Beware the GHOST Protocol

Posted on Sep 4, 2019 by Caleb Chen
Beware The GHOST

UK internet users and internet users around the world need to beware of the GHOST protocol. The GCHQ, which is the United Kingdom’s (UK) equivalent of the American NSA, came up with the GHOST protocol as a potential application of the Investigatory Powers Act. The UK’s IP Act allows the government to compel companies based in the UK to backdoor the encryption provided by the company to users for the government – and the company wouldn’t be allowed to notify the user.

Beware the GHOST protocol

When the IP Act aka the Snooper’s Charter was passed in 2016, crypto war veterans shouted from the rooftops: “Beware!” It is impossible to build an encryption backdoor for the government that couldn’t then be used by others and thereby breaking the usefulness of the encryption. Beware of anyone that tells you otherwise, for what they are preaching is literally ignorance of biblical proportions. Yet here we are again for round n of the fight between ignorance and mathematical facts.

Cyber security experts agree

Cyber security experts, cyber privacy experts, and many more people that can figure this out without being called an expert all agree that a GHOST protocol would be a horrible idea and set a horrible precedence. There isn’t some faraway point in the distant cyber future where math will suddenly stop working the same, and suddenly we’d have tenable encryption backdoors. It just isn’t physically possible. Potential companies that would be affected by this horrible plan, including Facebook and Apple, signed an open letter to the UK government protesting the encryption breaking plan. Private Internet Access’s Derek Zimmer articulately describes why encryption backdoors, or “split key cryptography,” is doomed from the get go in his PIA blog post: “Split Key Cryptography is Back… Again – Why Government Back Doors Don’t Work.

GHOST protocol enables mass surveillance

The GCHQ’s GHOST protocol enables mass surveillance. Even though this problem is largely localized to one country at the moment, its influence is spreading. In fact, it’s spreading fast. The Five Eyes countries meet every year on this very subject and the UK’s plan is now appearing in other countries. The US Attorney General recently called for something similar to the GHOST protocol in the US, saying companies would just have to deal with it. In Australia, an anti encryption bill that enables the government to ask for GHOST protocol-like access has passed and is just ripe for abuse. Whether by technical notice or compelling letters, governments seem to think they can defeat encryption by yelling at the wind.

Comments are closed.

1 Comments

  1. John

    How do those new laws affect the PIA offering?

    Will you keep servers in the UK and be compelled to compromise users privacy?

    5 years ago