UK GCHQ demand for backdoor key criticised by tech giants in open letter
In an open letter signed by 47 organisations, including Google, Apple and Microsoft, UK GCHQ was urged to abandon its proposal, warning that it would pose a threat to digital security and also undermine trust in messaging services.
The organisation is demanding a 'ghost' protocol be built-in to messaging services that would effectively enable it to eavesdrop on any encrypted communications.
"GCHQ's ghost protocol creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused," the signatories wrote in their letter.
GCHQ first published its proposal last November, demanding that the services add a 'ghost participant' into all encrypted chats. GCHQ's plan means that a copy of each encrypted message would be sent to intelligence agencies, without users ever knowing that a third party also has access to all of their messages.
In support of its proposal, GCHQ argued that the idea is no more intrusive than practices currently being used to listen-in on unencrypted telephone conversations, and that it would also eliminate the need to add a back door to encryption protocols.
The coalition's open letter, however, criticises GCHQ's proposal, pointing out that such a practice would not only undermine user trust, but would also inject complexity into the entire system, with the risk of adding new vulnerabilities that could potentially be exploited by cybercriminals.
The ghost protocol would also result in messaging services getting a mechanism to overhear users' communications — thus thwarting the privacy benefits provided by end-to-end encryption in messaging.