Amid all the arguments about encryption ongoing in the press and government right now, it’s easy to forget that it’s something that GCHQ and other intelligence agencies have been railing against for some time. I turns out that in 2010, it helped to reject a smartphone encryption standard that would have made surveillance harder and make it easier to detect.
GCHQ is currently pushing a new encryption key standard for mobiles in the UK, known as MIKEY-SAKKE, which as security researcher Steven Murdoch recently detailed, has a huge backdoor in it to allow unfiltered surveillance of anyone using it. This is important, because it’s this platform that the intelligence agency has repeatedly pushed for over other standards, like the more secure MIKEY-IBAKE.
There’s a reason the building looks like a three pronged Goatse.
The IBAKE method of key distribution was proposed back in 2010, but as a document from a meeting at that time reveals, GCHQ’s decryption and data analysis branch, the National Technical Assistance Centre, poo-pooed it, citing that it would cause delays in snooped on conversations, which might make it obvious to those being spied on. It would also make it harder to go back and listen to past calls.
As The Register points out though, the most worrisome part of all of this, is that the MIKEY-SAKKE alternative that was pushed first back in 2010, is now being marketed by governments and commercial entities as a way to better security on smartphones, when in-fact it opens up a backdoor to make it much easier for the NSA and GCHQ to spy on people.
They’re selling snake venom and calling it an antidote.
As Murdoch puts it: “The properties that MIKEY-SAKKE offers are actively harmful for security. It creates a vulnerable single point of failure, which would require huge effort, skill and cost to secure – requiring resource beyond the capability of most companies.”
Discuss on our Facebook page, HERE.
KitGuru Says: Weakening security standards not only makes it easier for governments to spy on their own people, but also makes it more likely that foreign nations and other nefarious groups can do the same. The godlike power to snoop in on every one will be abused and helps foster a strange, patriarchal role for GCHQ employees too.