Skip to main content

Tech companies and security experts pan U.K.’s encryption backdoor proposal


Tech companies, civil rights groups, and security experts have released an open letter condemning the U.K. security agency GCHQ’s (Government Communications Headquarters) proposal to circumvent encryption on private messages.

The proposal was raised last year, and is known as the “ghost protocol.” It suggested encrypted messages should be copied and sent to law enforcement agencies who would act as “ghost users.” They would then be able to read the encrypted messages. This was suggested an alternative to weakening encryption to allow law enforcement to crack it.

Related Videos

The proposal was almost universally unpopular, with opposition swiftly mounted by privacy groups, tech companies, and lawyers. One main concern was that even if the ghost protocols were only used in extreme circumstances, they would both violate trust in the privacy of messages, and introduce a fatal security hole in vital encryption technology.

The open letter, which is downloadable in PDF form, was published this week alongside an explanation in the Lawfare blog. The letter was signed by a total of 47 organizations and individuals, including 23 civil liberties organizations, seven tech companies, and 17 experts in digital securities. The tech companies that signed included Microsoft, Apple, Google, and WhatsApp.

Currently the overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people,” the letter read. “The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process.”

In addition to the concerns over privacy and trust in encryption, the letter also made mention of the potential security threats of the proposal. “The ghost proposal would introduce a security threat to all users of a targeted encrypted messaging application since the proposed changes could not be exposed only to a single target,” it read.

“In order for providers to be able to suppress notifications when a ghost user is added, messaging applications would need to rewrite the software that every user relies on. This means that any mistake made in the development of this new function could create an unintentional vulnerability that affects every single user of that application.”

The technical director of the U.K. National Cyber Security Center, Ian Levy, who originally proposed the legislation, responded that the idea was only “hypothetical” and intended as a “starting point for discussion,” according to the BBC.

Editors' Recommendations

Internet guerrillas: Inside the DIY broadband revolution with NYC Mesh
nyc mesh guerrilla internet network screen shot 2022 02 20 at 5 53 39 am

Toby Bloch doesn’t look like your average internet installation technician. Instead of a uniform with a corporate logo embroidered on it, he wears worn-in jeans and a thick canvas jacket. Instead of a van, he drives a Subaru -- the back of which is stuffed to the gills with a disorganized pile of hand tools, cables, and odd electronic devices with antennas sticking out of them. And unlike most technicians, he isn’t going to earn a dime for the appointment he’s headed to in Brooklyn.

But oddly enough, that’s precisely the point. Bloch doesn’t operate like a normal internet install tech because he isn’t one. He doesn’t work for Comcast or Spectrum or Verizon or any other large internet service provider (ISP). He’s a volunteer at NYC Mesh: A guerrilla internet provider that helps residents get online without paying a monthly fee to the aforementioned telecom companies.

Read more
How Big Jet TV won the internet
A plane landing during Storm Eunice in the UK in February 2022.

As millions of people hunkered down at home on Friday during the U.K.'s worst storm in 32 years, aviation enthusiast Jerry Dyer jumped in his van and drove to London’s Heathrow Airport to livestream passenger jets coming in to land in the challenging conditions.

Within a few hours of Dyer launching his Big Jet TV livestream from the top of his vehicle at the end of Heathrow’s runway 27L, social media started to take notice, with shares and retweets pushing his audience to as high as 200,000 people during the eight-hour livestream.

Read more
Skype now supports 911 calls in the U.S.
iPhone with the Skype mobile app loading screen.

Skype has updated its mobile and desktop apps to allow emergency calling in the U.S. for the first time in its 18-year history. Calls to 911 are also possible via Skype’s web-based service, notes for the recently released Skype 8.80 showed.

Emergency calling from Skype could come in handy if you find yourself in a tricky situation without a phone but have a computer close by, or if phone lines are down but you can get online.

Read more