GCHQ, the UK's spy agency, designed a security protocol for voice-calling called MIKEY-SAKKE and announced that they'll only certify VoIP systems as secure if they use MIKEY-SAKKE, and it's being marketed as "government-grade security."
But a close examination of MIKEY-SAKKE reveals some serious deficiencies. The system is designed from the ground up to support "key escrow" -- that is, the ability of third parties to listen in on conversations without the callers knowing about it.
Although the words are never used in the specification, MIKEYSAKKE
supports key escrow. That is, if the network provider is
served with a warrant or is hacked into it is possible to recover
responder private keys and so decrypt past calls without the legitimate
communication partners being able to detect this happening.
Secure Chorus facilitates undetectable mass surveillance, in a way
that EDH based key encryption schemes would not. This is presented
as a feature rather than bug, with the motivating case in the
GCHQ documentation being to allow companies to listen to their
employees calls when investigating misconduct20, such as in the
The aim of GCHQ’s development of MIKEY-SAKKE – to weaken
security of in order to facilitate surveillance – is made clear through
their activity on the 3GPP standardisation committee responsible
for “Lawful Interception (LI)”: ensuring that law enforcement and
intelligence agencies are able to eavesdrop on 4G cellphone calls.
The National Technical Assistance Centre (NTAC), the part of
GCHQ responsible for assisting law enforcement and intelligence
agencies with decryption and data analysis, sits on this committee
(known as the “3GPP SA3 LI”) and their representative served as
Insecure by Design: Protocols for Encrypted Phone Calls
[Steven J. Murdoch/UCL]
After Deadspin's Laura Wagner published an incredible, brave, detailed look at how her new private equity masters -- Jim Spanfeller/Great Hill Partners -- were running Gawker now that they'd acquired it from Univision, the company (now called "G/O Media") struck back.
The Wall Street Journal investigates major corporations' ad buyers' practice of blacklisting of ads on news stories that deal with the world's most urgent issues, including any news story that contains the word "Trump" or "racism" or "gun" or "Brexit" or "suicide" (so much for reporting on the opioid epidemic).
For more than a decade, consumer rights groups (including EFF) worked with technologists and companies to try to standardize Do Not Track, a flag that browsers could send to online companies signaling that their users did not want their browsing activity tracked. Despite long hours and backing from the FTC, foot-dragging from the browser vendors […]
There’s no shortage of stories about the benefits of cannabidiol, that benign (and non-psychoactive) cousin of THC. Some have been using it for years to deal with pain, stress, and sleeplessness. And the more people use it, the more discussion there is about how to use it. While there’s no shortage of quality edibles on […]
Are we done with capsule coffee makers yet? Sure, they’re easy. But they are not so easy on the environment, and it’s debatable whether they actually make a better cup. Luckily, there’s never been a better time to switch back to the good old reliable drip method – especially when drip coffeemakers have quietly been […]
If there’s one thing that stayed consistent through the last decade or so of tech industry turmoil, it’s the love affair between techies and Linux. There’s just a ton you can do with the OS, and its open-source format means you can customize your rig from the ground up. Apparently not content with that level […]