A group of 47 companies including Apple, Google, Microsoft, and WhatsApp have strongly criticized a proposal by the UK intelligence agency GCHQ to eavesdrop on encrypted messages. In an open letter published on Lawfare, the companies say that the plans would undermine security, threaten trust in encrypted messaging services, and ultimately endanger citizens’ right to privacy and free expression.
The proposal from GCHQ was first published last November as part of a series of essays, and does not necessarily reflect a legislative agenda from the intelligence agency at this point. In the essay, two senior British intelligence officials argue that law enforcement should be added as a “ghost” participant in every encrypted messaging conversation.
This would mean that intelligence agencies would be be CC’d in on encrypted messages, without users knowing they’re present in a chat. The authors of the proposal argue that this solution is no more invasive than current practices around eavesdropping on unencrypted telephone conversations.
Although this approach would remove the need for any back doors to be added to encryption protocols, the signatories of yesterday’s letter argue that this solution would still “seriously undermine user security and trust.” They say that the proposals would require messaging apps to change how they use their encryption, and they’d need to mislead users by hiding messages or notifications about who’s present in a chat.
Responding to the open letter, one of the proposal’s original author’s Ian Levy from the National Cyber Security Centre, said that the proposal was “hypothetical” and that it was only intended “as a starting point for discussion.” In a statement sent to CNBC, Levy said: “We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.”