GCHQ, the heart of the UK’s intelligence service, has developed its own encryption protocol, which it intends to incorporate into a wide range of products. The protocol is designed for use in VoIP (Voice over Internet Protocol) phone calls. Unfortunately, there’s a major problem with this encryption protocol: it has a significant flaw in its security that could be used as a backdoor. This backdoor could be used by third parties to listen in on conversations and other communications that utilise the encryption protocol.

The flaw in the protocol was discovered by Doctor Steven Murdoch, who works at University College London. Murdoch has stated that the flaw is “actively harmful for security” in almost all conceivable circumstances. More importantly, Murdoch has expressed the belief that the flaw was deliberately introduced in order to allow security services to carry out “undetectable and unauditable mass surveillance”. Murdoch’s suspicions are well-grounded; it is difficult to conceive of any other reason for GCHQ making their encryption protocol so insecure. 

GCHQ intends for its protocol to become widely-used in products that ordinary members of the public use. However, this has not happened yet. In fact, Doctor Steven Murdoch’s exposure of the potential backdoor may ensure that the encryption protocol is never widely adopted. However, if the protocol is eventually incorporated into commercial products, the impact on ordinary people would be significant.

If you’re passionate about privacy, widespread adoption of GCHQ’s encryption protocol could potentially be catastrophic for you, as it would mean that many internet-based phone communication options would no longer be secure and could theoretically be used by the security services to gather information on you. Of course, online communication services would still be available that don’t use GCHQ’s protocol, but you may have to check what encryption each service uses before utilising it.

GCHQ’s development of an encryption protocol with a potential backdoor could benefit security services, but its widespread use would be a blow against personal privacy. Perhaps it is best that the flaw was discovered before the protocol came into common use. The debate is certain to rage on. Do you believe GCHQ were taking a sensible security precaution by building a backdoor into their protocol, or were they violating civil liberties?