Apple, Google and WhatsApp hit out at GCHQ plan to eavesdrop on encrypted communications

GCHQ demand for backdoor key to all encrypted communications criticised by tech giants in open letter

Apple, Google, WhatsApp and a host of technology companies have slammed a proposal by GCHQ that would give it backdoor access to all encrypted communications in the UK.

In an open letter signed by 47 organisations, including Google, Apple and Microsoft, GCHQ was urged to abandon its proposal, warning that it would pose a threat to digital security and also undermine trust in messaging services.

The organisation is demanding a 'ghost' protocol be built-in to messaging services that would effectively enable it to eavesdrop on any encrypted communications.

"GCHQ's ghost protocol creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused," the signatories wrote in their letter.

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

GCHQ first published its proposal last November, demanding that the services add a 'ghost participant' into all encrypted chats. GCHQ's plan means that a copy of each encrypted message would be sent to intelligence agencies, without users ever knowing that a third party also has access to all of their messages.

In support of its proposal, GCHQ argued that the idea is no more intrusive than practices currently being used to listen-in on unencrypted telephone conversations, and that it would also eliminate the need to add a back door to encryption protocols.

The coalition's open letter, however, criticises GCHQ's proposal, pointing out that such a practice would not only undermine user trust, but would also inject complexity into the entire system, with the risk of adding new vulnerabilities that could potentially be exploited by cybercriminals.

The ghost protocol would also result in messaging services getting a mechanism to overhear users' communications — thus thwarting the privacy benefits provided by end-to-end encryption in messaging.

Other than big tech companies, the letter to GCHQ has also been signed by several civic society groups, including Reporters Without Borders, Human Rights Watch, Privacy International, Liberty and the US-based Electronic Frontier Foundation (EFF).

Renowned security professionals and policy experts, including Philip Zimmermann, Bruce Schneier, Jon Callas and Ashkan Soltani, are also among the signatories.

Responding to the letter Ian Levy, technical director of the UK National Cyber Security Centre and one of the original authors of the proposal, said that the idea of ghost protocol was only intended "as a starting point for discussion".

"We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists," Levy told CNBC.

"We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible."

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.