Security Market Segment LS
Friday, 31 May 2019 05:54

GCHQ proposal for 'ghost user' to spy on encrypted comms slammed

GCHQ proposal for 'ghost user' to spy on encrypted comms slammed Image by Alexas_Fotos from Pixabay

A coalition of 47 organisations and individuals have written to the British spy agency, Government Communications Headquarters, raising objections to a proposal to insert a privileged user in an encrypted conversation, so that a government could spy on such interactions without actually breaking encryption.

In a letter sent to GCHQ, the coalition outlined its concerns that the spy agency's proposal posed a serious threat to cyber security and human rights.

Among the companies which signed the letter were Apple, Google, Microsoft and WhatsApp.

The proposal from GCHQ was made last year by its director Ian Levy, and involved "silently adding a law enforcement participant to a group chat or call", according to an article written by Levy and his colleague, Crispin Robinson.

The letter pointed out that the "ghost key" proposal advanced by the GCHQ would enable a third party to view the plain text of an encrypted conversation with the participants being none the wiser.

But this required two important changes: service providers would have to quietly inject a new public key into a conversation if a government made a demand for it. This meant the government would become an additional participant in the conversation.

Secondly, the letter said this meant the software being used would have to be changed, that it would alter the encryption schemes used and mislead users by suppressing the notifications that routinely appear when a new participant joins a chat.

"The GCHQ’s ghost proposal creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused," the signatories to the letter said.

"These cyber security risks mean that users cannot trust that their communications are secure, as users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression. Further, systems would be subject to new potential vulnerabilities and risks of abuse."


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments