Now in charge of solving SA’s jobs crisis: one minister who tried to cover up Nkandla, and one who helped try to sell Denel to the Guptas
- South Africa's cabinet remains much bigger than in other countries - here's how we compare
- We put a R3,000 K-Way jacket to the test in a blast freezer that hit -30 Celsius – here’s how it fared
- More than R17 billion remains unclaimed in forgotten unit trusts and policies – here’s how to find out if you are owed money
- These are the South African cities where salaries are high and rents are low – relatively