Professional snoops are willing to back off their holy war against encryption—with just a few minor tradeoffs, of course. All we need do is allow them to invisibly join our conversations at will as "ghost" parties to encrypted communications. It would put our governmental overseers in the position of, say, that creepy neighbor who sneaks into the house of the couple next door and hides in the pantry while they lock the doors in the mistaken expectation of spending some quality time by themselves.
If you don't find that proposal reassuring, you're not alone. But let's see what the snoops are up to.
"It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call," mused Ian Levy, technical director of Britain's Government Communications Headquarters' (GCHQ) National Cyber Security Centre, and Crispin Robinson, GCHQ's technical director for cryptanalysis, in an article published last November. "This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today in traditional voice intercept solutions and certainly doesn't give any government power they shouldn't have."
That Levy and Robinson gloss over a few details is obvious to even non-technical readers. While they evoke old-school wiretaps as featured in Hollywood movies, the "ghost proposal" requires redesigning whole new communications services to defeat attempts to maintain a modicum of privacy.
"This proposal to add a 'ghost' user would violate important human rights principles," an international consortium of civil liberties organizations, tech companies, and security professionals objected in a recent open letter. They went on to specify that the scheme floated by two officials with Britain's Government Communications Headquarters (GCHQ) would "pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression."
According to the open letter by the consortium, which includes heavy-hitters such as the Electronic Frontier Foundation (EFF), Human Rights Watch, Apple, Microsoft, Bruce Schneier, and Philip Zimmermann:
To achieve this result, their proposal requires two changes to systems that would seriously undermine user security and trust. First, it would require service providers to surreptitiously inject a new public key into a conversation in response to a government demand. This would turn a two-way conversation into a group chat where the government is the additional participant, or add a secret government participant to an existing group chat. Second, in order to ensure the government is added to the conversation in secret, GCHQ's proposal would require messaging apps, service providers, and operating systems to change their software so that it would 1) change the encryption schemes used, and/or 2) mislead users by suppressing the notifications that routinely appear when a new communicant joins a chat.
Don't worry, add Levy and Robinson, "almost all users aren't affected by it."
That's true—if they're referring to the people you'd expect them to want to monitor.
As a 2016 report from Harvard's Berkman Center for Internet and Society pointed out, many people and businesses don't really care to thoroughly conceal their communications. Most of us, despite the existence of powerful encryption, are pretty easy pickings for snoops.
But some people, for reasons good and evil, are more privacy minded. For the likes of terrorists, criminals, journalists, and political activists, the Berkman report concludes, "communication channels resistant to surveillance will always exist…new services and software can be made available without centralized vetting."
ISIS, the terrorist organization, apparently developed its own encrypted chat app several years ago specifically to evade outside efforts to intercept communications.
Just weeks ago, the Justice Department boasted that an international law enforcement effort had brought down "a criminal enterprise that facilitated the transnational importation and distribution of narcotics through the sale of encrypted communication devices and services." Adds the press release, "the government conservatively estimates there were at least 7,000 Phantom Secure devices in use."
Does GCHQ really think ISIS and Phantom Secure are the types of organizations likely to cooperate with the ghost proposal? Of course not. It's big companies catering to the bulk of the population that will play along. Privacy-minded people, good and bad, will ignore ghost proposal requirements.
But this isn't the first time government snoops have leveraged fears of terrorists and criminals to sell the public on backdoors into communications systems that would ease mass surveillance of the general public.
"We do not want to do anything that would damage our own national security or public safety by spreading unbreakable encryption, especially given the international nature of terrorism," warned the Clinton administration in 1996. It touted an ultimately failed effort to peddle limits on encryption exports and promote a "key escrow" scheme that would give the government access to everybody's communications.
In 2010, the feds came up with the idea of requiring communications providers to redesign their systems to ease wiretapping (maybe Levy and Robinson are just resuscitating old ideas).
And let's not forget the FBI's wild inflation of the number of encrypted phones that have thwarted its search efforts—by a factor of about eight. "The government has long held discredited views about encryption. Now we see the FBI is struggling with basic arithmetic," Sen. Ron Wyden (D-Ore.) coldly responded.
Governments in the nominally free West have, so far, been largely unsuccessful in their efforts to gain backdoor access to encrypted communications. That's a good thing given that such deliberate security vulnerabilities would almost certainly be abused.
How can we be sure? Because it already happened: Built-in wiretapping access to cellphones was exploited to bug high-ranking Greek government officials 15 years ago.
And that's assuming the government means well.
"Any functioning democracy will ensure that its law enforcement and intelligence methods are overseen independently, and that the public can be assured that any intrusions into people's lives are necessary and proportionate," Levy and Robinson promise.
But these ghost proposal authors work for GCHQ which, along with the NSA, FBI, and other agencies, were implicated by Edward Snowden in electronic surveillance that even the intrusive European Union condemned as a violation of privacy rights. Who do they think they're fooling?
Given their history of spying on whoever they want, whenever they want, that GCHQ and other government snoops still want mandated backdoors into communications systems is convincing testimony as to the continued effectiveness of encryption. The abuses in which they've already engaged are good reason to deny them any further formal permission to eavesdrop on conversations.
The consortium is right to push back against the GCHQ ghost proposal as a threat to privacy and free expression. And the rest of us—those who aren't reassured by lurkers in the pantry—should do our best to keep our encryption current and beyond the reach of nosy ghosts.