Skype No Longer Willing To Claim That Its Calls Are Untappable By Law Enforcement

from the well-now... dept

For years, we've noted that various governments have sought to be able to wiretap Skype -- and the company has always insisted that its peer-to-peer architecture made it impossible. Last year, however, some hackers suggested that there was now a backdoor in Skype. And now when a reporter for Slate, Ryan Gallagher, is pushing the company on this issue, it refuses to make a clear statement onto the ability to wiretap Skype calls. You can draw your own conclusions.

It is, of course, possible that this is just the tighter-lipped way of Microsoft, now that the software giant owns Skype, but it certainly is raising questions for those who believed that Skype was a safe way to hold conversations away from the ears of increasingly intrusive government surveillance. It seems like there's new incentive for others to work on truly secure voice communications.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    F!, Jul 24th, 2012 @ 3:09am

    Alternatives?

    I understand Jitsi in combination with XMPP(Jabber) can do encrypted end-to-end connections, mostly for text but I think voice is available. I think TorChat utilizes the Tor network for increased privacy.

    I've heard good things about Asterisk VOIP software, but I don't know much about it...

    Been casually keeping an eye out for secure communication tools over the years, that's about the best I can come up with. Any other ideas?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 3:20am

    Of COURSE they can be tapped for years! Search "Megaupload" and "Skype" on Google. The USA DOJ lists over 100 Intercepted Skype calls over a three year period as evidence for extradition.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 3:21am

    Conspiracy

    M$ built that backdoor so they could stay in the pockets of government.

    \paranoiddelusions

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Řyvind, Jul 24th, 2012 @ 3:23am

    Re:

    The FBI reportedly used Skype IMs, not Skype Calls. Or am I mistaken?

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Mesonoxian Eve (profile), Jul 24th, 2012 @ 3:28am

    This is the same company who gives Linux keys to law enforcement to by pass its own operating system.

    But I've said this before: if you believe there's privacy when you're using these programs, Microsoft isn't the one to blame.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Ninja (profile), Jul 24th, 2012 @ 4:22am

    I personally don't do anything unlawful or illegal (in my country at least, I'd be screwed on copyright grounds in the US or so I think). But, come on, if I had to do anything illegal I'd be using open source communication tools with end-to-end encryption. I wonder if the Govts are just naive or if what they want is to really just control the average Joe/Jane. Any criminal with half a brain will take several steps to conceal their activities online.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 4:26am

    Re: Alternatives?

    "I've heard good things about Asterisk VOIP software, but I don't know much about it..."

    I can inform you on this point.

    First of all, Asterisk is not a VoIP client. Asterisk is a software implementation of a PBX. Put simply, what it does is receive calls (usually VoIP calls, though, with the appropriate hardware, you could also handle calls from the telephone network) and forward them to an appropriate destination.

    For example, you could implement an asterisk dialplan (a funny work for "script") where, when callers dial in, they are greeted with a voice prompt that says "Press 1 to go to Tech Support, Press 2 to go to sales..." (you get the picture).

    And then, when they, for example, press 1, they are sent to a queue (where they get to listen to loud music and voice prompts that reassure them that "your call is important to us"), until they are eventually picked up by a human. Call proceeds normally from then on. This is just a simple example. The call manipulation possibilities Asterisk offers are virtually endless.

    I, personally, have some experience with it, having used it at work to implement a call center for a small operation - a painful experience, mind you, but a rewarding one, since I knew next to nothing in regards to VoIP.

    In my experience, I've learned that documentation is scarce, and configuration is somewhat painful. The way some of its features are implemented sometimes seem archaic and not at all flexible, making you have to jump through hoops to do something that should have been simple. But it is light on resources and gets the job done rather well after it is up and running.

    Asterisk has a bunch of interesting features for call centers and telephone networks in general, but I doubt end-users would be interested. Unless you want to build a VoIP network of some sort from the ground up to replace Skype's network, Asterisk is not for you. And even if you are, there is probably software out there that is better suited for such things.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 4:37am

    Re: Conspiracy

    MS Patented that backdoor.


    \NotThatParanoid

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Chargone (profile), Jul 24th, 2012 @ 4:46am

    Re: Conspiracy

    ... i think your / tag only needs half the words it currently has.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 4:58am

    Skype has no backdoors people.

    Now build the Ironic Mustache Twitter Interface to appreciate those words.
    http://www.instructables.com/id/Ironic-Mustache-Twitter-Interface/

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    arcan, Jul 24th, 2012 @ 5:08am

    Re: Re: Conspiracy

    1.5 words?

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    drew (profile), Jul 24th, 2012 @ 5:32am

    and BAM!

    Business opportunity for someone else.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 6:00am

    Re: Alternatives?

    The whole group is called "softphones" you can search for it.

    http://www.voipsupply.com/blog/free-sip-softphone-roundup
    https://en.wikipedia.org/wiki/Soft phone

    Just pay attention to the "encryption"
    https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol
    And how the keys are negotiated, if it depends on third parties that can be tapped and bugged, if you have to give the key to someone personally that is the secure option.

    This protocol does not require prior shared secrets or rely on a Public key infrastructure (PKI) or on certification authorities, in fact ephemeral Diffie-Hellman keys are generated on each session establishment: this allows the complexity of creating and maintaining a trusted third-party to be bypassed.

    https://en.wikipedia.org/wiki/ZRTP

    The ways that don't need "trusted third parties" to manage keys are the best bets.

    https://en.wikipedia.org/wiki/Comparison_of_VoIP_software

    https://en.wikipedia.org/wiki/ IP_Phone
    https://en.wikipedia.org/wiki/List_of_SIP_software

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 6:06am

    Re: Re: Alternatives?

