Encrypted Messaging and the “Ghost Protocol”

This is sort of an extension to my blog from last week on ‘Going Dark – The Problem with Full Encryption” in that it explores a proposal from the UK’s GCHC (General Communications Head Quarters) for exceptional access to encrypted messaging platforms (e.g. iMessage, WhatsApp, Signal, Skype).

Firstly I need to emphasis at the outset that what I am discussing here is currently a proposal on a method of gaining exceptional access to encrypted messaging without breaking the encryption. It has not been enacted as a requirement on any of these platforms as of writing this blog.

What is the Proposal?

As I discussed in my blog from last week, law enforcement in some cases need exceptional access to encrypted messaging as part of an investigation into criminal activity and/or terrorism. This is reasonable, so long as there is independent judicial oversight which in the UK is enacted in UK law by the ‘Investigatory Powers Act 2016’.

What representatives of the UK’s GCHQ are suggesting is that technology companies responsible for these encrypted message apps allow for the silent insertion of an additional chat participant that would be a law enforcement agency. My interpretation of this would be that it would be exceptional access and not general access (i.e. under the provision of some court order and not applicable to everyone in the UK). This is essentially the modern day equivalent to a phone tap. This would appear to be covered under the provisions of the ‘Investigatory Powers Act 2016’, but that is following a cursory examination of the legislation and I am by no means an expert in this.

In order to do this the technology company would need to re-engineer aspects of their messaging application to:

  • Allow an automated insertion of a chat participant into an established chat, and
  • Not notify any party in the chat that it has been done.

This would not break the end-to-end encryption, but would allow a law enforcement official to eavesdrop on the conversation.

I urge you to read the full article published by GCHQ on LawFare since this goes into the full debate and background better that I could summarize it here. Equally, if you are going to be informed about this, and make an informed opinion, you need to read the source.

Naturally a number of technology companies (e.g. Apple, Microsoft, Electronic Frontier Foundation to name a few) are up in arms about this. They have published an open letter in response to this proposal which you should also read.

Steve Gibson at the Steve Gibson Research Corporation also commented on this in his regular ‘Security Now’ podcast over on the TWIT Network. You can hear what he has to say about this here.

What do I think?

Law enforcement need to be able to investigate crimes and terrorist threats, and end to end encryption hinders this. FACT!

A technical solution has to be agreed that allows for exceptional access to encrypted messaging by law enforcement. FACT!

Is this the right approach? I don’t know!

What I do know is that if a messaging platform enabled this kind of surveillance and it wasn’t covered by judicial review, trust in that platform would be lost and the service would just die if it was subsequently disclosed. However if it applied to one, then it would in all likelihood apply to all.

The situation now is that, unless you manage the whole encryption process by issuing and managing the encryption keys, you are delegating this responsibility to someone else. This is the case for all the major messaging platforms. As a result they are not 100% secure.

100% security on modern smartphones and PC’s is a myth since these devices are built by people who make mistakes that affect your security. As a result any feature that allowed exceptional access could harbour a security vulnerability that allowed a hacker to get in. However, this is no different to the status-quo.

The sort of messaging most people engage in is of no interest to law enforcement (e.g. I message my partner saying I am leaving the office, or will be working late, or that I am delayed or to arrange to meet in town). Other messaging might be much more personal and should be kept private, but definitely not of interest to law enforcement. Where it is interesting to law enforcement is when it relates to criminal activity, or the suspicion of criminal activity. It might also be of interest to the intelligence community to gather intelligence on current national security threats but that would also have to be covered by judicial review. In this case agencies like GCHQ and the NSA have way more powerful means at their disposal than something that requires a court order and for technology companies to cooperate (sarcasm intended).

Conclusion

At the moment this is just a proposal that has been put out there for debate, which has already started. I for one will be monitoring this.

There has to be a technical way to achieve the goals of law enforcement without infringing on people’s human rights to privacy. The only downside to this is that it could (in theory or practice) be exploited and abused by:

  • Criminals and Hackers
  • Rogue states
  • Over-zealous law enforcement and/or intelligence officials
  • States that enforce strict surveillance laws on their population.

As I stated in my blog from last week, I am the first to admit that I don’t have all the solutions here and if there was an easy solution I am sure some smart person would have thought about it.

The debate will hopefully continue and result in something that is acceptable to all parties.


Headline image provided by SplitShire on Pixabay.

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: