You can trust us not to peek

30 May: A proposal by GCHQ that they should be allowed to access any encrypted message has met with a united and negative response from Google, Apple and forty-five other major tech companies who form the Open Technology Institute.

The proposal, known as the “Ghost Protocol”, was originally contained in a document issued in November 2018 under the names of Ian Levy, Technical Director of the UK’s National Cyber Security Centre and Crispin Robinson, technical director of cryptanalysis at GCHQ. The proposal was that all encrypted messages should include a copy – together with the key – which would be sent to a third body which would hold the messages in trust. GCHQ would then be able to access those messages whenever it needed to – subject to proper oversight. In encrypted live chats, the paper said that the State should be added as an invisible third party to the conversation.

Of course, both the NSA and GCHQ have the computing power to crack just about any encryption. The problem is that it takes time and by the time that a message is decrypted it may be too late to take action. What the authorities want is instant access. The proposal said that all legal safeguards would be followed and that the power would be used only in “exceptional” circumstances. Opponents of the proposal have claimed in their response letter that this move would “undermine security and trust” and that it would also “threaten privacy and free speech”. For some people, a world where the state can read any communication it wishes to, is a frightening one.

Levy is now carefully backpedalling, claiming that the document was only a starting point for discussion. But the worry for civil liberties monitors is that part of the Ghost Protocol proposal was to highlight the threat contained in the Five Eyes statement on access to encryption: “Should (Five Eyes) governments continue to encounter impediments to lawful access to information necessary to aid the protection of citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.” In other words, they have asked nicely and people have said “no”, so the next move will be to come and simply take the data by citing security grounds. The authorities will be able to say the equivalent of: “Well, we tried asking nicely and you wouldn’t co-operate, so you leave us no choice.”

The darkness in GCHQ’s proposal, as the civil liberties side repeatedly point out, is that the government will start off by saying that the power will be only used in “exceptional” circumstances, but the history of mission creep has shown that those “circumstances” will grow and grow and grow… This battle will run for some time.

Leave a Reply

Your email address will not be published. Required fields are marked *