Skip to main content
  1. Home
  2. Web
  3. News

Tech companies and security experts pan U.K.’s encryption backdoor proposal

Georgina Torbet
By
Shutterstock

Tech companies, civil rights groups, and security experts have released an open letter condemning the U.K. security agency GCHQ’s (Government Communications Headquarters) proposal to circumvent encryption on private messages.

The proposal was raised last year, and is known as the “ghost protocol.” It suggested encrypted messages should be copied and sent to law enforcement agencies who would act as “ghost users.” They would then be able to read the encrypted messages. This was suggested an alternative to weakening encryption to allow law enforcement to crack it.

Recommended Videos

The proposal was almost universally unpopular, with opposition swiftly mounted by privacy groups, tech companies, and lawyers. One main concern was that even if the ghost protocols were only used in extreme circumstances, they would both violate trust in the privacy of messages, and introduce a fatal security hole in vital encryption technology.

The open letter, which is downloadable in PDF form, was published this week alongside an explanation in the Lawfare blog. The letter was signed by a total of 47 organizations and individuals, including 23 civil liberties organizations, seven tech companies, and 17 experts in digital securities. The tech companies that signed included Microsoft, Apple, Google, and WhatsApp.

Currently the overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people,” the letter read. “The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process.”

In addition to the concerns over privacy and trust in encryption, the letter also made mention of the potential security threats of the proposal. “The ghost proposal would introduce a security threat to all users of a targeted encrypted messaging application since the proposed changes could not be exposed only to a single target,” it read.

“In order for providers to be able to suppress notifications when a ghost user is added, messaging applications would need to rewrite the software that every user relies on. This means that any mistake made in the development of this new function could create an unintentional vulnerability that affects every single user of that application.”

The technical director of the U.K. National Cyber Security Center, Ian Levy, who originally proposed the legislation, responded that the idea was only “hypothetical” and intended as a “starting point for discussion,” according to the BBC.

Topics
Georgina Torbet
Georgina Torbet
Space Writer
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
How to create a Subreddit on desktop and mobile
Laptop Working from Home

Few social media sites are as popular as Reddit. Regardless of what you're interested in, there's probably a thriving community for you to interact with on the platform. Known as subreddits, these communities are home to topics like gaming, world news, science, movies, and more. If you can't find a subreddit with your particular interest, Reddit makes it easy to create your own Reddit community.

Running a successful Reddit community isn't easy – but the process of starting one only takes a few minutes. Keep in mind that you'll want to keep a close eye on your subreddit to prevent it from being shut down or turning into a wasteland with no users, but running a subreddit can be a lot of fun when done properly. If you prefer, you can also create a private community that only your friends can join, giving you a place to hang out beyond Twitter and TikTok.

Read more
How to download music from YouTube on desktop and mobile
A woman sitting on a couch, wearing airpods and holding and looking at a smartphone.

Downloading music from YouTube is a fairly common practice, and the demand for making the process easier has inspired the creation of countless websites and software.

But not every service can be considered safe. In fact, some of these services may infect your computer with malware or produce poor-quality audio files. When downloading music from YouTube, you’ll need to first make sure that the websites or apps you use for doing so won’t hurt your device. For this guide our team has found two methods to make the process safer and easier.

Read more
How to clear your browser cache in Chrome, Edge, or Firefox
The Firefox iPhone app.

A stocked computer cache may be convenient for logging into and out of go-to sites in seconds flat, but a major buildup of these tracking codes could significantly impact your PC’s performance. If you’ve noticed that your PC has been running rather slow of late, or you’re using a new browser and don’t know how to clear its cache, we’ve got you covered with the following guide.

Read more