GCHQ-built phone voice encryption has massive backdoor

The irony of this story neatly mirrors the inconsistencies in the UK government&#x27;s recent response to a petition to &quot;to abandon all ideas of trying to ban strong encryption&quot;: <a href="https:&#x2F;&#x2F;petition.parliament.uk&#x2F;petitions&#x2F;106369?reveal_response=yes" rel="nofollow">https:&#x2F;&#x2F;petition.parliament.uk&#x2F;petitions&#x2F;106369?reveal_respo...</a> .<p>The government&#x27;s response boiled down to<p>1) The Government is not seeking to ban or limit encryption.<p>2) The Government is clear we need ... to ensure that ... the police and intelligence agencies can ... access the content of communications of terrorists and criminals.<p>Not too surprising that around 26 of the 650 members of Parliament have degrees in science or technology.

I feel obliged to once again refer to Home Secretary Theresa May&#x27;s on-record statement to a government committee only seven days ago:<p>&quot;The UK does not undertake mass surveillance&quot;.<p>Make of this what you will.

So the UK government is trying to amass a toolset that wold be the stuff of wet dreams for the Stasi - but they&#x27;re absolutely not going to use them for the very thing they are designed to do - even though we know they&#x27;re already doing the things they say they&#x27;re absolutely never going to do with he tools they say they don&#x27;t have but they actually do have.<p>Hmmmmm. Okey dokey asshats.<p>What puzzles me though is this: These things aren&#x27;t designed and built by politicians. They&#x27;re designed and built by highly skilled people with above average intelligence. And the UK security services don&#x27;t pay that much money. So who are these idealogical geniuses who are ready and willing to arm a government with tools they should not possess?

The sad thing is that in this day and age nobody is going to be surprised by this, and most of the genral public won&#x27;t even care :(

The original story at <a href="https:&#x2F;&#x2F;www.benthamsgaze.org&#x2F;2016&#x2F;01&#x2F;19&#x2F;insecure-by-design-protocols-for-encrypted-phone-calls&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.benthamsgaze.org&#x2F;2016&#x2F;01&#x2F;19&#x2F;insecure-by-design-p...</a> seems to be not coping well with the traffic, here&#x27;s the Google cache: <a href="http:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache:rBNjGS8jxX8J:https:&#x2F;&#x2F;www.benthamsgaze.org&#x2F;2016&#x2F;01&#x2F;19&#x2F;insecure-by-design-protocols-for-encrypted-phone-calls&#x2F;&amp;num=1&amp;hl=en&amp;strip=1&amp;vwsrc=0" rel="nofollow">http:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache:rBNjGS8...</a>

It should have been obvious to the project team that the hole would be noted, or suspected if the details were obfuscated. I&#x27;m more concerned about the waste of public money on a doomed project.

Well, what an enormous surprise this is.<p>GCHQ, who have been implicated in mass surveillance for many years, and who were showed by Snowden&#x27;s releases to be doing lots of snooping and sniffing around indiscriminately and who haven&#x27;t come under any criticism whatsoever from the UK government in light of these releass, have made a compromised encryption product that allows them to carry on doing what they do.<p>I&#x27;m absolutely floored by this.

I previously worked at Cryptify AB with Cryptify Call.<p>I think this article misses the point somewhat. This is not a backdoor, it is the entire point of the scheme. As I understood it CESG wants MIKEY-SAKKE primarily for use within the government or within companies working for the government.<p>For the network owner MIKEY-SAKKE is very convenient because it satisfies the criteria for Lawful interception[1] while also enabling end users to both authenticate and encrypt messages without actually talking to the network owner after the initial trust has been established. It works well as long as the user trust the network owner and you want to protect your users from external powers while maintaining the ability to decrypt any message in the network.<p>[1] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Lawful_interception" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Lawful_interception</a>

Seems to me that government agencies are good at two things:<p>1. Failing to be any good at what they are trying to do and, 2. Using said failures to take advantage of poor people and put them in jail.<p>This seems like a case of both happening.

Maybe &quot;MIKEY-SAKKE&quot; is an inside joke.<p>Mikey: &quot;A seemingly innocent and sweet little boy causes murder and mayhem in his new neighborhood ...&quot; [0]<p>saake: &quot;arrested number of young&quot; in Somali [1]<p>[0] <a href="http:&#x2F;&#x2F;www.imdb.com&#x2F;title&#x2F;tt0104870&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.imdb.com&#x2F;title&#x2F;tt0104870&#x2F;</a><p>[1] <a href="https:&#x2F;&#x2F;translate.google.com&#x2F;#auto&#x2F;en&#x2F;saake" rel="nofollow">https:&#x2F;&#x2F;translate.google.com&#x2F;#auto&#x2F;en&#x2F;saake</a>

Unsurprising yet depressing :(

Yes let&#x27;s let government surveillance outfits design protocols. I mean who ever though this would ever be a good idea? They will 100% of the time fail at this task.