The mere threat of regulation is driving innovation in the direction of backdoors and surveillance compliance. And US law doesn’t require that, yet.

The move to in-house hosting of "supernodes" does not provide for monitoring or recording of calls. "Supernodes" help Skype clients to locate each other so that Skype calls can be made. Simply put, supernodes act as a distributed directory of Skype users. Skype to Skype calls do not flow through our data centres and the "supernodes" are not involved in passing media (audio or video) between Skype clients.

These calls continue to be established directly between participating Skype nodes (clients). In some cases, Skype has added servers to assist in the establishment, management or maintenance of calls; for example, a server is used to notify a client that a new call is being initiated to it and where the full Skype application is not running (e.g. the device is suspended, sleeping or requires notification of the incoming call), or in a group video call, where a server aggregates the media streams (video) from multiple clients and routes this to clients that might not otherwise have enough bandwidth to establish connections to all of the participants.

[....] Skype software autonomously applies encryption to Skype to Skype calls between computers, smartphones and other mobile devices with the capacity to carry a full version of Skype software as it always has done. This has not changed.

Ok, so Skype has access to users' communications encryption keys (or can enable others to impersonate as Skype users). What does this mean for the confidentiality of Skype calls? Skype may in fact be telling the truth when it tells journalists that it does not provide CALEA-style wiretap capabilities to governments. It may not need to. If governments can intercept and record the encrypted communications of users (via assistance provided by Internet Service Providers), and have the encryption keys used by both ends of the conversation -- or can impersonate Skype users and perform man in the middle attacks on their conversations, then they can decrypt the voice communications without any further assistance from Skype.

• Skype did make some infrastructure changes recently, which did increase the number of self-hosted supernodes, but those changes likely were to increase the quality of the product, and had little to do with law enforcement/surveillance.
• Skype has always had a program to provide available information to law enforcement if legally required to do so, but appears not to have made any major change to that program in quite some time. That program does not appear to include the ability to listen to calls.
• Skype to phone (or phone to Skype) calls have always been tappable, because they touch the public telephone network, where they can be intercepted.
• Skype to Skype calls remain encrypted, making it more difficult to "tap" them. However, because of the way Skype likely handles encryption keys, this does not mean that governments can't intercept the calls (or impersonate certain parties via Skype).
• In the end, then, it appears that much of this discussion is a whole lot of fuss about nothing particularly new -- but it is worth noting that your Skype calls probably were never quite as secure as you thought they were, even if they're somewhat more secure than some other offerings with little or no encryption and a central server. But if you're looking for 100% secure communications, Skype isn't it -- but that's not because of any change. It's likely always been that way.

While on a 1:1 audio call, users will see content that could spark additional topics of conversation that are relevant to Skype users and highlight unique and local brand experiences. So, you should think of Conversation Ads as a way for Skype to generate fun interactivity between your circle of friends and family and the brands you care about. Ultimately, we believe this will help make Skype a more engaging and useful place to have your conversations each and every day.

Skype has provided a great service for years, keeping us connected with friends and family. But there's always been one thing missing—marketers interrupting calls with giant display ads.

The analysis concludes, that the trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court. On the contrary, the design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired," commented a CCC speaker. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

The government malware can, unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping. This complete control over the infected PC – owing to the poor craftsmanship that went into this trojan – is open not just to the agency that put it there, but to everyone. It could even be used to upload falsified "evidence" against the PC's owner, or to delete files, which puts the whole rationale for this method of investigation into question.

[....]

The analysis also revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies's IT infrastructure could be attacked through this channel. The CCC has not yet performed a penetration test on the server side of the trojan infrastructure.

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities", commented a speaker of the CCC. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'".

Apple, Activision, Adobe, Autodesk, Capcom, Citrix, Corel, Dassault, Delcam, Square Enix, Electronic Arts, Frontrange Solutions, IBM, Intuit, Konami, Digital Entertainment, Maximizer Software, Nuance, Parametric Technology, Sage Software, Sega, Skype, SPSS, Teradata, THQ and Legacy Interactive

"The ban is on Skype on mobile internet, not on fixed, and this is due to the fact it is against the law since it bypasses the legal gateway," said Amr Badawy, the executive president of the National Telecommunication Regulatory Authority (NTRA).

Under Egyptian law, international calls must pass through a network controlled by majority state-owned Telecom Egypt, which this week reported disappointing earnings.

0. Skype has had a highly functional VoIP client for Windows Mobile devices for a few years. It allowed smartphone customers to use most features of Skype over WiFi OR a carrier's cellular data network. It was distributed around the carriers direct to customers of Skype, and was designed for those customers' benefit.
1. March 2009: Skype on iPhone is launched, but is unable to do VoIP over the 3G data channel because AT&T and Apple blocked that functionality. Skype, Google, the FCC, and consumers cried "foul" at AT&T and Apple.
2. Oct. 2009: After considerable FCC and consumer pressure, AT&T relents, and allows VoIP over 3G (and was even publicly applauded by Skype's CEO Josh Silverman). Skype users, naturally, expect an updated Skype version that will leverage 3G data.
3. Jan 16, 2010: Skype releases a new iPhone version which DOESN'T take advantage of the new leeway AT&T (and ostensibly Apple) allow for VoIP over 3G. Skype points fingers, mostly back at Apple.
4. Jan 27, 2010: Apple removes any 3G VoIP restrictions. Now there is nothing holding Skype from doing VoIP over 3G on iPhone.
5. Mid Feb, 2010: At MWC in Barcelona, Verizon and Skype announce a special version of the Skype app that will run on Verizon. While most press outlets rejoice at the "openness" Verizon wireless is finally showing,  it turns out to be a limited, crippled version, which is designed to fit Verizon's agenda, NOT customer wishes. This version can use the 3G data network, but just for chat and 'control', not for voice. It requires a >$10/mo data plan, is not available for phones with Wi-Fi, and 'Skype out' cannot be used to make domestic phone calls. In this deal, it appears that VZW paid Skype for some exclusivity in the USA.
6. Mid-Feb, 2010: Also at MWC, Skype CEO Silverman tells Om Malik that we can expect 3G VoIP on iPhone "Very soon", with no firm commitment.
7. Feb. 26, 2010: Skype completely pulls it's very functional Windows Mobile apps with little explanation, and no suggestion of when they might return. The app, which works fine, just goes away. Why pull the most functional Skype mobile app and leave only crippled versions?

"Nonetheless, the positive actions of one company are no substitute for a government policy that protects openness and benefits consumers. We're all looking forward to further developments that will let people use Skype on any device, on any network."

 "We have witnessed certain broadband providers unilaterally block access to phone calls delivered over data networks and implement technical measures that degrade the performance of peer-to-peer software distributing lawful content. And as many members of the Internet community and key congressional leaders have noted, there are compelling reasons to be concerned about the future of openness."