GCHQ, the UK's spy agency, designed a security protocol for voice-calling called MIKEY-SAKKE and announced that they'll only certify VoIP systems as secure if they use MIKEY-SAKKE, and it's being marketed as "government-grade security."

But a close examination of MIKEY-SAKKE reveals some serious deficiencies. The system is designed from the ground up to support "key escrow" — that is, the ability of third parties to listen in on conversations without the callers knowing about it.

Although the words are never used in the specification, MIKEYSAKKE

supports key escrow. That is, if the network provider is

served with a warrant or is hacked into it is possible to recover

responder private keys and so decrypt past calls without the legitimate

communication partners being able to detect this happening.

Secure Chorus facilitates undetectable mass surveillance, in a way

that EDH based key encryption schemes would not. This is presented

as a feature rather than bug, with the motivating case in the

GCHQ documentation being to allow companies to listen to their

employees calls when investigating misconduct20, such as in the

financial industry. The aim of GCHQ's development of MIKEY-SAKKE – to weaken

security of in order to facilitate surveillance – is made clear through

their activity on the 3GPP standardisation committee responsible

for "Lawful Interception (LI)": ensuring that law enforcement and

intelligence agencies are able to eavesdrop on 4G cellphone calls.

The National Technical Assistance Centre (NTAC), the part of

GCHQ responsible for assisting law enforcement and intelligence

agencies with decryption and data analysis, sits on this committee

(known as the "3GPP SA3 LI") and their representative served as

secretary.

GCHQ's sub

Insecure by Design: Protocols for Encrypted Phone Calls

[Steven J. Murdoch/UCL]

(Thanks, William!)