back to article We ain't afraid of no 'ghost user': Infosec world tells GCHQ to GTFO over privacy-busting proposals

Bruce Schneier, Richard Stallman and a host of western tech companies including Microsoft and WhatsApp are pushing back hard against GCHQ proposals that to add a "ghost user" to encrypted messaging services. The point of that "ghost user", as we reported back in 2018 when this was first floated in its current form, is to apply …

Page:

  1. nichomach
    Big Brother

    Here we go again...

    "We welcome this response to our request for thoughts on exceptional access to data – for example to stop terrorists."

    Or check what people are putting in their wheelie bins. Or whether their dog left a mess somewhere. Or whether you're a furry. RIPA powers were supposed to be used in "exceptional" cases too and now look where we are.

    1. nematoad Silver badge
      Mushroom

      Re: Here we go again...

      "...for example to stop terrorists."

      Yes, for a given value of "terrorist".

      nichomach is right. What's to stop any jobsworth sticking their nose in? Give them the tools and they will do the job, whether it's ethically right, proportionate or even legal.

      1. low_resolution_foxxes

        Re: Here we go again...

        Am I being stupid, why does the list of "exceptional terrorist activities" require senior officers at the "Food standards agency Scotland" being able to backdoor my WhatsApp? Frankly I am under no pretense anything in WhatsApp is truly encrypted, but I expect plod and gchq only...

        1. Anonymous Coward
          Anonymous Coward

          Re: Here we go again...

          '..Am I being stupid, why does the list of "exceptional terrorist activities" require senior officers at the "Food standards agency Scotland" being able to backdoor my WhatsApp?'

          In case y'ur plannin' tae mak the explodin haggis?

          I assume one of the points of having so many organisations in the allowed-to-snoop list is the old 'plausible deniability' gambit...so when questioned in the old courts of law a spook can put his hand on where a heart should be and truthfully state about any dubious surveillance activities, as they say up here, ' it wisnae me, a big boy did it an' ran awa..'

          Of course, added benefit is that it's easier to hide their activities within the 'noise' generated by the activities of this distributed bunch of nuStazi fsckwits, as they merrily abuse the powers gifted unto them (now, who'd have possibly thought they'd go and do something like that then?).

    2. GnuTzu
      Unhappy

      Re: Here we go again...

      As if it will ever end. {sigh} Just imagine what it would take to amend constitutions across the globe (well, in the free World) to end these efforts permanently.

      1. Claptrap314 Silver badge

        Re: Here we go again...

        If you think that constitutional amendments would put and end to these attempts, you need to get out more. Human nature is not like that.

        This is the LEO equivalent of, "If we can put a man on the moon...". It's going to take a couple of generations at least for these people to be seen as flat-earthers enough to get them to shut up.

        1. GnuTzu

          Re: Here we go again...

          True (voted up). In reality, I'm really not that optimistic, however much weight a constitutional amendment carries. There's plenty of constitutional territory that gets challenged all the time. It simply will never end; and they'd find a way to do things in secret either way. Still, I'd rather have that constitutional weight than not.

    3. nijam Silver badge

      Re: Here we go again...

      > for example to stop terrorists

      How can this mouthpiece (a) be so naive as to think that's what it will actually be used for,

      (b) be so naive as to believe that non-CGA crooks won't be the first to exploit it, and (c) be so naive as to think any informed person will believe him anyway.

      It's so depressing that terrorism now seems to encompass expressing any opinion - or indeed fact - that someone in some government department finds inconvenient.

      1. fidodogbreath

        Re: Here we go again...

        How can this mouthpiece sheeple (a) be so naive as to think that's what it will actually be used for [...]

        FTFY. I doubt the mouthpiece believes it. The target audience is John and Jane Public, who certainly don't want to be blown up by terrorists. "Surely we should give the proper authorities the tools they need to keep us safe. If you've done nothing wrong, then you have nothing to fear."

        Right?

        1. Pascal Monett Silver badge

          Yes. The proper authorities.

          Some food administration has absolutely nothing to do with anti-terrorism.