    Introdutory article about privacy and security of softphones.
    http://www.freesoftwaremagazine.com/articles/secure_voip_calling_free_software_right_to _privacy

    39 free softphones from 2009.
    http://www.venturevoip.com/news.php?rssid=2188

    Yay!

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 6:10am

    Re: Re: Alternatives?

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Machin Shin (profile), Jul 24th, 2012 @ 6:13am

    Re:

    Well you see, here in the US the government works really hard to have nothing but the best crooks. It does all these stupid things to catch the people making stupid mistakes.

    Then it takes these people and tosses them into criminal training (I'm sorry, I mean prison). This way they can all get together and learn from each other.

    As an added measure they put a little check in the box next to "felon" in their record to make sure once they are out of school (prison) they are not able to get a real job anymore.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Christopher (profile), Jul 24th, 2012 @ 6:23am

    Government needs to be told that they cannot wiretap people (or scan all people's calls) without a warrant pointing to a specific phone or a specific person.

    One or the other. "Eschelon" or whatever they are now calling it needs to be killed, it's just a way to harass people who dare to speak out against government policies.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Greevar (profile), Jul 24th, 2012 @ 7:43am

    There's only one way to have secure communication.

    I need a quantum entanglement communicator. There's no way to tap that, since there is no transmission medium to tap into.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 7:49am

    Ok, so what's a good open source alternative to Skype that works on Windows, Mac, and Linux, supports encryption, and is roughly no more difficult than Skype to install, set up an account on, and use?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 7:56am

    I heard about a project called GNU Free Call that was announced around the time Microsoft purchased Skype. It was supposed to be a Skype replacement, but I haven't heard any news about it since the announcement last year.

    Is GNU Free Call still in development, or did the project die off?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 8:31am

    GNU/PGP voice?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 8:52am

    Of COURSE they can be tapped for years! Search "Megaupload" and "Skype" on Google. The USA DOJ lists over 100 Intercepted Skype calls over a three year period as evidence for extradition.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Violated (profile), Jul 24th, 2012 @ 9:05am

    Skype calls recorded

    The FBI certainly tapped the Skype calls of the Mega employees when they say as much in the Mega indictment. What they do not say was if this Skype invasion was done under a court order or not.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 10:22am

    Re: Re:

    Yes, IMs, not calls.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Rekrul, Jul 24th, 2012 @ 10:43am

    The words "Microsoft" and "safe" don't belong in the same sentence.

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    AzureSky (profile), Jul 24th, 2012 @ 11:59am

    mumble/murmur is a free opensource equivlant to Ventrilo or TeamSpeak, its encrypted end to end, and it works on pretty much any OS you want.

    http://mumble.sourceforge.net/

    it also is easy to adjust on a per client basis for bandwidth, even people on dialup can use it without issues :)

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 12:23pm

    Re:

    ZRTP capable for Lin, Mac and Win.

    https://en.wikipedia.org/wiki/Jitsi
    https://en.wikipedia.org/wiki/Linphone

    Please note that capable doesn't mean it will always use that, in a world of many protocols people tend to make things to work with the most number of other protocols which can be a problem if you want to track the security of the communications because you can't see easily which protocol is being used.

    Now if you come to the darkside you can have even more choices. Linux rule the secure softphone market.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 12:41pm

    Re:

    Is Mumble encrypted?

    Your whole communication to and from the server is always encrypted. This encryption is mandatory and cannot be disabled. The so-called control channel, which transports your chat messages and other non-time critical information, is encrypted with TLS using 256 bit AES-SHA. The voice channel carrying speech and positional audio is encrypted with OCB-AES 128 bit. You and the server authenticate to each other using digital certificates like they are used for secured connections in Web-browsers.

    http://mumble.sourceforge.net/FAQ#Is_Mumble_encrypted.3F

    The TLS part is what makes it vulnerable to snooping.
    https://en.wikipedia.org/wiki/Transport_Layer_Security

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    Blatant Coward (profile), Jul 24th, 2012 @ 4:22pm

    Re: Re: Conspiracy

    I think all it needs is /blackhelicoptors.wav

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Really Really Really?, Jul 24th, 2012 @ 7:37pm

    Skype has been bought off n sold out

    Skype now puts ads in the calls, if you review the servers it connects to it literally connects to over 10+ IP addresses just at log in not to mention how many more it connects to when you place a call... If your so worried about people listening to you or privacy don't use VoIP....

    OoVoO & Mumble FTW

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 8:11pm

    Did anybody seriously think otherwise?

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Jul 24th, 2012 @ 9:03pm

    Re: Re: Conspiracy

    On the bright side, it makes all other software companies willing to comply with their government to build wiretap functionality have to pay big sum to Microsoft.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    molly, Sep 18th, 2012 @ 5:15am

    nice info, thanx!) but as for me, i prefer to use this skype calls recorder http://www.imcapture.com/IMCapture_for_Skype/, i heard a lot of positive opinions about it!)

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    http://buyserviceonline.blogspot.com, Feb 16th, 2013 @ 2:40am

    http://buyserviceonline.blogspot.com

    best skype alternatives to make free landphone and mobile call worldwide cheap
    http://buyserviceonline.blogspot.com/2013/02/best-skype-alternatives-to-make-free.html

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This