Tech giants hit back against GCHQ’s ‘Ghost Protocol’

GCHQ’s new proposal to supposedly increase the security and police force’s ability to keep us safe has been slammed by the technology industry, suggesting the argument contradicts itself.

In an article for Lawfare, GCHQ’s Technical Director Ian Levy and Head of Cryptanalysis Crispin Robinson presented six principles to guide ethical and transparent eavesdropping, while also suggesting intelligence officers can be ‘cc’d’ into group chats without compromising security or violating the privacy rights of the individuals involved.

The ‘Exceptional Access Debate’ is one way in which GCHQ is attempting to undermine the security and privacy rights offered to consumers by some of the world’s most popular messaging services.

Responding in an open letter, the likes of the Electronic Frontier Foundation, the Center for Democracy & Technology, the Government Accountability Project, Privacy International, Apple, Google, Microsoft and WhatsApp have condemned the proposal.

“We welcome Levy and Robinson’s invitation for an open discussion, and we support the six principles outlined in the piece,” the letter states. “However, we write to express our shared concerns that this particular proposal poses serious threats to cybersecurity and fundamental human rights including privacy and free expression.”

Levy and Robinson suggest that instead of breaking the encryption software which is placed on some of these messaging platforms, the likes of Signal and WhatsApp should place virtual “crocodile clips” onto the conversation, effectively adding a ‘ghost’ spook into the loop. The encryption protections would remain intact and the users would not be made aware of the slippery eavesdropper.

In justifying this proposal, Levy and Robinson claim this is effectively the same practice undertaken by the telco industry for years. During the early days, physical crocodile clips were placed on telephone wires to intercept conversations, which later evolved to simply copying call data. As this is an accepted practice, Levy and Robinson see no issue with the encrypted messaging platforms offer a similar service to the spooks.

However, the coalition of signatories argue there are numerous faults to the argument. Firstly, technical and secondly, from an ethical perspective.

On the technical side, the way in which keys are delivered to authenticate the security of a conversation would have to be altered. As it stands, public and private keys are delivered to the initiator and recipients of the conversation. Both of these keys match, are assigned to specific individuals and only change when new participants are added to the conversation. To add a government snooper into the conversation covertly, all the keys would have to be changed without notifying the participants.

Not only would this require changes to the way encryption technologies are designed and implemented, but also it would undermine the trust users place in the messaging platform. Levy and Robinson are asking the messaging platforms to suppress any notifications to the participants of the conversation, effectively breaking the trust between the user and the brand.

While GCHQ can think it is presenting a logical and transparent case, prioritising responsible and ethical use of technology, the coalition also argues it is contradicting its own principles laid out in its initial article. Those principles are as follows:

  1. Privacy and security protections are critical to public confidence, therefore authorities would only request access to data in exceptional cases
  2. Law enforcement and intelligence agencies should evolve with technologies and the technology industry should offer these agencies greater insight into product development to help aid this evolution
  3. Law enforcement and intelligence agencies should not expect to be able to gain access to sensitive data every time a request is made
  4. Targeted exceptional access capabilities should not give governments unfettered access to user data
  5. Any exceptional access solution should not fundamentally change the trust relationship between a service provider and its users
  6. Transparency is essential

Although the coalition of signatories are taking issue with all six points, for us, it’s the last two which are the most difficult to grasp.

Firstly, if ‘Ghost Protocol’ is accepted by the industry and implemented, there is no way not to undermine or fundamentally change the trust relationship between the platform and the user. The platform promises a private conversation, without exception, and the GCHQ proposal requires data interception without knowledge of the participants. These are two contradictory ideas.

“…if users were to learn that their encrypted messaging service intentionally built a functionality to allow for third-party surveillance of their communications, that loss of trust would understandably be widespread and permanent,” the letter states.

The sixth principle is another one which is difficult to stomach, as there is absolutely nothing transparent about this proposal. In fact, the open letter points out that under the Investigatory Powers Act, passed in 2016, the UK Government can force technology service providers to hold their tongue through non-disclosure agreements (NDA). These NDAs could bury any intrusion or interception for decades.

It’s all very cloak and dagger.

Another big issue for the coalition is that of creating intentional vulnerabilities in the encryption software. To meet these demands, providers would have to rewrite software to create the opportunity for snooping. This creates two problems.

Firstly, there are nefarious individuals everywhere. Not only in the deep, dark corners of the internet, but also working for law enforcement and intelligence agencies. Introducing such a vulnerability into the software opens the door for abuse. Secondly, there individuals who are capable of hacking into the platforms that developed said vulnerability.

At the moment, encryption techniques are incredibly secure because not even those who designed the encryption software them can crack them. If you create a vulnerability, the platforms themselves become a hacker target because of said vulnerability. Finding the backdoor would be the biggest prize in the criminal community, the Holy Grail of the dark web, and considerable rewards would be offered to those who find it. The encryption messaging platforms could potentially become the biggest hacking target on the planet. No-one or no organization is 100% secure, therefore this is a very real risk.

After all these considerations to security vulnerabilities and breach of user trust, another massive consideration which cannot be ignored is the human right to privacy and freedom of expression.

Will these rights be infringed if users are worried there might be someone snooping on their conversation? The idea creates the fear of a surveillance state, though we will leave it up to the readers as to whether GCHQ has satisfied the requirements to protect user security, freedom of expression and privacy.