          1. RegGuy1

            Have you had a pot noodle recently?

            Or Pringles?

            Opps, sorry, you said food.

          2. Wild Elk

            But… but you might put explosives in some Big Mac and fries…

        2. ParksAndWildlife

          Re: Here we go again...

          The key to stopping this is to turn around the argument "if you've done nothing wrong, then you have nothing to fear.". If law enforcement and spies want to set up surveillance of public places, let them, but only if that surveillance is made available to the public who pay for it (and I mean just as available as it is to LE and spies). If LE and spies wants to spend taxpayer's money to backdoor encryption by being added to the conversation, then the general public should be able to backdoor encryption and be added to the LE and spies' conversations.

          Of course, they're going to whinge and claim they should be held to a different standard. When they do, ask them to prove it and don't accept "because terrorism", "because national security", "because official secrets", ore even "think of the children" without making them produce evidence. In reality, the majority of classification, secrets, emails, and conversations are not, in fact, about such things.

          1. Anonymous Coward
            Anonymous Coward

            Re: Here we go again...

            and all supported by MPs, AMs and MSPs who will bleat "doing nothing isn't an option, we have to do something" "nothing to hide nothing to fear" "the safety of children is at stake" "I've spoken to the families of those who died during xxx and I won't let that happen to anyone else" (even if their demands are wholly unreasonable and implausible) and use polite words to infer your a "climate change denier" "terrorist sympathiser" "unhinged" etc.......

      2. Cliff Thorburn

        Re: Here we go again...

        The next thing you will hear, remain voters will be branded terrorists, electronic books will be burned at the click of a mouse, and the spectre reflection in the mirror will be a resurgence of a far right extremist.

    4. Anonymous Coward
      Anonymous Coward

      Re: Here we go again...

      Made me laugh too: "...for example to stop terrorists." Get those fear-inducing keywords in there.

      Why not mention clowns and hint at the possibility that there could be snakes in here with us too?

      1. Anonymous Coward
        Anonymous Coward

        Re: Here we go again...

        Why not mention clowns

        Article refers to government agencies - clowns are implicit

        1. Mandoscottie
          Thumb Up

          Re: Here we go again...

          buy anon a beer! you made my week, they should call the ghost user "Amber Rudd" queen of clowns.

        2. jmch Silver badge
          Trollface

          Re: Here we go again...

          "Why not mention clowns"

          because clowns are responsible for 26.9%* more terror worldwide than terrorists

          * 45.3% of statistics are made up on the spot

      2. Ana Cronym

        Re: Here we go again...

        Has no-one thought of the safety of children yet?

        1. Dazed and Confused

          Re: Here we go again...

          > Has no-one thought of the safety of children yet?

          A bit like the porn viewer blackmailers charter.

          Let's put these rules in place so everyone who wants to perv at porn has to prove they are an adult... Oh and now we've got a regulations coming that will ban things like "Likes" for kids on social media. OK, prove you're not a kid. Oh look we've already got an age verification system in place. Before we know it you'll need to be using AV to access anything online and suddenly they got a system of digital ID cards in place without needing to do it through parliament.

          https://news.sky.com/story/sky-views-the-government-is-quietly-creating-a-digital-id-card-without-us-noticing-11726548

          All by claiming they were thinking of the kids

          1. Wild Elk

            Re: Here we go again...

            > Before we know it you'll need to be using AV to access anything online and suddenly they got a system of digital ID cards in place without needing to do it through parliament.

            Most horrifying thing I’ve seen all day.

            1. CountCadaver Silver badge

              Re: Here we go again...

              Basically the colours change but the tune stays the same. Civil service dictate the agenda and when the public revolts, they just bide their time, modify their orwellian ideas a touch and try and shove it through again.

              See - Welfare reform / cuts and UnumProvident see how many names flit between them and the DWP and back (a conference on "malingering" attended by various civil servants and govt bods and set an agenda we are still on and the public were kept in the dark) "Being sick is a role people choose" "work is good for you / therapeutic [sounding not unlike Arbeit Macht Frei] - wonder how many had relations in the NSDAP or simply are cutting and pasting ideas, the PIP reforms seem to have been a watered down AktionT4, road charging. now ID cards.

