Last fall, Lawfare published a piece by Ian Levy and Crispin Robinson of GCHQ entitled Principles for a More Informed Exceptional Access Debate. Our organization, the Open Technology Institute, has worked alongside other people and organizations to coordinate a response from an international coalition of 47 signatories, including 23 civil society organizations that work to protect civil liberties, human rights and innovation online; seven tech companies and trade associations, including providers that offer leading encrypted messaging services; and 17 individual experts in digital security and policy. Our coalition letter outlines our concerns that the GCHQ proposal poses serious threats to cybersecurity and fundamental human rights including privacy and free expression. We shared our letter with GCHQ officials on May 22, and we are now releasing it to the public as an Open Letter to GCHQ.
In the open letter, which is notably backed by Apple, Microsoft, Google, WhatsApp, and others, explains how the “Ghost Protocol” would work, the consequences, and also the recommend to abandon the idea completely.
Lawfare and the letter explain the Ghost Protocol quite well, but in essence it means every message and conversation would also be sent to a hidden recipient. Similar to how BCC works with email.
It’s pretty serious stuff. And I sincerely hope it’s abandoned. However, institutions like GCHQ seem to always have another idea up their sleeves to try and bypass your personal privacy.
Here’s one section from the paper I found interesting about the risks it creates in regard to cybersecurity, and threats to human rights:
The GCHQ’s ghost proposal creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused. These cybersecurity risks mean that users cannot trust that their communications are secure, as users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression. Further, systems would be subject to new potential vulnerabilities and risks of abuse.