Some of the biggest names in tech – Google, Apple, Microsoft and WhatsApp, among them – have joined human rights groups and security researchers in condemning a British intelligence proposal that would allow law enforcement to spy on encrypted messages.
In a nine-page open letter, the coalition told Britain’s Government Communications Headquarters that its “ghost proposal” posed a serious threat to cybersecurity and personal privacy. The idea, as outlined last fall in a series of essays from two top intelligence officials, would allow investigators to covertly join group chats and calls. The authors of the essays – Ian Levy, the technical director of the national cybersecurity center, and Crispin Robinson, head of code-breaking for the GCHQ – said their plan paralleled contemporary wiretapping practices and wouldn’t violate the sanctity of encryption.
Levy and Robinson emphasized that the proposal was “hypothetical” and meant to start a dialogue around how law enforcement could gain access to encrypted communications.
But the 47 companies and groups behind the letter contend the plan would “create digital security risks by undermining authentication systems, by introducing potential unintentional vulnerabilities and by creating new risks of abuse or misuse of system.”
“Users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression,” the letter continued.
The proposal would require messaging apps and other encryption service providers to alter software to grant access to the”ghosts,” because end-to-end encryption obscures message content from the service that hosts it, the letter writers said. Apps like WhatsApp also would have to mislead users by keeping them from knowing when someone uninvited was present on a chat or call.
“If users cannot trust that they know who is on the other end of their communications, it will not matter that their conversations are protected by strong encryption while in transit,” the authors wrote in a blog post accompanying the letter.
Government access to encryption has been hotly debated for years, with law enforcement insisting it is a vital tool against criminals, and privacy advocates and tech companies arguing it would violate trust and transparency efforts and open the possibility of abuse.
“All the proposals that I’ve seen for how to address this raise a lot of concerns about giving law enforcement too-broad access and opening that backdoor to bad actors and all sorts of other issues,” said Lorrie Cranor, a computer scientist at Carnegie Mellon University, who signed the open letter to GCHQ. “It’s a case where it’s hard to have your cake and eat it, too.”
Apple, which signed the letter, made headlines in 2015 for refusing to give the FBI access to the iPhone of Syed Farook after he and his wife carried out a terrorist attack that left 14 people dead and nearly two dozen injured in San Bernardino, Calif.
“The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Apple chief executive Tim Cook wrote in an open letter during the company’s clash with the FBI. “They have asked us to build a backdoor to the iPhone.”
In December, the Australian Parliament passed a controversial bill requiring tech companies to grant governments access to encrypted communications, calling it a necessary measure to prevent criminal and terrorist activity. The bill’s opponents said it compromised Australians’ security and set a dangerous precedent, one that could ripple around the globe if other nations follow suit.
Despite the letter’s critiques, Levy said he welcomed the response to his proposal, stressing it was a “starting point for discussion.”
“We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible,” Levy told CNBC via email.
(c) 2019, The Washington Post · Taylor Telford