CNET también está disponible en español.

Ir a español

Don't show this again

Security

Apple, Google, Microsoft blast UK’s ‘ghost’ plan to spy on encrypted chats

The proposal calls for a workaround to encryption -- by secretly adding police into private conversations.

data-privacy-security-hackers-hacking-unlock-iphone-0991

Tech giants call out the proposal in a letter published Thursday.

James Martin/CNET

Call them the ghost-busters.

Apple, Google, Microsoft, WhasApp and 43 security experts and privacy advocates have signed an open letter to the GCHQ, calling out the UK spy agency's "ghost proposal."

Tech companies have been at odds with governments and law enforcement that want to break encryption for investigations. Apple fought the FBI extensively when the agency demanded the tech giant unlock a terrorist's iPhone in 2016.

When messages are encrypted end to end, it means that the platforms themselves don't have access. Governments like Australia's have passed laws that give law enforcement access to encrypted messages even as tech giants fight back.

The GCHQ's proposal, which was introduced in November, offered a way for police to read private messages without breaking encryption. The proposal suggested secretly adding law enforcement officials into conversations, so they could view messages while hidden in the background.

"It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," GCHQ technical director of cryptanalysis Crispin Robinson and National Cyber Security Centre technical director Ian Levy said in the proposal. "You end up with everything still being end-to-end encrypted, but there's an extra 'end' on this particular communication." The National Cyber Security Centre is part of the GCHQ.  

On Thursday, the coalition of tech companies, security experts and civil rights groups published a letter arguing that the proposal would "pose serious threats to cybersecurity." The letter was sent to the GCHQ on May 22.

The proposal would introduce new vulnerabilities and increase risks for people who use encrypted messages, the letter stated. To even comply with the proposal, the letter continued, encrypted platforms would need to change how authentication works.

If encrypted platforms started adding "ghost" users, the letter said, it would completely undermine the trust of people using those messaging services.

"Currently, the providers of end-to-end encrypted messaging applications like WhatsApp and Signal cannot see into their users' chats," the letter said. "By requiring an exceptional access mechanism like the ghost proposal, GCHQ and UK law enforcement officials would require messaging platforms to open the door to surveillance abuses that are not possible today."

The letter also raised concerns about oppressive governments using this kind of access, as well as potential hackers and law enforcement abusing it to spy on people.

Levy said that the GCHQ encourages feedback on the proposal and looks forward to continuing discussions.

"We welcome this response to our request for thoughts on exceptional access to data -- for example to stop terrorists," Levy said in a statement. "The hypothetical proposal was always intended as a starting point for discussion." 

You can read the full letter here: