WhatsApp recently joined as many as 47 other companies in signing a letter calling out the UK’s Government Communications Headquarters (GCHQ) in a bid to bring an end to efforts by the agency that would allow spying on end-to-end encrypted messages, CNBC reports.
Dubbed the “ghost protocol,” the move would enable law enforcement to secretly intercept and be included in end-to-end-encrypted communications. In some instances, that would include carriers and service providers being added unannounced to private group chats or calls while in others, it would require apps such as WhatsApp to send those messages along to law enforcement in real-time.
By getting the information from the source, the proposal would enable effective spying that’s not any more intrusive than other currently used methods on non-encrypted communications, according to — according to Ian Levy, the technical director of Britain’s National Cyber Security Centre, and Crispin Robinson, GCHQ’s head of cryptanalysis.
Facebook, WhatsApp’s parent company, was noticeably not among the listed groups who have signed on to the letter. That’s in spite of the fact that it does have its own messaging platform that’s wholly separate from WhatsApp, Facebook Messenger, and that the proposal poses a risk to that application.
Other big tech companies to sign the letter include Google, Apple, and Microsoft.
Facebook’s silence is awkward
Messenger is not the first app most users probably identify has having encryption features and it isn’t encrypted end-to-end by default. The app does feature some encryption, in its Secret Conversations feature, that could ultimately be breached as a consequence of the GCHQ’s proposal.
Facebook Messenger users would also be among those who are most likely to be spied on, given the size of the company’s user base. According to Facebook’s Q4 2018 earnings report, approximately 2.7 billion people use Facebook’s apps across the board and its growth in 2018 compared to 2019 was up by nine percent in terms of both Daily Active Users and Monthly Active Users.
The company also estimated that as many as two billion people use at least one of its many services every single day.
Facebook’s decision not to sign on with the opposition is made more notable by its activity, controversies, and other trouble over the past couple of years regarding user safety and privacy. The social media giant’s efforts in those areas, as has been widely reported and continues to be reported with some frequency, have been severely lacking.
It seems unlikely that the company’s management was unaware of the open letter since it is the parent to one of the signatories and would probably have been made aware of WhatsApp’s decision to sign in advance.
The argument against the spying
One of the proposals’ authors, Ian Levy, has since responded to the letter, indicating that the intention was to present a hypothetical proposal to spur discussion about solutions in the fight against terrorism and other extreme situations. The GCHQ has not reportedly responded to the letter.
The letter itself put forward two primary contentions, claiming that such a proposed spying measure would not only ruin the trust relationship with end users but would hamper the authentication processes used in the encryption of messages.
The companies argued that the proposal would require users to turn a two-way conversation into a group chat without informing users and in some cases where the conversation has already been ongoing. On the technical side of the matter, it would also require messaging apps, service, providers, and operating systems to alter software, changing the encryption mechanisms used and how notifications in the systems work.