London (CNN Business)Big Tech is raising concerns about a “ghost proposal” from UK spies that would allow them to eavesdrop on encrypted messages.
Advocacy groups, security experts and tech giants including Apple (AAPL), Google (GOOGL) and WhatsApp have signed an open letter to Britain’s Government Communications Headquarters (GCHQ) that says its spies should not be allowed to access private digital messages.The letter is a response to a public proposal made last year by two high-ranking officials at GCHQ, the UK spy agency responsible for signals intelligence. Ian Levy, the agency’s technical director, and Crispin Robinson, its head of cryptanalysis, suggested in a November post on the national security blog Lawfare that service providers could “silently add a law enforcement participant” to encrypted group chats or calls.The officials argued that the approach would avoid weakening encryption, which is a way to encode messages, and claimed that it would not be any more intrusive than older technologies used by spy agencies to snoop on telephone lines. The WhatsApp attack didn't target you. But here's why you should still careThe question of whether tech companies should allow law enforcement agencies and other government actors to access encrypted communications sent via the internet has sparked a series of controversies in recent years. Apple, for example, declined to give the US Federal Bureau of Investigation access to an iPhone that had been used by a shooter who carried out a terrorist attack in San Bernardino, California, in 2015.Read MoreThe letter sent to GCHQ this week was signed by seven tech companies, 23 civil society organizations and 17 experts in digital security and policy. It said that the “ghost proposal” put forward by the two spy agency officials would violate “import human rights principles.””This proposal to add a ‘ghost’ user into encrypted chats would require providers to suppress normal notifications to users, so that they would be unaware that a law enforcement participant had been added and could see the plain text of the encrypted conversation,” the letter stated. WhatsApp reveals major security flaw that could let hackers access phonesWhen asked for comment on Thursday, the UK National Cyber Security Centre responded with a statement from Levy in which he said the proposal was always “intended as a starting point for discussion.” “We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists,” he said. “We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.” Apple, Google and Facebook (FB), which owns WhatsApp, did not immediately respond to requests for comment.