The UK government's voice-over-IP standard is designed to be backdoored


[Read the post]


“Government-grade security” doesn’t carry the same cachet as it did fifty years ago. The opposite, in fact.


Craven government security?


So let me get this straight.
We will only certify your protocol as secure if you ensure it complies with our deliberately insecure standard.

In other words, we will expressly NOT certify secure networks as secure, and we will ONLY certify insecure networks as secure.

Suit up, Yossarian! One more flight.


Surely, “government-grade” should mean of a quality that government officials would use. Would David Cameron be happy that his communications would be open to anyone who stole the key, or wasn’t he supposed to know how vulnerable his comms are?


I wonder if it’s necessary to see if various USG resources regarding encryption/computer security (NIST, US-CERT, and FTC among others) have been removed or are in the process of being removed/updated/redacted. Because that would seriously suck.

Way to fail, UK leadership. I strongly hope that the USG sees the stupidity of this particular path.


Where are the security standards of yesteryear?


“Gentlemen don’t read each other’s mail.” — Henry Stimson, Secretary of State, 1929–1933


In fact, it sounds like a slogan from fifty years ago. Now it just comes across as a joke. Like it’s more plausible to imagine that it’s furtive dig at the people he’s working for by some latter-day Winston Smith working in a government law office somewhere than that it’s actually serious.


Guys, guys. We would have cut you a great deal on a supply of mint condition new-old-stock MYK-78 “Clipper” chips with the rockin’ power of Skipjack! Why bother rolling your own when a bargain like that is in town?

closed #11

This topic was automatically closed after 5 days. New replies are no longer allowed.