Open Letter to GCHQ on the Threats Posed by the Ghost Proposal

By Sharon Bradford Franklin, Andi Wilson Thompson
Thursday, May 30, 2019, 12:00 AM

Last fall, Lawfare published a piece by Ian Levy and Crispin Robinson of GCHQ entitled Principles for a More Informed Exceptional Access Debate. Our organization, the Open Technology Institute, has worked alongside other people and organizations to coordinate a response from an international coalition of 47 signatories, including 23 civil society organizations that work to protect civil liberties, human rights and innovation online; seven tech companies and trade associations, including providers that offer leading encrypted messaging services; and 17 individual experts in digital security and policy. Our coalition letter outlines our concerns that the GCHQ proposal poses serious threats to cybersecurity and fundamental human rights including privacy and free expression. We shared our letter with GCHQ officials on May 22, and we are now releasing it to the public as an Open Letter to GCHQ.

In their Lawfare piece, Levy and Robinson set forth their proposal for “silently adding a law enforcement participant to a group chat or call.” This proposal to add a “ghost” user into encrypted chats would require providers to suppress normal notifications to users, so that they would be unaware that a law enforcement participant had been added and could see the plain text of the encrypted conversation. Levy and Robinson state that they offer their proposal in an effort to have an “open and honest conversation” about how law enforcement can gain access to encrypted communications. We appreciate this call for a discussion and have organized our coalition in response. Lawfare has already published other pieces addressing the GCHQ proposal here and here.

Our letter explains how the ghost proposal would work in practice, the ways in which tech companies that offer encrypted messaging services would need to change their systems, and the dangers that this would present. In particular, the letter outlines how the ghost proposal, if implemented, would “undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused.” If users cannot trust that they know who is on the other end of their communications, it will not matter that their conversations are protected by strong encryption while in transit. These communications will not be secure, threatening users’ rights to privacy and free expression.

Our letter concludes by urging GCHQ to abandon the ghost proposal and any other approach that would pose similar risks to digital security and human rights, and by noting that we would welcome further dialogue on these important issues. The Open Letter to GCHQ is available here.