Is Skype snooping on your conversations? [zdnet]
July 27, 2012 Leave a comment
Rumors rather than confirmed facts suggest that Microsoft, via its acquired Skype service is able to snoop on your Skype conversations. If true – and so far Microsoft has not been categorical in its responses – large enterprise will block this service as a matter of policy. That already happens in some organisations but will that be effective enough?
What’s going on? According to Slate:
Historically, Skype has been a major barrier to law enforcement agencies. Using strong encryption and complex peer-to-peer network connections, Skype was considered by most to be virtually impossible to intercept. Police forces in Germany complained in 2007 that they couldn’t spy on Skype calls and even hired a company to develop covert Trojans to record suspects’ chats. At around the same time, Skype happily went on record saying that it could not conduct wiretaps because of its “peer-to-peer architecture and encryption techniques.”
Recently, however, hackers alleged that Skype made a change to its architecture this spring that could possibly make it easier to enable “lawful interception” of calls. Skype rejected the charge in a comment issued to the website Extremetech, saying the restructure was an upgrade and had nothing to do with surveillance. But when I repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming. Citing “company policy,” Skype PR man Chaim Haas wouldn’t confirm or deny, telling me only that the chat service “co-operates with law enforcement agencies as much as is legally and technically possible.”
The issue for privacy advocates is how the centralizing of the “supernodes” on the Skype network might make it easier to “wiretap” conversations. The system is set up so that the nodes and “supernodes” create the connections between different users at which point the data traffic moves between the two (or more) “peers” that are having the conversation. As described in a story yesterday by Tim Verry of ExtremeTech, some hackers are charging that “Microsoft is re-engineering these supernodes to make it easier for law enforcement to monitor calls by allowing the supernodes to not only make the introduction but to actually route the voice data of the calls as well. In this way, the actual voice data would pass through the monitored servers and the call is no longer secure. It is essentially a man-in-the-middle attack, and it is made all the easier because Microsoft—who owns Skype and knows the keys used for the service’s encryption—is helping.”