We ain't afraid of no 'ghost user': Infosec world tells GCHQ to GTFO over privacy-busting proposals
Brit spies' idea would backdoor WhatsApp et al without breaking the crypto
Bruce Schneier, Richard Stallman and a host of western tech companies including Microsoft and WhatsApp are pushing back hard against GCHQ proposals that to add a "ghost user" to encrypted messaging services.
The point of that "ghost user", as we reported back in 2018 when this was first floated in its current form, is to apply "virtual crocodile clips" and enable surveillance by spies, police, NHS workers and any others from the long list of state organisations allowed to snoop on your day-to-day life.
"Although the GCHQ officials claim that 'you don't even have to touch the encryption' to implement their plan, the 'ghost' proposal would pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression," said a letter (PDF, 9 pages, 300KB) signed by around 50 prominent individuals and organisations.
Those signatories include the aformentioned luminaries and tech firms as well as Apple, the Tor Project, pro-freedom pressure and lobby groups such as the Electronic Frontier Foundation, Big Brother Watch, Liberty, Privacy International and more.
"In particular," the letter said, "the ghost proposal would create digital security risks by undermining authentication systems, by introducing potential unintentional vulnerabilities, and by creating new risks of abuse or misuse of systems."
The thrust of the letter is not that the method is technically unviable; rather, it argues that "loss of trust" in communications services would have a range of negative effects, both predictable and unpredictable. Not only that, it also warns that introducing this backdoor through software updates (how else?) would cause users to simply stop installing privacy-killing updates from manufacturers, with the attendant security risks:
"Individual users aware of the risk of remote access to their devices could also choose to turn off software updates, rendering their devices significantly less secure as time passed and vulnerabilities were discovered [but] not patched."
The missive also warned that Britain's lax surveillance laws could see the proposal implemented anyway without the public knowing, thanks to what it described as "the power to impose broad non-disclosure agreements that would prevent service providers from even acknowledging they had received a demand to change their systems, let alone the extent to which they complied".
For his part, Ian Levy, the National Cyber Security Centre co-author of the original GCHQ proposal, said in a statement:
"We welcome this response to our request for thoughts on exceptional access to data – for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion. We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible."
In his original proposal, Levy had rather optimistically hoped that the discussions could happen "without people being vilified for having a point of view or daring to work on this as a problem". In the post-Snowden environment, and in light of various revelations and disclosures about what British spies get up to, it's not easy for the agencies to build the public trust they're hoping for.
Jake Moore, a security specialist from infosec biz ESET, opined: "This makes a mockery of the fundamental basics of encryption. Not only is it going against what privacy is all about: if you create a backdoor for the good guys, the bad guys won't be far behind."
The letter was also copied to audit agency the Investigatory Powers Commissioner's Office (IPCO). Billed publicly as the regulator of surveillance in the UK, IPCO mostly trawls through spies' logs of who they spied on, after the event. ®