Techdirt. Stories filed under "skype"

Clearing The Air On Skype: Most Of What You Read Was Not Accurate, But There Are Still Reasons To Worry

Mike Masnick — Fri, 27 Jul 2012 11:59:34 PDT

Over the last few days there's been something of a firestorm of people claiming that Skype was letting police listen in on your calls. We had been among those who noted that Skype was, at the very least, no longer willing to make clear statements about whether the service was able to be wire-tapped. Skype to Skype calls are a direct person-to-person connection (rather than through a central server), so most people thought that they were not particularly tappable. That's not quite true. And, of course, if you use Skype as part of a phone call to or from a regular phone line, those calls would be tappable via traditional phone wiretaps.

The "Skype may be letting law enforcement listen in on your calls" furor took off in the following few days. The Washington Post reported that Skype was making it easier for law enforcement to get text chat and user data. It's not actually clear that this is true either (but more on that later). It then kicked into high gear, when Eric Jackson at Forbes (whom we've written about before for his bizarrely uninformed take on the Yahoo/Facebook patent fight and those who reported on it) wrote a ridiculously ignorant post claiming that Microsoft can listen in on all his Skype calls, based off an incredible misreading of the original post about Skype's refusal to comment directly on the wiretapping abilities.

Jackson's more level-headed colleague, Kash Hill, pushed back on Jackson's claims, but also noted that the law (in the US) is pretty clear that there is no legal requirement for Microsoft to make Skype tappable... but there have been regular efforts made to change that. Hill spoke to legal expert Jennifer Granick who pointed out that just the uncertainty and threat that such legislation might come down the road at some point seemed to be leading companies to make development decisions that left open the possibility of surveillance:

The mere threat of regulation is driving innovation in the direction of backdoors and surveillance compliance. And US law doesn’t require that, yet.

But what's actually happening, since so much of this seems to be conjecture and speculation? Well, as the attention and questions grew, Skype itself weighed in to "clarify." It noted that it has been installing more in-house "supernodes" (in the more distant past, various Skype users would act as supernodes) to improve quality for the directory -- but that Skype to Skype calls (again, not calls that touch the public telephone network) were still encrypted person-to-person calls:

The move to in-house hosting of "supernodes" does not provide for monitoring or recording of calls. "Supernodes" help Skype clients to locate each other so that Skype calls can be made. Simply put, supernodes act as a distributed directory of Skype users. Skype to Skype calls do not flow through our data centres and the "supernodes" are not involved in passing media (audio or video) between Skype clients.

These calls continue to be established directly between participating Skype nodes (clients). In some cases, Skype has added servers to assist in the establishment, management or maintenance of calls; for example, a server is used to notify a client that a new call is being initiated to it and where the full Skype application is not running (e.g. the device is suspended, sleeping or requires notification of the incoming call), or in a group video call, where a server aggregates the media streams (video) from multiple clients and routes this to clients that might not otherwise have enough bandwidth to establish connections to all of the participants.

[....] Skype software autonomously applies encryption to Skype to Skype calls between computers, smartphones and other mobile devices with the capacity to carry a full version of Skype software as it always has done. This has not changed.

But... is there still reason to be somewhat (though not hysterically) concerned? Perhaps. Chris Soghoian has the best post by far on what's known and what's unknown, which explains how Skype's person-to-person encryption may not be as totally untappable as some people assume. He notes that while the Skype to Skype calls are encrypted, Skype has access to the encryption key (he has a full explanation for how/why this is) and then explains what this likely means:

Ok, so Skype has access to users' communications encryption keys (or can enable others to impersonate as Skype users). What does this mean for the confidentiality of Skype calls? Skype may in fact be telling the truth when it tells journalists that it does not provide CALEA-style wiretap capabilities to governments. It may not need to. If governments can intercept and record the encrypted communications of users (via assistance provided by Internet Service Providers), and have the encryption keys used by both ends of the conversation -- or can impersonate Skype users and perform man in the middle attacks on their conversations, then they can decrypt the voice communications without any further assistance from Skype.

So there's a risk there, and Soghoian notes that Skype's reticence to set the record straight on exactly how it handles encryption leaves open this possibility. That is it's entirely possible that there are ways that law enforcement can intercept Skype calls, while Skype can still talk about its encryption, leaving the false impression that the calls are immune from interception. Soghoian also notes that the talk about Skype handing over info (not call access) to law enforcement is not new and has been known for quite some time (and, honestly, doesn't appear all that different from lots of other similar setups).

So, to summarize:

Skype did make some infrastructure changes recently, which did increase the number of self-hosted supernodes, but those changes likely were to increase the quality of the product, and had little to do with law enforcement/surveillance.
Skype has always had a program to provide available information to law enforcement if legally required to do so, but appears not to have made any major change to that program in quite some time. That program does not appear to include the ability to listen to calls.
Skype to phone (or phone to Skype) calls have always been tappable, because they touch the public telephone network, where they can be intercepted.
Skype to Skype calls remain encrypted, making it more difficult to "tap" them. However, because of the way Skype likely handles encryption keys, this does not mean that governments can't intercept the calls (or impersonate certain parties via Skype).
In the end, then, it appears that much of this discussion is a whole lot of fuss about nothing particularly new -- but it is worth noting that your Skype calls probably were never quite as secure as you thought they were, even if they're somewhat more secure than some other offerings with little or no encryption and a central server. But if you're looking for 100% secure communications, Skype isn't it -- but that's not because of any change. It's likely always been that way.

Permalink | Comments | Email This Story

Skype No Longer Willing To Claim That Its Calls Are Untappable By Law Enforcement

Mike Masnick — Tue, 24 Jul 2012 03:02:10 PDT

For years, we've noted that various governments have sought to be able to wiretap Skype -- and the company has always insisted that its peer-to-peer architecture made it impossible. Last year, however, some hackers suggested that there was now a backdoor in Skype. And now when a reporter for Slate, Ryan Gallagher, is pushing the company on this issue, it refuses to make a clear statement onto the ability to wiretap Skype calls. You can draw your own conclusions.

It is, of course, possible that this is just the tighter-lipped way of Microsoft, now that the software giant owns Skype, but it certainly is raising questions for those who believed that Skype was a safe way to hold conversations away from the ears of increasingly intrusive government surveillance. It seems like there's new incentive for others to work on truly secure voice communications.

Permalink | Comments | Email This Story

Hackers Claim That German Officials Have A Backdoor Trojan For Spying On Skype... Which Is A Huge Security Risk

Mike Masnick — Mon, 10 Oct 2011 16:13:43 PDT

For many years various governments have complained about the fact that Skype communications are encrypted, and have demanded backdoors. In the US, the FBI has been pushing hard for such backdoors. There have been some reports of applications that allow for wiretapping Skype, despite its supposed encryption, but not much in the way of details. Now the famed Chaos Computer Club (CCC) is claiming to have reverse engineered the "lawful interception" trojan being used by German law enforcement.

They got the program after a lawyer whose client was under investigation gave the CCC his client's hard drive, where the group found the code. As frequently happens with these kinds of things, the CCC found that the trojan actually introduces myriad security problems as well:

The analysis concludes, that the trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court. On the contrary, the design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer.

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired," commented a CCC speaker. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

The government malware can, unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping. This complete control over the infected PC – owing to the poor craftsmanship that went into this trojan – is open not just to the agency that put it there, but to everyone. It could even be used to upload falsified "evidence" against the PC's owner, or to delete files, which puts the whole rationale for this method of investigation into question.

[....]

The analysis also revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies's IT infrastructure could be attacked through this channel. The CCC has not yet performed a penetration test on the server side of the trojan infrastructure.

"We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities", commented a speaker of the CCC. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'".

Even without the fact that more capabilities can be added, the existing software is pretty powerful. It apparently can remotely control the computers that it's on, take screenshots of what's happening on the computer, including emails and personal messages. And yet, time and time again law enforcement asks us to "trust" them when they want the power to secretly install this kind of crap on people's computers?

Permalink | Comments | Email This Story

Australian Anti-Trolling Law Put To The Test After Guy Broadcasts Having Sex Via Skype

Mike Masnick — Thu, 5 May 2011 10:13:16 PDT

We've seen plenty of governments over the past few years trying to pass laws that effectively outlaw being a jerk online. You can recognize the emotional thinking behind this. People who are jerks are annoying. And, certainly, at some level trolling can get ridiculous. But having very broad laws with vague definitions about "causing offense," seems to open up a Pandora's box of potential problems. Reader charliebrown alerts us to the news of an "anti-trolling law" in Australia that is being put to the test in a case against two (male) cadets from the Australian Defense Academy, after one broadcast his consensual sexual encounter with a third (female) cadet to the second male cadet. The law being used is one that is apparently designed to punish "online conduct that a reasonable person would find to be menacing, harassing or causing offence."

If that seems insanely broad, you've noticed the problem. This certainly isn't to suggest that what the guy did was right or even legal. But it's dangerous to use such a broad law. The fact is, any law should be pretty specific. When it's as broad as causing offense on the internet, you've pretty much outlawed almost everything. Anyone can be offended pretty easily at almost anything they find online. The simple fact is that there are some serious jerks online (and these two guys seem to fit into that category easily). But we shouldn't outlaw being a jerk just for the sake of being a jerk.

Permalink | Comments | Email This Story

Police Using Skype To Get Warrants While At A Crime Scene

Mike Masnick — Wed, 30 Mar 2011 18:59:33 PDT

In this digital and connected age, many folks have discovered that the concept of a physical office is more and more outdated. Many of us can (and often do) work from anywhere. Apparently, a court in Florida is working under the same basic thought process as well. Copycense points us to the news that a judge in South Florida is working with police to let them use email and Skype while still at a crime scene to get a warrant. As one of the police officers noted: "It's like a virtual office and courtroom." So will other court functions start taking place this way soon as well? Who needs to sit around a courtroom for a trial when everyone can just login via Skype? Of course, you could (quite reasonably) argue that this is really no different than just using a phone to do the same thing...

Permalink | Comments | Email This Story

Rupert Murdoch Suing The Sky Out Of Skype

Mike Masnick — Wed, 11 Aug 2010 13:12:16 PDT

With Skype announcing a planned IPO this week, there didn't seem to be that much to comment on. However, people digging through the filing found one previously unknown tidbit that's generating some buzz. Apparently, the Rupert Murdoch-owned satellite broadcasting company BskyB has been involved in a long legal battle with Skype over its name. Apparently, BSkyB thinks anything using the letters "sky" infringes on its trademark. Of course, it's difficult to see how anyone could possibly be confused, but BSkyB claims to have market research that says otherwise, and apparently an EU ruling has agreed -- though Skype is planning to appeal.

Permalink | Comments | Email This Story

Indian Government Demands Right To Spy On Skype, Gmail, Blackberry Messages

Mike Masnick — Wed, 7 Jul 2010 01:46:01 PDT

Last year we noted that Indian intelligence officials were quite concerned about Skype, and the fact that they couldn't easily tap into communications on Skype. Two years ago, we noted a similar story concerning RIM Blackberry emails. Now Slashdot points us to the news that India's government is once again demanding that Skype and RIM make sure their services are in formats that can be read by law enforcement. A separate article says similar demands are being made on Google with respect to Gmail.

Of course, last time this happened (with RIM, at least), RIM pointed out that there's simply no way for it to decrypt email sent by users, since it's based on an encryption key set up by the end user. In response, the Indian government claimed that it had cracked the encryption used by Blackberries and was able to monitor messages sent via those devices. Of course, the fact that it's now pressuring RIM to format messages in easily spied-upon ways, certainly suggests the news of the cracking of Blackberry's encryption was somewhat exaggerated.

Permalink | Comments | Email This Story

Congress May Finally Be Allowed To Use Skype To Talk To Constituents

Mike Masnick — Mon, 3 May 2010 04:17:54 PDT

Ah, Congress. It's really amazing how the folks in charge of regulating the technology industry basically aren't allowed to use it. Two years ago, we wrote about concerns among some in Congress, that using YouTube violated House rules. Later that year, a slightly misguided flare-up occurred when folks realized that the rules also forbade the use of Twitter (the misguided part was an attempt to turn it into a partisan thing). Eventually these things got sorted out, but basically, it appears that Congressional reps can't use certain new technologies without first getting those technologies approved.

The latest on the list? Skype. Despite having been around much longer than either YouTube or Twitter, apparently Skype is not on the approved list. There's now a push for Skype to be allowed, so that Congressional reps can chat with constituents using the communications tool.

The whole thing seems ridiculous. Did Congress also have to get approval before Representatives were allowed to use the telephone? It's difficult to understand why forward-looking elected officials need to get special permission to try out communication tools that can help them better represent their constituents.

Permalink | Comments | Email This Story

The Real Reason Skype's App For Verizon Phones Won't Work On WiFi

Carlo Longino — Thu, 15 Apr 2010 18:27:00 PDT

Back in March, Derek Kerton noted in a post here on Techdirt some peculiarities popping up around Skype's plans for mobile devices. In particular, he pointed out how Skype announced a version of its client for several smartphones on the Verizon network, but the app looked crippled because it couldn't function over WiFi and routed Skype calls over a standard voice connection. When the app became available, I downloaded it for my Android device on Verizon, and I too, noticed that it forced me to shut off the WiFi connection on my device. This didn't make much sense to me: I'm already paying for a flat-rate data plan, so it's not as if this would force me to spend more money. In addition, given the way that mobile operators have been saying their networks are overwhelmed by data traffic, why would they force me to use the mobile network when I could offload the Skype traffic to a WiFi connection? Then, when I placed a Skype call through the app and saw that it was actually routed through a voice call to an access number, I was confused even more.

As Derek noted, the Skype app for Verizon followed a series of several other moves that call into question Skype's actual commitment to open networks, and that combined with US operators' historical positions against openness, it was natural to assume that the app shut off WiFi on Android devices because of some nefarious purpose. But Verizon has explained itself, saying the app behaves this way because of a combination of technology and legality. In short, Verizon lawyers felt like voice calls made through Skype needed to be treated like standard voice calls from a legal perspective. This means conforming to 911 regulations, as well as the CALEA act, which opens networks to wiretapping by law enforcement. Verizon contends that CALEA dictates that call-signaling info travel over its data network, rather than unknown (and possibly unsecure) WiFi. This is where the technology comes in: apparently it's impossible for the Skype app on Android to choose to use the Verizon data network if the device is connected to WiFi. So therefore it has to completely shut off the WiFi connection to be sure its data travels over the mobile network. On BlackBerry devices, this isn't the case, so the app doesn't force users to shut off their WiFi.

Given mobile operators' past penchant for closing off their networks, it's forgivable that somebody would assume one had nefarious purposes for blocking WiFi access to Skype. That may not be the case in this narrow instance -- but many of Derek's other questions about Skype's much-touted commitment to openness remain unanswered.

Permalink | Comments | Email This Story

Indian Intelligence Officials Want To Block Skype

Mike Masnick — Tue, 13 Oct 2009 13:13:00 PDT

Skype and other VoIP tools have become quite useful for reaching people around the world. I know that, recently, when my wife happened to be in India on a trip, being able to call her via Skype was incredibly useful. It's a good thing she's back now, as reader Shailendra alerts us to the news that Indian intelligence officials are once again asking the government to consider banning Skype. The reason I say "once again" is that I remember similar proposals from a few years back that went nowhere. The official concern, of course, is that "bad people" may use Skype to communicate in a way that can't easily be tapped or traced. But that's going to happen no matter what. If Skype is banned, people will still figure out a way to use it, or they'll migrate to some other tool. Banning Skype or other VoIP providers isn't fixing a problem, it's pretending a problem doesn't really exist.

Permalink | Comments | Email This Story

Skype Tech Licensing Soap Opera Continues: Founders Sue eBay, New Buyers For Copyright Infringement

Mike Masnick — Thu, 17 Sep 2009 00:27:32 PDT

Over the summer, we wrote about the bizarre and protracted legal dispute concerning whether or not eBay actually had the rights to the core technology in Skype. Skype's founders, Janus Friis and Niklas Zennstrom, claim that they retained the right to the core technology in a separate company called Joltid, and that they terminated eBay's license to that technology. There's a legal battle already underway about that, but apparently that's not enough, as Joltid has now filed a separate copyright infringement lawsuit against eBay and the list of investors who recently bought out a big chunk of Skype from eBay. The thing that still amazes me is that pretty much everyone realized right away that it made no sense for eBay to buy Skype. That was a bad idea from the very beginning. But finding out that the purchase price didn't even include the core technology, and that Joltid had the ability to revoke the license, makes the purchase almost monumentally bad.

Permalink | Comments | Email This Story

Proof Of Concept Skype Wiretapping Malware Released

Mike Masnick — Mon, 31 Aug 2009 01:25:38 PDT

One of the benefits of Skype was that, due to the way it works (P2P, encrypted communications), it made it much more difficult to do any sort of wiretap. This has upset various governments who are used to having the ability to wiretap any voice communications. However, it's never impossible. The most obvious way is to simply create some sort of trojan that gets installed on one user's computer that has audio recording abilities -- and Symantec is going around hyping up the fact that source code for just such a trojan has been released. Of course, even Symantec admits that there's no evidence of the code actually being used in the wild -- it seems more like a proof-of-concept. On top of that, it's hardly a new idea. Nearly a year ago, we talked about how German authorities were accused of using something that sounded quite similar. Still, it is a good reminder that even if you're using an encrypted Skype call, at either end of that call, the audio is decrypted, and a well-placed recording system can capture it.

Permalink | Comments | Email This Story

Skype Founders Claim eBay No Longer Has A Right To Skype's Core Tech

Mike Masnick — Fri, 31 Jul 2009 03:45:23 PDT

As you know, eBay bought Skype for a ton of money a few years back, without having any real plan for what to do with it. There were no synergies between the two, and about the best that can be said for eBay's ownership of Skype is that they didn't kill it (though, frankly, the new UI is so bad, it makes me wonder what they were thinking) and let it continue to grow organically. Earlier this year, eBay finally announced plans to spin off Skype. Fair enough. It can probably do a lot more outside of eBay than from within. However, it turns out that there may be a bit of a legal hitch, as Skype's founders claim that eBay/Skype no longer have the legal rights to Skype's underlying technology. Apparently, the claim is that Niklas Zennstrom and Janus Friis and a separate company they ran, Joltid, only licensed the underlying technology to eBay/Skype for a limited time -- and that deal has now concluded. The two companies are scheduled to fight this out in court.

There are a few interesting asides to all of this. First, it reminds me of how Zennstrom and Friis ended up in another lawsuit a few years back, also involving questions about licensing the core underlying technology of Skype. There's a lot of background here, and not all the details are clear (at all), but that original case involved the claim that Zennstrom and Friis used the same core underlying technology that they used to build Kazaa to build Skype. Way back, Zennstrom and Friis had created two operations: Kazaa and FastTrack, which created the underlying tech used in Kazaa. However, they also licensed FastTrack to a company called Streamcast, that made a product called Morpheus that competed with Kazaa in the file sharing space. Got that?

The folks at Streamcast insist that part of their contract with FastTrack was that they had a right of first refusal on buying the underlying technology. But then, all sorts of stuff happened, with Kazaa being sold off to a group in the South Pacific, but Zennstrom and Friis supposedly retaining some core technology which (Streamcast claims) they used to build Skype. Then, once Skype sold, Streamcast claimed that the whole thing was an elaborate shell game, but in selling the Skype underlying technology, Streamcast claimed that Zennstrom and Friis violated their agreement on having a right of first refusal on purchasing the technology.

Yet, now I'm left wondering if that original claim was true. If the current claim is that Joltid still "owns" the original technology and Skype/eBay only licensed it, then the technology itself might never have actually been sold (unless, we're talking about two separate core underlying technologies... which is possible).

Still... the bigger question? How the hell did eBay make a deal and not make sure it had either purchased (entirely) the core underlying technology or had a guaranteed perpetual license that couldn't be revoked? The eBay Skype purchase was bad enough already. Could it be even more ridiculous in that eBay didn't even properly purchase the technology in question? It seems preposterous to believe that a company could screw up an acquisition that monumentally, so you have to wonder if it's actually true.

In the meantime, since there are questions about how eBay can rebuild Skype's underlying core technology without violating the many patents in the space, it makes you wonder if eBay may be forced to simply buy someone else's technology. Maybe it's time to call up the Gizmo Project (which has built a very Skype-like product) to see what they're up to these days. Though, can you imagine eBay needing to buy another company just to power Skype so it can be spun off again? Yikes!

Permalink | Comments | Email This Story

T-Mobile Germany Tries The Jedi Mind Trick With Mobile Skype

Carlo Longino — Thu, 14 May 2009 19:52:35 PDT

The Skype app for the iPhone proved to be an instant hit, topping App Store download charts around the world, including Germany, where T-Mobile reminded its customers that using Skype, or any other VoIP app, could get them kicked off its network. The operator now says it's "looking at different ways of dealing with VoIP", perhaps including offering some special plan where users would have to pay some fee to use VoIP. It also says it's not actively blocking any voice apps, although when it begins selling the Nokia N97 smartphone later this year, the Skype application that's normally pre-installed on the device will be stripped out. T-Mobile's justification for removing the app is great: it's not because they don't want people undermining voice revenues by using Skype, but because "by not putting Skype on, subscribers could choose from a number of VoIP apps, and not be limited to just one." That's as opposed to having Skype pre-installed, and customers being able to download and install any other VoIP app alongside it. Only in the world of mobile operators does removing choices for customers actually increase customer choice.

Permalink | Comments | Email This Story

Want To Get Out Of Your iPhone Contract on T-Mobile Germany? Easy, Just Use Skype

Carlo Longino — Thu, 2 Apr 2009 21:21:00 PDT

Skype has gotten some press this week after it announced the availability of a an iPhone client for its service (except in Canada, though, thanks to patent issues). The application only works over WiFi, though, and not the cellular data network. Operators typically say these restrictions are in order to prevent the use of massive amounts of bandwidth and harm network performance for other users; what seems more likely is they're worried that Skype will "steal voice minutes" away from their network. That's a silly belief though, because when users are already paying for a big bundle of minutes, and have unlimited off-peak minutes, and so on, it's not very likely they'll go to the trouble of using Skype for most calls. Perhaps the only ones they'd use such an application for are for calls they weren't going to make through the operator's network anyway -- such as international calls, for which they'd use a cheaper landline, a calling card, or wait until they're in front of a PC. Blocking Skype from working over the mobile network only hurts the operators by putting up a barrier in front of customers, it really doesn't protect any revenues. But no matter, the blocking -- or worse -- goes on. In Germany, where Skype is the top download from the App Store, T-Mobile (the operator which sells the iPhone there) is threatening to terminate the contracts of customers who use Skype on their iPhones, because the contracts prohibit the use of VoIP services. That's a nice touch: play by our rules, or you'll no longer have the privilege of giving us your money. You know, that doesn't sound so bad, because then users are free to take their business elsewhere. Although, as Skype's general counsel points out, every other mobile operator in Germany also bans VoIP.

Permalink | Comments | Email This Story

Yes, China Is Spying On Skype Conversations

Mike Masnick — Thu, 2 Oct 2008 10:32:00 PDT

Remember how Skype was supposed to be "untappable" due to end-to-end encryption? Well, we've already seen that's not true, thanks to leaks that showed the German government had figured out ways to tap Skype, and it will probably come as no surprise to many that China has been tapping and storing Skype conversations. Some of the findings of this report are not new. Back in 2005, reports came out that various Chinese telecoms were investing in special "filters" for Skype that would block conversations using certain keywords. But, of course, it seemed rather obvious that if they were blocking those keywords, they would also use them to spy on what people were talking about. Besides, if the telecoms didn't filter or record Skype, the Chinese government made it clear that it would block the use of Skype altogether.

The only really surprising part of the new report was the fact that the folks storing the messages did it so poorly that the researchers who discovered it were easily able to go in and read messages from others. It's rather telling to note the responses from the two companies involved. A Skype spokesperson told the Wall Street Journal: "The idea that China's government might be monitoring communications in and out of the country shouldn't surprise anyone." No, it shouldn't surprise anyone, but one might think it's rather troubling that Skype promotes itself as having end-to-end encryption, when that's clearly not true. Even more telling, the only thing about this report that seemed to actually concern representatives from Skype was the fact that the conversations had been readable by outsiders, again, telling the WSJ that the "security issue" had been "remedied" by Skype's partner in China, TOM Group. In other words, Skype isn't so concerned about users being spied on, but it is concerned when people can figure out that users are being spied on.

As for TOM Group, its response is pretty much exactly what you'd expect on this issue: "as a Chinese company, we adhere to rules and regulations in China where we operate our businesses." In other words, the government says they need to spy, so we let them spy. Nothing too surprising, but important for folks to know if they somehow thought that Skype's supposed end-to-end encryption actually kept conversations secret in China.

Permalink | Comments | Email This Story

German Authorities Raiding Homes To Find Skype Tapping Whistleblower

Mike Masnick — Thu, 18 Sep 2008 04:09:11 PDT

Apparently a whistleblower recently leaked some evidence that German authorities were using a special trojan horse software to tap Skype audio conversations. The document detailing this was leaked to the German Pirate Party, one of many international "Pirate Parties" that have been formed in recent years to push for more reasonable government policies on a variety of fronts from intellectual property to privacy and government surveillance. Illegally tapping Skype conversations may be illegal, but it seems that German authorities are a lot more interested in tracking down who leaked the documents and have raided the homes of various German Pirate Party members, confiscating computer equipment. Of course, if anything, this would seem to confirm that the government was at least experimenting with, if not actively using, such a trojan horse wiretapping program -- and the raids have only served to generate much more attention over that fact.

