GCHQ already had developed an “insecure by design” end-to-end phone encryption protocol (as opposed to link encryption) that contains a backdoor: MIKEY-SAKKE, as discovered by University College London researcher Steven J. Murdoch
He describes this in a quite interesting (and lengthy) article on his appropriately called blog:
access to private keys would be provided by companies operating communication networks, and so may be more vulnerable to hacking, intimidation of employees or insider abuse, as well as allowing less oversight.
The design of MIKEY-SAKKE is motivated by the desire to allow undetectable and unauditable mass surveillance, which may be a requirement in exceptional scenarios such as within government departments processing classified information.
MIKEY-SAKKE is the latest example to raise questions over the policy of many governments, including the UK, to put intelligence agencies in charge of protecting companies and individuals from spying, given the conflict of interest it creates.
RFC 6509 : MIKEY-SAKKE: Sakai-Kasahara Key Encryption in Multimedia Internet KEYing (MIKEY)
This document describes the Multimedia Internet KEYing-Sakai-Kasahara Key Encryption (MIKEY-SAKKE), a method of key exchange that uses Identity-based Public Key Cryptography (IDPKC) to establish a shared secret value and certificateless signatures to provide source authentication. MIKEY-SAKKE has a number of desirable features, including simplex transmission, scalability, low-latency call setup, and support for secure deferred delivery.