For us, if any communications provider is to add law enforcement and intelligence agencies in such an intrusive manner, there need to be deep and comprehensive obligations that these principles will be maintained. Here, we do not think they have.

DHS and GCHQ join the China spy BS brigade

The Department of Homeland Security (DHS) has stated it, and the UK’s National Cyber Security Centre, are supporting industry denials regarding malicious microchips installed on hardware by China.

Last week Bloomberg unveiled a weighty report which pointed the finger at the Chinese government for an in-depth and delicate espionage campaign which would have shaken the telco industry’s global supply chain. By allegedly compromising motherboards produced by Super Micro, the security protocols and trade secrets of more than 900 companies have been directly compromised. Who knows how wide the web could spread when you look at the indirect implications, partners who use the infected networks or collateral damage.

While the claims have been refuted by all the parties involved, including Apple and AWS, and despite confidence from the DHS and the National Cyber Security Centre, a division of GCHQ, without a denial from the body likely to be conducting the supposed investigation, the CIA, or a flat-out rejection from the White House, there is still an air of possibility.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” a statement from the Department of Homeland Security reads. “Information and communications technology supply chain security is core to DHS’s cybersecurity mission and we are committed to the security and integrity of the technology on which Americans and others around the world increasingly rely.”

The initial report is a damning one. According to Bloomberg, Chinese agents infiltrated subcontractors of Super Micro operations in Shanghai, or coerced the managers of these facilities, to gain access to the motherboards. A microchip, smaller than a grain of rice, was placed on the hardware, before it was shipped onto customers to be incorporated into servers. Elemental, now an AWS company, was supposedly one of the customers who used the motherboards, as was Apple, a major US bank, the US Navy and the CIA, who used Elemental servers for drone missions. The information which would be available is staggering.

All parties involved have denied finding any malicious microchips on hardware, and also being aware of or aiding in any investigation led by US intelligence services. With the DHS and GCHQ also stating they have no reason to doubt the statements of denials, the chorus of disapproval is getting louder. That said, there is still an element of doubt.

Bloomberg is one of the most trusted and professional news sources on the planet, with a pedigree for unveiling worrying truths which have been deemed unsuitable for the general public. The report, which was researched and written over months, points to a total of seventeen sources. One source might have been suspect, two or three might have been dubious, but seventeen individuals confirming the same story suggests there is at least an element of truth to the claims.

Ultimately we doubt there will be anything the companies or government can do to completely remove the element of distrust. The claim of nefarious actors and activity has been raised, and now there will always be a heightened suspicion. A concrete rejection of the claims from the White House and the US intelligence services would set the ball rolling, but don’t expect that any time soon. This saga conveniently supports the anti-China rhetoric being fuelled by the US government; why would it want to do anything to discredit the help Bloomberg is giving it?

5G could open us up to digital terrorism – GCHQ

Connecting our toothbrush to the internet might sound like a futuristic dreamland, but are we fast becoming the architects of our own downfall.

Writing for the Sunday Times, Head of GCHQ Jeremy Fleming has aired his concerns about the digital economy. Yes, it has the potential to create a sophisticated and efficient society with opportunity for all, but also runs the risk of a new form of danger with terrorists hijacking the very same 5G networks which are supposed to make our lives so wonderful. He even managed to drop China in, hinting at the threat of allowing the country to provide the majority of our critical communications infrastructure.

“They will transform healthcare, create smart, energy-efficient cities, make work lives more productive and revolutionise the relationship between business and the consumer,” Fleming writes. “But they also bring risks that, if unchecked, could make us more vulnerable to terrorists, hostile states and serious criminals.”

While it might sound very doom and gloom, Fleming is of course correct. The internet is a scary place with dark corners. New ideas are created every single day, some of them are a force for good, some of which will be utilised by nefarious individuals. The more light which is shed into these unexplored corridors of the web, the more we realise how exposed we are.

Unfortunately, Fleming is raising an argument which is not original; incorporating security into the building blocks of services and products, not simply treating it as an add-on. This should be the approach for making the digital economy secure, though this is rhetoric which we have been hearing for years. The more often it is said, the less impactful it becomes. Perhaps we are blindly wandering down the path to destruction purely because it is easier than tackling the difficulties of making consumers secure.

Another interesting point is collaboration. Again, this is not a new argument, but Fleming seems to be attempting justification for increased access to our digital lives. Using friendly words such as ‘collaboration’ or ‘public debate’ and ‘open co-operation’ should not put a smile on the face of an campaign which has been going on for years.

“We believe some principles allowing industry and governments to demonstrate responsible access that protects privacy are within reach,” Fleming states. “These do not require unfettered access for governments through so- called ‘back door’ or global ‘skeleton key’ schemes. But they do require public debate and close, open co-operation and agreement with technology companies. And when these solutions exist, they also require modern legislation and strong oversight to maintain public confidence.”

Fleming is right though. There does need to be a mechanism to ensure intelligence and police services can ensure our safety, but there is yet to be a sensible solution which offers security, accountability and justification. Last year, former Home Secretary Amber Rudd tried to scare us into submitting to government snooping by suggesting paedophiles use the same services as you and me. It didn’t work, though current Home Secretary Sajid Javid is yet to reveal his ambitions here. The encryption debate has been too quiet in recent months, perhaps another onslaught is on the horizon.

The dark corners of the web are full of nightmares which we are yet to discover. By connecting everything, we are making the digital dream a reality, but exposing ourselves more than ever before.