          2. Anonymous Coward
            Anonymous Coward

            Re: Here we go again...

            the Sky article says they're adding friction to porn viewing. That's just playing into the porn users hands [No pun intended]

        2. maffski

          Re: Here we go again...

          That's OK. They're all going to be on VPN's running their own encrypted chat networks. Them and the actual terrorists.

    5. Anonymous Coward
      Anonymous Coward

      Re: Here we go again...

      DWP will be right on that - using whatsapp, clearly not disabled and clearly committing serious fraud, which of course will be supported by the bench, nearly off whom no matter their age are technologically illiterate, biased towards the govt, see anyone on disability as "on the scrounge" and "fakers abound" and therefore instead of the state proving you committed fraud, the accussed is left to prove their innocence without legal advice (legal aid cuts and all)

      Case in point disabled woman did a skydive for charity that the skydive company owner stated in court was suitable for disabled people, even severely disabled, was prosecuted, convicted and required to pay back years of diability living allowance and ESA because the bench concurred with the DWP that no disabled person would do a skydive (likely as in their head "disabled people" are those pale sickly types being wheeled around in wicker bath chairs on sunny days from the institution) and ignored all the defence witnesses

  2. WonkoTheSane
    FAIL

    No less true than when I first said it years ago

    One government agency's backdoor is the entire "L33T H4XX0R" community's catflap.

    1. Paul Crawford Silver badge

      Re: No less true than when I first said it years ago

      Exactly, it is just another backdoor.

      No matter how you dress it up, a "ghost user" is still a means of decrypting without being one of the original parties based on some supposedly secret user-key, and so is subject to all of the same fundamental weakness as knobbling the cryptographic function directly.

  3. Semtex451

    IPCO mostly trawls through spies' logs of who they spied on, after the event.

    That presupposes it is always logged.

    1. Anonymous Coward
      Anonymous Coward

      Re: IPCO mostly trawls through spies' logs of who they spied on, after the event.

      Local MSP tried to tell me that facial recognition was no different to first generation biometrics such as fingerprints. He's gone all silent after I pointed out his fallacy. He's also now gone from personal emails back to the MPs favourite - pre printed blurb written by whoever and ignoring all the points highlighted in correspondence.

      SNP - Another party off the list for that reason, along with this "climate emergency" pandering to an unwashed rabble.

      Now if the libretarian party were not against the NHS then I might consider voting for them. However since they are against it then stuck for a party.

      Labour - rather not end up in the 1970s with closed shops all over the place.

      Tories - no chance in hell, not after them going after the disabled and the snoopers charter

      Lib dems - who will they whore themselves out to next

      ChangeUK - more nulabour nonsense likely including keeping this "give the sick and disabled a continued kicking"

      Greens - none of them have any experience living in a rural area where buses are 1 an hour or less, nor do I fancy living in a marxist commune (citizens assemblies sounds just like communism)

      UKIP/Brexit - definetely not

  4. 0laf Silver badge
    Stop

    They'll never get it.

    You can't break encryption "a little bit". You break it or you don't.

    Everything else is electric magic thought up by the uninformed. Or unicorn shit etc etc. Insert colourful euphemism of choice.

    1. Roger Greenwood

      Re: They'll never get it.

      Dalek dung - smells really good though.

      1. Semtex451
        Windows

        Re: They'll never get it.

        I found some on the stairs this morning.

        The odd thing is the noise it made when I trod in it.

      2. Anonymous Coward
        Anonymous Coward

        Re: They'll never get it.

        "Dalek dung - smells really good though."

        I thought the Daleks were once a proud intelligent race, they put their brains inside those metal containers but were later on brainwashed into being the mindless drones we know and love. So if there is still organic material in there, there must be waste, so it's not so far fetched.

    2. Ben Tasker

      Re: They'll never get it.

      They're attempting to weasel around the terminology a bit.

