Skype raises eyebrows over security and wire-tapping
Our audience is smart enough to know that no electronic system of communication is impervious to eavesdropping and there’s very little out there that’s near 100% secure. So it should come as no surprise that Skype is getting some publicity of its internal network restructuring that started occurring once Microsoft acquired the company last year.
The charge: Microsoft is reconfiguring the Skype network so that it Law Enforcement Agencies (LEA) can have access to intercept calls over the network to aid in investigations.
The reality is of course convoluted with no concrete evidence but it’s worth mentioning what exactly is going on here. So head past the break to get the scoop.
Skype Headquarters? (Orig. image via South Park)
As Rafael Rivera explained a few months ago is his article about Skype and Windows Phone, Skype’s original network operated on a peer-to-peer node system which means that Skype only initiated the calls but the actual communication was one-to-one with no one as the middleman.
That structure also has the benefit of being very difficult to intercept. In fact, Skype used to brag about its security and LEA used to lament it because they could not listen in on to calls. Instead, LEA would have to use a Trojan-attack on the target’s machine to gain access (as opposed to remote access, wire-tapping, etc.).
The downside to the network is it can get messy with no real way to harness and control it, especially if you wanted to unify the system to roll it out across various services like Office 2013, Xbox 360 or Windows Phone.
Sometime in late spring, Microsoft started to reconfigure the network making it more centralized by giving-called ‘super nodes’ more power. Our understanding of these changes was because Microsoft is starting to re-do Skype in order to align it with the company’s vision for future VOIP services. Presumably off-loading some of the server-work from peers to super-nodes will take the processing power off of the end-user and will allow Microsoft to tailor services. That’s our understanding.
The more malevolent and somewhat conspiratorial reason is Microsoft is doing this just to appease LEA so that Skype is now vulnerable to eavesdropping—or rather to make it easier for them to do so.
This idea does have some merit. For instance, right after Microsoft bought Skype it won a controversial patent for “legal intercept” technology designed to be used with VOIP services like Skype to “silently copy communication transmitted via the communication session.” Okay, even we’ll admit that is highly coincidental and is curious.
What’s more, the US Government is asking internet companies for a “back door” to their software for LEA purposes by amending the Communications Assistance for Law Enforcement Act, or CALEA (1994), in essence making software “wire-tap friendly”. In other words this is more than a Skype issue.
Microsoft and Skype are not confirming nor denying it either telling Slate only that they (Skype, Microsoft) “co-operates with law enforcement agencies as much as is legally and technically possible” (we already know they store chat logs for instant messages up to 30 days). Before we jump on that statement as a confirmation, remember Microsoft does not necessarily want to advertise the fact that they can’t track you either as that’s tantamount to inviting potential criminal activity to their network.
So when you combine the re-working of the Skype network, Microsoft’s patent, changes to CALEA along with Microsoft’s “cooperation” with LEA and we can see how “Skype is no longer safe for secure calls” can be interpreted.
Our feeling on the matter was this move to re-organize Microsoft’s Skype was being done for strategic purposes anyway but the government’s request and Redmond’s patent probably was a convenient option to exercise as well. Has Microsoft actually done this? We just don’t know.
Bottom line, which you already knew is don’t use Skype if you’re a political dissident or concerned about privacy. What is interesting though is noting previously how hard it was to crack Skype for LEA. Either way, hopefully you now know a bit more on the topic.