Back to News & Commentary

When You Have Data, They Will Come

People use computers at an Internet cafe in Chengdu in southwest China's Sichuan province
People use computers at an Internet cafe in Chengdu in southwest China's Sichuan province
Jon Callas,
Senior Technology Fellow,
老澳门开奖结果
Share This Page
July 23, 2019

Note: This is part two of a four-part series where security expert Jon Callas breaks down the fatal flaws of a recent proposal to add a secret user 鈥 the government 鈥 to our encrypted conversations. Part one can be found here.

A recent essay by technical leaders of Britain鈥檚 GCHQ proposes a law that would require software companies to enable the secret addition of an extra user 鈥 the government 鈥 to spy on an otherwise securely encrypted conversation, thereby destroying the confidentiality and privacy encrypted communications provide us. The essay claims that this exceptional access proposal would only be used by 鈥渞esponsible law enforcement鈥 and 鈥渄emocratically elected representatives and judiciary...and certainly doesn鈥檛 give any government power they shouldn鈥檛 have.鈥

This is a fantasy. When I build software and hardware as a software engineer and security specialist, I am never na茂ve enough to think that my customers would only be surveilled by good governments, any more than I was na茂ve enough to think my tools would only be used by good people. In fact, I build my systems presuming that even I鈥檓 not to be trusted with my customers' data. I鈥檓 not alone by any means in this. Those of us who build services know that we make outright mistakes, do favors we shouldn鈥檛 have, and never understand the whole picture. So we accept that we are threats, too, to the safety of our users. We remove our own privileged position every place we can and make sure that not even we can decrypt our users鈥 information.

The GCHQ authors understand this, too. They should know better than to suggest that the genie will only grant good wishes made by good people, and that those people will only use their wish only for good once granted. The now-fictional GCHQ 鈥済host user鈥 technology would provide access for democratically elected representatives inevitably will also be used by non-democratic, unelected, unrepresentative, and autocratic governments.

China will demand status to use ghost users. China already mandates its own standards for encryption, networking, network security, and cloud services. It will certainly demand that it be allowed to use the ghost user backdoor, too 鈥 and will use its substantial economic power to pressure companies to comply. There's no way around this. Messaging services will be forced to either offer China the same access they give to the UK, US, and any other imaginary club of 鈥済ood countries,鈥 or forego Chinese users. Employees of services that resist and decide not to operate in China would be wise to never travel to China nor to countries that have extradition treaties with China, because they may be at risk for refusing to facilitate Chinese surveillance with their 鈥済ood guy鈥 backdoored products. Once the ghost user technology is built, Saudi Arabia, Russia, the United Arab Emirates, and other nations will require access to it as well.

Emboldened by U.S. and U.K. technology regulation, these nations will push for additional security compromises as well as data retention and other privacy-invading practices.

  • The Indian government has a history of fighting WhatsApp 鈥 the unnamed target of the GCHQ proposal 鈥 over its encryption. India has proposed changes to its laws that would require services to break encryption for the government and to retain data about users鈥 conversations. The proposed changes to Indian law would require access to messages if there is a court order from any country.
  • Thailand, where insulting the king is illegal, has also proposed laws mandating that its government be able to access private communications. So has Vietnam.
  • Singapore has proposed a 鈥淧rotection from Online Falsehoods and Manipulation Bill,鈥 that uses the problem of misinformation as a reason for many restrictions.

For now, tech creators and civil liberties organizations have managed to push back on exceptional access requirements, and we shouldn鈥檛 discount the moral and persuasive force of being able to point to the absence of such requirements in the US and the UK. Should mandatory 鈥渨iretappability鈥 be required in the United States and the United Kingdom, other countries will take advantage of the feature, or make it be a requirement to do business there as well.

Today, governments that want to spy on political opponents, activists, and journalists generally have to resort to commercial malware and spying tools sold by unscrupulous contractors such as the NSO Group and Darkmatter, which supply turnkey spyware developed in Israel and the UAE respectively to Ethiopia, Saudi Arabia, Mexico, Turkey, and many more countries. These tools have been used to , are connected to , and to a .

Currently, oppressive governments have to pay for the services of these hacking companies. They have to hope that their targets are using vulnerable software or that they click on malicious links in phishing emails. And they have to avoid detection by investigators at groups like Citizen Lab. But if the GCHQ proposal worked, doing all of this bad-guy hacking would be so much easier. Governments could just call Facebook and demand access to the conversations of any of WhatsApp鈥檚 1.8 billion active users. These demands may or may not be accompanied by whatever legal papers are required under local laws.

As co-founder of PGP and Silent Circle, it was never far from my mind that if my product wasn鈥檛 secure, oppressive governments would use it to spy on my customers. We didn鈥檛 want to be a part of Mexico undermining health advocates, and we knew that eventually our companies would be put to the test by oppressive regimes. It is a fantasy to think that companies, even those based in the U.S., can define a club of 鈥済ood鈥 countries and only respond to legal demands from those governments, or that so-called 鈥済ood鈥 countries would only put the technology to 鈥済ood鈥 uses. So we built our products to securely encrypt user data. It would have been irresponsible to vulnerable communities, human rights activists, and journalists that depend on secure encryption for their physical safety for us to try to just wave away the thorny details of the inevitable tide of international exceptional access demands.

Of course, we nevertheless had to be ready for international demands for whatever data our products did generate. When you have data, they will come. As a provider of communications tools and services, you are the intermediary ensuring that investigators get the data they are permitted to, but no more. There are real dangers 鈥 to public relations, privacy, and security 鈥 to mismanaging these demands.

Rather than grapple with the reality of these difficulties, the GCHQ proposal seems to just trust that technology providers will magically be able to sift between deserving and undeserving governments demanding ghost user access. It would never be that easy and creating such a mechanism would open the door to vast abuses around the globe. The ghost user capability should never be created.

Part three, which addresses the GCHQ authors assertion that adding a secret listener to a conversation is just like attaching 鈥渃rocodileclips鈥 to a phone wire, can be found here.

Further Reading

Here is some further reading on the international assault on secure and private communications by nation-states and quasi-governmental actors.

China鈥檚 Technology and Business Standards

John Battelle, ""

Manyi Kathy Li, ""

Andrew Polk, ""

Indian changes to their Information Technology Act

Seema Chichi, ""

Aria Thaker, ""

(Indian) Internet Freedom Foundation, ""

Thailand's Cybersecurity Law

TechCrunch, ""

Vietnam's Cybersecurity Law

Bao Ha, ""

Jon Russell, ""

Singapore's Protection from Online Falsehoods and Manipulation Bill

Allie Funk, ""

NSO Group

David D. Kirkpatrick, ""

CBS 60 Minutes, ""

Times of Israel Staff, ""

John Scott-Railton, Bill Marczak, Claudio Guarnieri, and Masashi Crete-Nishihata, ""

Darkmatter

Jenna McLaughlin, ""

Mark Mazzetti, Adam Goldman, Ronen Bergman and Nicole Perlroth,""

Christopher Bing, Joel Schectman, ""

Learn More 老澳门开奖结果 the Issues on This Page