      What they're asking for isn't *technically* breaking the encryption. They want the ability to insert an unauthorised (by the victim... sorry, target) user into a conversation so that the software on the devices of the parties encrypts a second copy of the message using the public key of the eavesdropper and sends it on to them.

      No encryption has been broken there. So technically they're not breaking encryption and (they hope) can wave away such foolish things as maths which might be used to argue against them.

      But, at the same time they're completely ignoring the issues with that:

      - I'd not use any application which had the ability to do that.

      - You need the end-users device to "know" about (but not display) the ghost user, so that it knows to encrypt for the peeler. Which means someone will figure out a way to detect the presence of the eavesdropper

      - The people they claim to care about catching will move onto a technology that isn't affected whilst we all get digitally raped by the rampant privacy abuse of our Government and it's organs

      - Eventually, it'll leak just how much the ability was misused, the industry will refuse to co-operate and we'll be back where we are now, having fucked up a lot of lives along the way

      They *are* though, going to keep pushing until they get what they want. They don't need 100% coverage, just to take a few big scalps so that most of the population are using at least one affected app.

      1. JohnFen

        Re: They'll never get it.

        "What they're asking for isn't *technically* breaking the encryption. "

        True. But it's a backdoor nonetheless, and certainly weakens security.

      2. amanfromMars 1 Silver badge

        If They'll never get it, ..... Just Gift IT to Them. Put a Fox in the Hen House*

        Howdy, BT

        I'd not use any application which had the ability to do that. .... Ben Tasker

        The bigger question is how on Earth would you Stop such an Ability ...... Fully Ready and Worthy of the Most Noble of Facilities :-)?

        It would need to be heavenly to be allowed to proceed, methinks. You can thank Global Operating Devices for that Hosting in Postings.

        * Show a Lone Wolf Cat Houses is in any language an Extremely Engaging and Immensely Satisfying Passion to Server in Supply and Service with Insatiable Desire, whenever and wherever they may be needed to be found.

        How does one cope with such an engaging and enraging morsel, BT ....... How We Do IT ..... with AI Leading Trails and Tales to Follow ‽ .

      3. whitepines
        Big Brother

        Re: They'll never get it.

        just to take a few big scalps so that most of the population are using at least one affected app.

        ...and that's why I only use open source applications if the data is any more valuable than the latest game save on a Nintendo. No open source application available, or TiVoised mobile? Maybe I really didn't need whatever it was in the first place even though Silicon Valley thinks I did.

        Not that I've done anything intentionally wrong or criminal mind you, but let's stop pretending anyone that thinks they haven't done anything wrong isn't actually a technical criminal due to our dizzying array of laws and regulations. In the immortal words of Cardinal Richelieu, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Even the politicians calling for this have probably committed some offense or other in the past, it's just that the more connected you are and the more resources you have the easier it is to hide the indiscretions (more to the point, people tend look the other way on purpose around such individuals, drawn like moths to a flame to the perceived power of the person).

        Yes, I'm aware that this may mean not using mobiles. Or only carrying a candy bar phone for safety when going out, and treating it as the electronic bug, spy, leash, and tracker it is. And yes I'm also aware we may end up like China where you are legally forced to carry one. At that point Blighty is, quite candidly, fucked and some other country will be taking over in a few generations -- not to govern its people, mind you, but to thoroughly subjugate them and take whatever resources are left from the remaining subsistence farmers.

        Ah, Karma. Sometimes it operates on scales of centuries. No less sweet.

        1. CountCadaver Silver badge

          Re: They'll never get it.

          UK.gov will solve that reluctance - social credit. Want heat, light or running water then do as your told and carry what we tell you tu and use the apps we require you to.

          Already we're heading for a privatised firewall of britain.

          Is anyone surprised though? With all those govt bods at all levels (inc county councils) on fact finding missions to china for years on end, it wasn't trade they were interested in, its the controlling the populace and how to silence those "irritating" voices who cause disruption to your harmonious society......

    3. tip pc Silver badge
      Paris Hilton

      Re: They'll never get it.

      "You can't break encryption "a little bit". You break it or you don't."

