Verizon’s end-to-end encryption has back door

back-doorUS carrier Verizon really does not understand why people want end-to-end encryption on their phone lines.

The outfit just announced that it is bringing in an expensive service which guarantees security by providing the sort of encryption on the line which users want following the Edward Snowden revelations.

Verizon Voice Cypher, the product introduced with the encryption company Cellcrypt, offers business and government customers’ end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can connect to an organization’s secure phone system. All this will cost you $45 per device each month.

All sounds good but then comes the part which Verizon and Cellcrypt fail to understand why people want their product in the first place.

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they are able to prove that there is a legitimate law enforcement reason for doing so.

Seth Polansky, Cellcrypt’s vice president for North America, said building technology to allow wiretapping was not a security risk. “It’s only creating a weakness for government agencies,” he says. “Just because a government access option exists, it doesn’t mean other companies can access it.”

While Verizon is required by US law to build networks that can be wiretapped, the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. All Verizon and Cellcrypt needed to do is structure their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

Verizon believes major demand for its new encryption service will come from governmental agencies conveying sensitive but unclassified information over the phone. It might have a point – such agencies want encryption and do not have to worry about others snooping on them.