The war on encryption is taking a serious turn in the UK. Now, civil rights groups are condemning the proposal to weaken security.
The efforts by government to weaken encryption and security is back in the spotlight. Now, it seems a third country is joining efforts to undermine security. In the UK, there is a so-called “Ghost Protocol” which would, in effect, put in place a backdoor across secure communications. Authorities tried to justify the idea by saying that all they are doing is becoming a silent third party in communications while not breaking the encryption itself. Naturally, this doesn’t make a whole lot of sense from a security standpoint, but that’s what is at least being sold to the public.
Initially, the plan was just being proposed by a few senior officials in the spying community. Now, the plan is moving forward and being taken more seriously. According to the Guardian, the move is being blasted by civil society as well as the private sector:
In an open letter signed by more than 50 companies, civil society organisations and security experts – including Apple, WhatsApp, Liberty and Privacy International – GCHQ was called on to abandon its so-called “ghost protocol”, and instead focus on “protecting privacy rights, cybersecurity, public confidence, and transparency”.
Opposing the plan, the letter argues that “to achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust.
“First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat.
“Second, in order to ensure the government is added to the conversation in secret, GCHQ’s proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.”
While GCHQ’s proposal stops short of calling for “back doors” to encryption, which experts have argued inherently introduce security flaws that can be exploited by hackers, its opponents argue that it does almost as much damage by undermining trust in security altogether.
“The overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people they think they are, and only those people. The GCHQ’s ghost proposal completely undermines this trust relationship and the authentication process,” the letter argues.
The war on encryption began heating up last year when Australia passed the universally condemned anti-encryption laws. The effort is backed by spy organizations in the so-called “five eyes” countries who called on the world to pass laws that would bust up encryption and security.
To our surprise, Germany began openly mulling plans to undermine security in their country earlier this month as well. Germany, as some may know, is not a five eyes nation, yet they are actively considering anti-security laws as well.
With so many data breaches and leaks happening these days, it seems that there is a movement to make matters much worse rather than better. That should be a serious point of concern to anyone involved in technology. These days, that’s pretty much everyone now.
Drew Wilson on Twitter: @icecube85 and Facebook.
