UK Government Voice Encryption Standard Built for Key Escrow, Surveillance

Found on On The Wire on Tuesday, 19 January 2016

“The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers.”

“Although the words are never used in the specification, MIKEY-SAKKE supports key escrow. That is, if the network provider is served with a warrant or is hacked into it is possible to recover responder private keys and so decrypt past calls without the legitimate communication partners being able to detect this happening,” Murdoch wrote in his analysis.

“By design there is always a third party who generates and distributes the private keys for all users. This third party therefore always has the ability to decrypt conversations which are encrypted using these private keys,” Murdoch said by email.

They really never learn.

Browse all articles« Previous « » Next »