      They are not breaking encryption. Messages will still be encrypted end to end, just the security services will be one of those ends, the ghost bit, and will see all your messages too. Whats app etc will still be blind to your messages, the authorities won't.

      1. maffski

        Re: They'll never get it.

        Unless, of course, you're subject to a network level attack and the entirely silent end point you don't know about is no longer the security services.

      2. Anonymous Coward
        Anonymous Coward

        Re: They'll never get it.

        "Whats app etc will still be blind to your messages"

        This is not true, I'm afraid. WhatsApp generates the keys; which means one of the ends is Facebook. The "end-to-end encryption" is solely to protect THEIR data from competitors and a marketing buzzword to reassure users.

        You didn't think a company like Facebook paid $19 billion for WhatsApp for altruistic purposes, did you?

  5. Anonymous Coward
    Anonymous Coward

    ... and every nation state on the planet would turn their computers to cracking that key.

    Are GCHQ that dense? Yes, yes they are. Are they going to warranty any breach of their backdoor?

    1. Doctor Syntax Silver badge

      "Are GCHQ that dense? Yes, yes they are."

      No they're not. They just hope they can get away with it anyway.

      They'll brain-wash the Home Sec to let them do it. And heaven help us if the current Home Sec. in the HO gets into No 10. The current Home Sec in 10 has been bad enough but the current Home Sec. in the HO actually wrote an article in the times describing himself going through the process without even being aware of what he was actually describing.

      1. genghis_uk

        +1+1+1...

        As I have said before, all Home Secretaries as borderline sociopaths (mostly on the wrong side of the border at that!). Take a sociopath Home Sec, make them PM and you end up with the autocracy that we have suffered with the Maybot.

        It took Maggie and Bliar 3 terms to become convinced of their immortality, May was like it from the start and I hate to think what Javid would be like

        1. Adrian 4

          I'm not sure Home Secretaries all start out that way. Some seem almost human (eg Blunkett) before they get to the post.

          Then, something happens to them.

          Perhaps they get indoctrinated. Perhaps they get lobotomised. Perhaps they find out just how much dirt there is recorded on them. But nobody ever comes out of there that can be trusted.

          What happens ?

          1. jake Silver badge

            What happens?

            As John Dalberg-Acton, 1st Baron Acton put it so succinctly, there is no need for me to paraphrase: "Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men."

            Funny the things they don't teach in school anymore, isn't it?

          2. Spamfast

            I'm not sure Home Secretaries all start out that way. Some seem almost human (eg Blunkett) before they get to the post.

            Blunkett is and always was a slimeball. He's a self-confessed adulterer and fraudster and a borderline fascist. I never understood why he wasn't sent to prison for his misdeeds. You get these people on the left and the right - convinced of their own righteousness while simultaneously shovelling money down their trousers.

            I'm too old and tired but I do hope the younger generation wise up sometime and kick them all out. Greta Thunberg gives me a bit of hope at least.

            1. Anonymous Coward
              Anonymous Coward

              'Greta Thunberg gives me a bit of hope at least.'

              Eh?,

              I'm old and tired too, but still remember the 'Gretas' of my youth, and those of my student days, and the ones I ran into while working, and so on...they were all just as passionate about the same subjects this Greta is, just as idealistic, and where are they all now?

              The only difference between those 'Gretas' and this one is that she has media savvy 'connected' parents (c/w publicists) and, thanks to the collective efforts of all us old buggers, she has a global platform to perform on...I'm afraid, with age, my cynicism has deepened, I'd be following the money here...however genuine she is, the circus surrounding the lass has 'that' spoor...

              All this reminds me of a cartoon strip I once saw in an anarchist rag, it ended on the frame with the earth being destroyed by the antics of humanity and the words (paraphrased) 'Come and see the Spectacle of the demise of The Society of the Spectacle'

        2. BebopWeBop

          It took Maggie and Bliar 3 terms to become convinced of their immortality, May was like it from the start and I hate to think what Javid would be like

          I read this a little too quickly as immorality and giggled. May was part of a long line of Home Secs who went native and lost any principles they might have had.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like