Security Market Segment LS
Friday, 31 May 2019 05:54

GCHQ proposal for 'ghost user' to spy on encrypted comms slammed

GCHQ proposal for 'ghost user' to spy on encrypted comms slammed Image by Alexas_Fotos from Pixabay

A coalition of 47 organisations and individuals have written to the British spy agency, Government Communications Headquarters, raising objections to a proposal to insert a privileged user in an encrypted conversation, so that a government could spy on such interactions without actually breaking encryption.

In a letter sent to GCHQ, the coalition outlined its concerns that the spy agency's proposal posed a serious threat to cyber security and human rights.

Among the companies which signed the letter were Apple, Google, Microsoft and WhatsApp.

The proposal from GCHQ was made last year by its director Ian Levy, and involved "silently adding a law enforcement participant to a group chat or call", according to an article written by Levy and his colleague, Crispin Robinson.

The letter pointed out that the "ghost key" proposal advanced by the GCHQ would enable a third party to view the plain text of an encrypted conversation with the participants being none the wiser.

But this required two important changes: service providers would have to quietly inject a new public key into a conversation if a government made a demand for it. This meant the government would become an additional participant in the conversation.

Secondly, the letter said this meant the software being used would have to be changed, that it would alter the encryption schemes used and mislead users by suppressing the notifications that routinely appear when a new participant joins a chat.

"The GCHQ’s ghost proposal creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused," the signatories to the letter said.

"These cyber security risks mean that users cannot trust that their communications are secure, as users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression. Further, systems would be subject to new potential vulnerabilities and risks of abuse."


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments