Encryption 30 May 2019

Internet Society Signs Open Letter Opposing GCHQ Ghost Proposal For Weakening Encrypted Communications

In late 2018, The British Government Communications Headquarters (GCHQ) published an essay on Lawfare outlining its principles for “exceptional” or “lawful” access[1] to encrypted information, alongside a proposed use case – the “ghost proposal”. The GCHQ proposal would add a silent (or ghost) user to end-to-end encrypted messaging services, such as WhatsApp, and allow the government to listen in to ongoing encrypted conversations secretly for law enforcement or national security purposes. The Internet Society is pleased to add its name to an open letter outlining the dangers that this proposal, and techniques like it, pose to the Internet and to users everywhere.

All exceptional or lawful access proposals put users, the economy, the services we depend on and the Internet itself at greater risk to security threats. GCHQ’s “ghost proposal” is no exception.

As stated in the open letter, the ghost proposal would

“introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused … [and] mean that users cannot trust that their communications are secure.”

Protected communications are a matter of security. Whether they are used to keep critical infrastructure running, safeguard our financial information, or keep personal information from those who would use it to do us harm, protected communications keep us all safe. All of these rely on encryption and other digital security tools.

The Internet Society is proud to add its voice to a diverse group of stakeholders from civil society, industry and academia calling on GCHQ to abandon the ghost proposal and avoid any alternate approaches that would similarly threaten digital security and human rights.

We must strengthen, not weaken encryption. By whatever name, any point of entry to a secure service is a weakness.

[1]Generally, when people speak of lawful or exceptional access they refer to some means of allowing law enforcement the ability to lawfully access the content of encrypted communications and encrypted data in an unencrypted form. For example, by asking companies to have the technical ability to access encrypted content.

Related resources

Strengthening the Internet 4 February 2022

Internet Society Statement on EARN IT Act 2022

The Internet Society calls on senators to protect strong encryption by opposing the re-introduced EARN IT Act.

Encryption 12 May 2021

Internet Society: UK Online Public Safety Bill is trying to legislate the impossible – a safe Internet without strong encryption

In the Queen’s Speech on 11 May 2021, the UK Government said it wants to “harness the benefits of...

Encryption 1 March 2021

Internet Society Statement regarding the Indian Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021

The new requirements in the the Indian Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021...