GCHQ, the UK's spy agency, designed a security protocol for voice-calling called MIKEY-SAKKE and announced that they'll only certify VoIP systems as secure if they use MIKEY-SAKKE, and it's being marketed as "government-grade security."
But a close examination of MIKEY-SAKKE reveals some serious deficiencies. The system is designed from the ground up to support "key escrow" -- that is, the ability of third parties to listen in on conversations without the callers knowing about it.
Although the words are never used in the specification, MIKEYSAKKE
supports key escrow. That is, if the network provider is
served with a warrant or is hacked into it is possible to recover
responder private keys and so decrypt past calls without the legitimate
communication partners being able to detect this happening.
Secure Chorus facilitates undetectable mass surveillance, in a way
that EDH based key encryption schemes would not. This is presented
as a feature rather than bug, with the motivating case in the
GCHQ documentation being to allow companies to listen to their
employees calls when investigating misconduct20, such as in the
The aim of GCHQ’s development of MIKEY-SAKKE – to weaken
security of in order to facilitate surveillance – is made clear through
their activity on the 3GPP standardisation committee responsible
for “Lawful Interception (LI)”: ensuring that law enforcement and
intelligence agencies are able to eavesdrop on 4G cellphone calls.
The National Technical Assistance Centre (NTAC), the part of
GCHQ responsible for assisting law enforcement and intelligence
agencies with decryption and data analysis, sits on this committee
(known as the “3GPP SA3 LI”) and their representative served as
Insecure by Design: Protocols for Encrypted Phone Calls
[Steven J. Murdoch/UCL]
Frontier is the bottom-rung of the top-tier of US ISPs, serving customers in 29 states. Despite enjoying monopoly control over its customers' online lives, and despite massive government handouts and a lackadaisical approach to maintenance, and despite out-and-out theft from customers, the company is filing for bankruptcy, having accumulated $16.3b in debt through mismanagement.
Bruce Schneier's Foreign Policy essay in 5G security argues that we're unduly focused on the possibility of Chinese manufacturers inserting backdoors or killswitches in 5G equipment, and not focused enough on intrinsic weakness in a badly defined, badly developed standard wherein "near-term corporate profits prevailed against broader social good."
Long before 4chan and other anything-goes forums existed, every major online community had a similar community: the Well had its "weird" forum, Usenet had alt.syntax.tactical (among others), and Something Awful had the "Fuck You and Die" forum, where people were funny, mean, obscene, and gross, sometimes all at once.
Even though it feels like Amazon is a singular retail juggernaut crushing everybody else, you might be surprised to learn that half of Amazon’s $280 billion in revenue last year came from third-party sellers. According to numbers compiled by JungleScout, 86 percent of Amazon’s Fulfilled by Amazon (FBA) sellers were profitable last year, more than […]
Amidst all the deadly serious concern and fallout from our global battle against COVID-19, you’ve likely been forced to confront more than a few moments that you never expected to face. And you likely never felt sillier during this scary time than when you were racing all over town hoping desperately that some store had […]
“It’s better to have it and not need it than to need it and not have it.” – “Lonesome Dove,” Larry McMurtry If the past few months have taught us anything, it’s that we need to be prepared now more than ever. Emergency situations can happen quickly and there’s no telling when you may need […]