GCHQ Wants To Add Spies To Your Chat Threads

By Holly Brockwell on at

Not everyone thinks the FaceTime messaging bug is a bad thing, apparently. The Government Communications Headquarters (GCHQ) quite fancies making a permanent feature that would do something similar, only for its benefit rather than your prankster mates'.

The US's good-guy agency the American Civil Liberties Union, or the ACLU as it's better known, has published an incredulous blog post detailing GCHQ's 'Ghost Proposal,' which would allow it to add intelligence agents to your chat threads without you realising.

Says the ACLU:

"In short, Apple — or any other company that allows people to privately chat — would be forced to allow the government to join those chats as a silent, invisible eavesdropper. Even the most secure apps like Signal (which we recommend) and WhatsApp, which use end-to-end encryption, would be rendered insecure if they were forced to implement this proposal."

The Ghost Proposal appears to be a reaction to the long-running backdoor debate. Rather than breaking end-to-end encryption, this method would allow messaging companies to maintain it -- but only because instead of leaking out of the app, the contents are leaking directly to a member of the thread.

Since you hadn't invited or approved the spy, the argument of whether this still counts as end-to-end encryption seems a bit moot, because your chats are no longer secure anyway. It's a bit like saying "We'll put a burglar directly into your house, then you can keep the doors locked. Problem solved!".

 

Of course, some people will argue that this kind of step is necessary to protect us from terrorism or kids with guns or whatever today's issue is. But the problem is, even if GCHQ behaved impeccably, once that door is open there's no going back:

"If companies like Apple are compelled to enable governments to participate silently in private conversations, that tool won’t be available only to democratic governments — it will be employed by the world’s worst human rights abusers to target journalists, activists, and others."

It's depressing to on the one hand see panicky, scrambled reactions to Apple's FaceTime bug and on the other, see an organisation ostensibly charged with our safety proposing this kind of thing be made permanent. At least with the bug, people knew someone might be listening in when they received a FaceTime call -- there'll be no way of knowing if there's a ghost in your chat.

The ALCU nails it:

 

"Any future discovery of a software flaw that enables eavesdropping, false identities, message tampering, or any other compromise of communications security should be treated the same way as this latest weakness: with serious emergency mitigations, followed as soon as possible by a software update that removes the flaw. And governments certainly shouldn’t consider adding such vulnerabilities on purpose."

Turning bugs into secret features in the name of national security is misleading, inappropriate and over-reaching. We expect the tech companies will fire back with vigour, as they have with previous encryption-busting plans, but it's sad to see these proposals continue to be made by the people who are supposed to keep us safe. [9to5mac]

Main image: George Rex via Flickr CC