Apple, WhatsApp, Google and more attack plan to let spies read people's private conversations

World's biggest tech companies, civil society groups and security and privacy experts join together to sign open letter

Andrew Griffin
Thursday 30 May 2019 15:24 BST
Comments
The WhatsApp messaging app is displayed on an Apple iPhone on May 14, 2019 in San Anselmo, California
The WhatsApp messaging app is displayed on an Apple iPhone on May 14, 2019 in San Anselmo, California (Justin Sullivan/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Apple, WhatsApp, Google, Microsoft and more have joined together to attack a plan to allow spies to read people's private messages.

The company released an open letter in which they criticised a proposal, made by senior staff at UK intelligence agency GCHQ, to fundamentally change the world's biggest messaging apps so that spies could see them.

The proposal would work by allowing intelligence agencies to be a secret participant in all conversations, letting them see the contents of chats and calls when they wanted to.

But the open letter argued that such a situation would undermine privacy and security, as well as the trust users put in private messaging platforms.

As well as being signed by many of the world's biggest tech firms – including Apple, Google, WhatsApp and Microsoft – it also earned the support of a wide range of civil society groups as well as security and privacy experts.

The open letter begins by praising many of the principles outlined in the piece by senior GCHQ staff. It praises them for focusing on important issues like privacy rights and cyber security.

But it goes on to attack one specific suggestion inside that the article: the adding of a special user that would allow law enforcement to read conversations inside a group chat or phone call.

"Despite this, the GCHQ piece outlines a proposal for 'silently adding a law enforcement participant to a group chat or call' This proposal to add a 'ghost' user would violate important human rights principles, as well as several of the principles outlined in the GCHQ piece. Although the GCHQ officials claim that 'you don’t even have to touch the encryption' to implement their plan, the 'ghost' proposal would pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression."

It goes on to explain that proponents of the "ghost user" suggestion argue that it would be possible to allow law enforcement to secretly be added into conversations, allowing them in effect to be a participant in every conversation that happens. That would allow the chats to be protected by encryption, they argue, since the chats would remain protected but spies would be a normal participant in them.

But the letter says that such a proposal is misguided, since it would still end up undermining the security of conversations and allow for vulnerabilities to be opened up. The current system works by tying keys to individual users, and only allowing users with those keys to be able to read conversations – that system would be undermined by one that gave the keys to somebody else at a general level.

They also note that even if the security commitments did hold true, there is nothing to guarantee that spy agencies would not abuse the access that such technology would give them. It argues that the access could enable stalking and abuse, and claims that the protections that decide how UK and US spying agencies can use the data they are given are not strict enough.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in