Major Tech Company’s Criticise GCHQ Eavesdropping Plans

A proposal made by the UK security agency GCHQ to eavesdrop on encrypted messages has been strongly criticised by a number of big tech firms and rights groups.

The security in most modern messaging services relies on a technique called “public key cryptography.” In such systems, each device generates a pair of very large mathematically related numbers, usually called “keys.” One of those keys – the public key – can be distributed to anyone. The corresponding private key must be kept secure, and not shared with anyone.

Generally speaking, a person’s public key can be used by anyone to send an encrypted message that only the recipient’s matching private key can unscramble. Within such systems, one of the biggest challenges to securely communicating is authenticating that you have the correct public key for the person you’re contacting. If a bad actor can fool a target into thinking a fake public key actually belongs to the target’s intended communicant, it won’t matter that the messages are encrypted in the first place because the contents of those encrypted communications will be accessible to the malicious third party.

Encrypted messaging services like iMessage, Signal, and WhatsApp, which are used by well over a billion people around the globe, store everyone’s public keys on the platforms’ servers and distribute public keys corresponding to users who begin a new conversation. This is a convenient solution that makes encryption much easier to use. However, it requires every person who uses those messaging applications to trust the services to deliver the correct, and only the correct, public keys for the communicants of a conversation when asked.

The “ghost key” proposal put forward by GCHQ would enable a third party to see the plain text of an encrypted conversation without notifying the participants. But to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust. First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat. Second, in order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) 2 change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.

Currently the overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process.

In their letter, rights groups, industry bodies and tech firms said the idea would “violate” important human rights principles.