In this edition, Max Hasselhoff takes a look at where the lines are drawn in the never-ending fight over online privacy, how we’ve gotten here, and what’s at stake moving forward.
Recently, a group of 49 tech companies banded together to write an open letter criticizing what has been called the “Ghost Proposal,” an unofficial proposition put forth by representatives of the British intelligence community that would see back-door access to encrypted messaging applications uniformly granted to state security agencies.
This push back on behalf of private companies marks the latest development in the never-ending fight over online privacy. For this edition of Max’s Corner, in honor of Bytecoin’s rollout of our own encrypted messaging capabilities, I thought it would be worthwhile to take a look at where the lines are drawn in this fight, how we’ve gotten here, and what’s at stake moving forward.
As our social and economic activities continue their exodus into the new digital reality, the rules that govern these activities are being forced to adapt on the fly. One of the aspects of this adaptation that people are most sensitive to is the way that state surveillance has morphed into its contemporary form in the modern technological era. This concern has recently bubbled over as is demonstrated in the open letter mentioned above.
What is the “Ghost Proposal”?
The “Ghost Proposal” is an article on Lawfareblog written by Ian Levy and Crispin Robinson, two members of the British Intelligence community, which advocates adopting new online surveillance measures in order to increase public safety and counteract terrorism. The primary way that the authors of the piece would achieve this is by enabling uniform back-door access to encrypted communications for state surveillance bodies.
This would be done by mandating that companies who provide encrypted messaging services incorporate a “ghost key” that would allow for third party access to private chats without notifying the primary participants.
Off the bat, the implementation of something like this would require that the companies that provide these services make significant changes to their encryption protocols and/or deceive their customers by suppressing the notifications that they would normally get when someone new joins a chat or reads their messages.
How Have Tech Companies Responded?
The open letter from the tech companies in response to the proposal was quick to point out the potential risks that its implementation would bring about. In the letter the experts warn that the institution of this kind of ghost key would constitute a grave threat to security and civil liberties:
The GCHQ’s ghost proposal creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused.
These cybersecurity risks mean that users cannot trust that their communications are secure, as users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression….
In addition to the privacy violations that this policy would enable the government to perform, the ghost key, or backdoor, once created, would be a tremendous liability. You can never know for sure that access to the backdoor will be kept in good hands, and should it get instituted it would immediately become a target for hacking attacks.
Now, while I obviously agree with the sentiments expressed in the letter, I think we need to take a bit of a closer look at what is actually going on here. The letter was signed by 49 companies including Google, Apple, Microsoft and Whatsapp. Of those companies, the one with the biggest encrypted communication service is obviously Whatsapp, which is itself a subsidiary of Facebook.
Facebook’s privacy issues only seem to get bigger by the day, while their coverups get more elaborate and government representatives either look the other way or make pompous public statements full of sound and fury but devoid of any kind of action.
To return briefly to the letter from the start, these companies highlighted the fact that the implementation of this kind of backdoor protocol would potentially open the door for human rights violations to occur in the form of breached privacy. It is interesting that they would do that because it seems to me that Facebook and their ilk have been able to take advantage of the opacity of privacy laws for a long time now.
Facebook and, by extension, Whatsapp are American companies and do a great deal of their business in the United States, and therefore their actions are restricted by the protections laid out in the Bill of Rights. Of particular interest to this discussion are the protections provided by the Fourth Amendment which reads:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Now, if you’ve followed the news at any point in the past ten years, you indubitably have the suspicion that Facebook has violated this amendment in innumerable ways. However, Facebook is a private company that provides a private good, and therefore, if someone chooses to sign up for its services, many of the protections they would normally have do not apply to the activities they engage in with Facebook (or even the activities they engage in just with Facebook installed on their device)..
So, while it is a fine piece of rhetoric to highlight how sacred human rights are, Facebook – and the other major tech companies as well for that matter – knows full well that the data that they collect is not legally sacrosanct. Big tech can virtue signal all it wants in open letters, but the reality is that these companies are laughing all the way to the bank.
Now, Whatsapp is supposedly an entirely different beast; its users are protected by end-to-end encryption that ensures everything sent on the platform is private. But how true can that really be? Based on how often Facebook lies about their usage of client data, you have to take everything Whatsapp promises with a grain of salt.
Just looking back to last month there was a huge hack that threatened to compromise the security of Whatsapp’s over 1.5 billion users. The hack, which cybersecurity experts have alleged was perpetrated by the Israeli NSO Group Technologies firm, took advantage of a security flaw in the application’s programming and gained access to Whatsapp user accounts by triggering a data buffer overflow via phone calls. Once a user’s phone had been breached, all the data on the phone was compromised.
Although this doesn’t suggest that Whatsapp has been actively deceiving people concerning their privacy policy, it highlights the application’s vulnerabilities and points out one of the obvious concerns with encryption services that hardly ever gets talked about, namely, if an outside party has access to a device then all decrypted data on the device is compromised.
End-to-end encryption, once decrypted on one end, cannot protect users if the device they are using to communicate with is compromised. Big tech companies are all too willing to compromise their clients’ devices in order to serve their monetary interests.
So, what options do we have moving forward? We have to develop our own means of communication. At a certain point, after being fooled time and time again, the onus has to shift to the ones being fooled to make a change. At Bytecoin, this is an issue we have been thinking about for a long time and our initial messaging capabilities are just the start of what I hope will turn into something bigger.
But it isn’t just about us at Bytecoin, I think people across the board who are concerned with the encroachments of governments and corporations upon personal privacy need to start working together to produce something better. The status quo has been inadequate for too long now; it’s time to drop the charade.
Max was born at the end of 80s in Frankfurt, Germany. He studied engineering and telecom at university, and had internships in the US and UK. At the same time, he was coding on the side in С++ and scripting languages. After entering the Bytecoin team in 2016 as a technical support engineer, he rose through the ranks and now works as an integration engineer. Max is collecting vintage gaming consoles and loves English literature.