(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Watch this space: GCHQ / NCSC soon to publish Version 2 of “Ghost Protocol” appeal for backdoors in end-to-end secure, encrypted messenger software

2022-07-19 22:27:59+00:00

The worst-kept secret in British encryption circles should be launched later this week: GCHQ are due to publish Version 2 of their much-vilified “Ghost Protocol” messenger-software backdoor.

Rumours I’ve heard suggest that it’s going to be a stinker.

There’s a fat white paper which takes the old “Principles for a More Informed Exceptional Access Debate” concept and reframes it in terms of child protection — which of course was the hottest weapon for beating up encryption until February of this year, when suddenly the world realised that “disappearing messages” and “end to end encryption” might be beneficial to avoid people being sent to gulags by their governments.

Presumably there will also be a press campaign, so we can watch to see which of the Tory Leadership hopefuls have been most directly briefed on the content, thereby to establish who GCHQ are most hoping to have as the next Prime Minister.

Rumour of this thing has been kicking around for months, which is in part why I accepted the gig to write a Primer on End-to-End Encryption for Civil Society, so that we could try to proactively formalise a response. The relevant part is in the section “Surveillance: you can’t be ‘a little bit pregnant'” and runs as follows:

Ghost Protocol: your invisible friend In a 2018 Lawfare blog post, 56 representatives of GCHQ proposed a new twist on key escrow; that platforms should be obliged, when hosting an E2E conversation, to splice an additional and invisible participant – this participant is referred to as a ghost, but more traditionally she is named Eve, the eavesdropper – into the conversation. Then at some later juncture, if lawful surveillance was required, law enforcement could simply consult Eve. However: the field model requires that the First Party (Alice) must be able to see and be aware of all participants who will hear or receive what she says; having an invisible participant breaks the field model, and therefore breaks E2E. link

The cited “field model” is a very simple test for whether a system provides (at least one aspect of) end-to-end security — which, under the conditions that GCHQ/NCSC proposes, the Ghost Protocol does not.

This is not a matter of “breaking end to end encryption” — note the heavy lifting which is done by that last word, because the Ghost Protocol has no bearing on the cryptography being used — instead the Ghost Protocol is straightforwardly about lying to users regarding who can see the content which they are composing and sending.

The GCHQ / NCSC “Ghost Protocol” is about breaking promises, not about breaking encryption.

I shall be interested to see how this plays out in round 2; because the first round led to a massive political clusterbunfight which even a former CEO of NCSC found to be wanting, and in the intervening time we’ve also seen the Home Office both fund and fumble the “No Place To Hide” anti-encryption campaign — which was run by MC Saatchi, so it can’t have failed for want of competency and therefore must have failed for another reason entirely.

Given this, I am kinda expecting the thing to also be calling for client-side scanning, which equally breaks end-to-end security; although as mentioned in the primer perhaps the worst proposals in that space at the moment come from the EU Commission.

Before anyone asks…

It’s apparently due later this week, unless something happens

No, I don’t have the document

No, I don’t want the document, I can wait like everyone else

Yes, I have several sources for its existence

Yes I’m still happily employed as primary caregiver to a 1yo and therefore have no commercial nor academic axe to grind — although strictly I am open to requests for consultancy (rates available on request, lol) it turns out that sleep is far more important than money in my current cost/benefit analysis

I’m setting up a new ReadyMadeTwitterSearch to help track the launch

Afterthought, afterword…

The Primer also includes this:

GCHQBot: I ain’t ‘fraid of no ghost… Prima facie the GCHQ Ghost Protocol only breaks the field model by dint of being invisible to the participants; one solution to this is obvious: the ghost should be made into a real and obvious full participant. Each and every chat – however small, even those which are E2E Notes To Self for one user only – would be seen to include GCHQBot, or LawEnforcementBot, or similar. This proposal may sound flippant but by comparison UK automotive speed cameras are meant to be visible so that they are less open to abuse as a means of revenue generation; this is not obliged by law but public reaction against hidden speed cameras was considerable, because hidden cameras fomented public fear of authority rather than deterrence. Similarly, there are significant obligations on UK CCTV users to inform people that they are under surveillance, amongst other requirements. As such we should ask the question of what law enforcement would like to achieve by means of ghostly surveillance – is it not deterrence? If it is not deterrence, then why not? And if the goal is deterrence, then why not be overt? link

Postscript

If you would like to see Ian Levy of NCSC discussing the original Ghost Protocol blogpost at ORGCON in 2019 — amongst other topics — you can watch this recording; start at the 5:18:05 mark.

Note especially around 5:49:00 mark where he paints the Ghosts Protocol as an invitation to pursing a better solution.

5:49:30 “Is the Ghost Proposal as written, a great idea? No, of course not, it was never intended to be, but there is something out there that is…” — and this week we shall get to see how much it has been refined towards a solution, if at all.

Ian’s contemporary commentary raises and glosses over a whole pile of massively problematic issues — e.g. that interception could be implemented only against people who have a warrant against them — but how would the fact of that warrant change the behaviour of the software? Where would the list of people under warrant be stored? How would it be protected?

Ian is extraordinarily glib about deep technical issues, and repeatedly so; but this conference was memorable for me for the moment starting at 5:57:24 where Ian inaccurately suggests that adding lawful access to iMessage would be similar, or less effort than adding animated emojis; this was such a great distortion and such a leading question that I was compelled to correct him (“More…”) from my seat in the audience.

Part 2 is here:

https://alecmuffett.com/article/16236
[END]

[1] URL: https://alecmuffett.com/article/16208
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.