Apple, Google, Microsoft tell GCHQ to drop 'ghost' spy protocol

A proposal floated last year by Britain's Government Communications Headquarters (GCHQ) to create an invisible listening-in facility for end-to-end encrypted messaging services has been slammed by a coalition of technology companies, civil rights organisations and security experts as dangerous and a threat to basic human rights.

Apple, Microsoft, Google and Facebook-owned messaging service WhatsApp have written an open letter to GCHQ, along with organisations such as the Electronic Frontier Foundation and Reporters Without Borders, asking the British spooks to drop its "ghost" proposal.

Intelligence agencies around the world have long complained that they are not able to eavesdrop on widely available strongly encrypted communications services that they say are used by terrorists and criminals.

In November last year, two senior GCHQ staffers, Ian Levy and Crispin Robinson, mooted a change to messaging protocols that would allow law enforcement officers to be added to conversations silently and unnoticeably to the other participants.

Adding "ghosts" solves the seemingly intractable problem of providing interception capability for messaging services, without breaking encryption, Levy and Robinson suggested.

Tech companies, civil rights organisations and security experts reject the proposal however and maintain that such "ghosts" in the conversations breaks end-to-end encryption and can be abused to target human rights activists, journalists and politicians.

Furthermore, introducing invisible listeners to messaging services create serious digital security risks as doing so undermines authentication systems, the coalition said.

The coalition is also concerned that the "ghost" proposal would be implemented under harsh gag orders and no transparency.

"Although it is unclear which precise legal authorities GCHQ and UK law enforcement would rely upon, the Investigatory Powers Act grants UK officials the power to impose broad non-disclosure agreements that would prevent service providers from even acknowledging they had received a demand to change their systems, let alone the extent to which they complied.

The secrecy that would surround implementation of the ghost proposal would exacerbate the damage to authentication systems and user trust as described above," the signatories say in the letter.

GHCQ has backtracked somewhat on its "ghost" proposal, saying it was just a hypothetical starting point for discussion with the industry on a possible practical implementation of interception capability.

Last year, the Australia rushed through controversial anti-encryption laws in Parliament, despite howls of protest from the tech industry, which criticised the legislation as dangerous and unworkable.

A request in April this year for a review of the Assistance and Access Act, which compels companies to break encryption if government agencies order them, fell on officials' deaf ears with no changes to the law being proposed.

Australian companies are openly saying the legislation is hurting their credibility internationally,  and causing loss of contracts and jobs, but their concerns have so far been ignored by the government and the opposition Labor party.