Stanford CIS

Open Letter to GCHQ Regarding Threats Posed by their Ghost Proposal

By Richard Forno on

Today I join several cybersecurity, civil liberties, civil society organizations and researchers in responding to the United Kingdom's GCHQ recent proposal to silently add 'ghost' users from law enforcement or the security services to online chats and calls, including those conducted via encrypted messaging tools like WhatApp, iMessage, or Signal. GCHQ's proposal would require providers to suppress normal notifications to users so that they would be unaware that a law enforcement participant had been added to an allegedly private conversation.

This represents the latest attempt by a government to circumvent and/or 'backdoor' encrypted communications.  Indeed, it's reminiscent of the US Clipper Chip initiative from the 1990s which sought to “allow federal, state, and local law enforcement officials the ability to decode intercepted voice and data transmissions" through a government requirement to escrow encryption keys and effected the related 'backdooring' of technology and cryptosystems.  Thankfully, that initiative fizzled out just as the 'Dot Com Revolution' began.

Our coalition letter (PDF) raises many informed concerns about this proposal that adversely impact cybersecurity and human rights -- particularly in the areas of privacy and free expression. We shared our letter with GCHQ officials on May 22, and today are releasing it to the public. As Andi Thompson and Sharon Franklin from New America’s Open Technology Institute noted in today's Lawfare announcement,

"Our letter explains how the ghost proposal would work in practice, the ways in which tech companies that offer encrypted messaging services would need to change their systems, and the dangers that this would present. In particular, the letter outlines how the ghost proposal, if implemented, would “undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused.” If users cannot trust that they know who is on the other end of their communications, it will not matter that their conversations are protected by strong encryption while in transit. These communications will not be secure, threatening users’ rights to privacy and free expression."

We conclude our letter by urging GCHQ to abandon the so-called ghost proposal and any other approaches that would pose similar risks to digital security and human rights.  The signatories welcome additional dialogue on these important issues with the hope that such future discussions are objective, rationally-informed, and do not fall prey to the usual fearmongering associated with internet safety and security policy items.