Permalink | Comments | Email This Story

Then Again, eBay Claims It's Still Hunting For Skype Synergies

Mike Masnick — Fri, 18 Apr 2008 15:11:33 PDT

Just a month ago, the guy in charge of Skype finally admitted that eBay had given up trying to find the mythical "synergies" between eBay and Skype as the few they had suggested turned out not to exist. Apparently, Skype's GM isn't on the same page as his boss, eBay CEO John Donahoe. He was just quoted saying that eBay will spend this year trying to find synergies with Skype and if it still can't find any, it may sell off or spinoff the unit. Given the lack of synergies so far and the massive write down on the purchase price, you have to figure they're going to be digging pretty deep to turn up any kind of synergy between Skype and eBay.

Permalink | Comments | Email This Story

Chinese Going Off The Official Telco System To Call Taiwan

Mike Masnick — Tue, 11 Mar 2008 19:09:41 PDT

Paul Kedrosky points us to the news that, for the first time in 11 years, the "official" volume of phone calls from China to Taiwan has dropped rather significantly. Both the Digitimes report and Kedrosky suspect (reasonably) that this shows how many Chinese are jumping to use services like Skype to make these calls. Skype has long had a popular following in China, so this shouldn't be a huge surprise -- but it does make you wonder if the Chinese government will follow the path of various countries like Bangladesh, Belarus, Namibia and Jordan in banning Skype. We've already seen some experiments in China with blocking or banning certain types of calls. If the government feels that too many people are using these services, don't be surprised to see a wider ban enacted.

Permalink | Comments | Email This Story

German Government Struggles To Tap Encrypted Skype Calls

Timothy Lee — Mon, 28 Jan 2008 11:24:00 PST

The Wikileaks project is starting to bear fruit, with documents leaked to the site beginning to get a lot of attention. The latest example is correspondence between the German government and a vendor (via Slashdot) that apparently makes software for intercepting Skype calls. Interestingly, the interception technology appears to be pretty primitive and rather expensive. The software has to be installed on the Skype client, and the vendor suggests that this can be accomplished by attaching a trojan to an e-mail or physically entering the premises to install the software on the target machine. And, evidently, only Windows 2000 and XP are supported; Vista support is still in the works. The company charges thousands of euros per target computer. This suggests that Skype's encryption technology is secure against at least the eavesdropping techniques available to the German government. Apparently they haven't found a way to decode encrypted Skype traffic off the wire, so they're forced to resort to these fairly cumbersome attacks on Skype clients -- attacks that are no more convenient for law enforcement than simply bugging the target's office. That suggests that the risk of comprehensive government surveillance of online telephony is still a fair ways off. If you encrypt your online activities, they're probably pretty secure. Of course, it's entirely possible that other government agencies, such as the NSA, have more sophisticated eavesdropping technology that they haven't shared with the Germans. My guess is that any government agencies possessing really sophisticated eavesdropping tools are also less likely to have their private documents show up on Wikileaks.

Permalink | Comments | Email This Story

German Proposal Gives A New Perspective On 'Spyware'

Timothy Lee — Tue, 27 Nov 2007 17:10:58 PST

A VoIP expert has unveiled new proof-of-concept software that allows an attacker to monitor other peoples' VoIP calls and record them for later review. Unencrypted VoIP really isn't very secure; if you have access to the raw network traffic of a call, it's not too hard to reconstruct the audio. Encrypted traffic is another story. German officials have discovered that when suspects use Skype's encryption feature, they aren't able to decode calls even if they have a court order authorizing them to do so. Some law enforcement officials in Germany apparently want to deal with this problem by having courts give them permission to surreptitiously install spying software on the target's computer. To his credit, Joerg Ziercke, president of Germany's Federal Police Office, says that he's not asking Skype to put back doors in its software. But the proposal still raises some serious question. Once the installation of spyware becomes a standard surveillance method, law enforcement will have a vested interest in making sure that operating systems and VoIP applications have vulnerabilities they can exploit. There will inevitably be pressure on Microsoft, Skype, and other software vendors to provide the police with backdoors. And backdoors are problematic because they can be extremely difficult to limit to authorized individuals. It would be a disaster if the backdoor to a popular program like Skype were discovered by unauthorized individuals. A similar issue applies to anti-virus software. If anti-virus products detect and notify users when court-ordered spyware is found on a machine, it could obviously disrupt investigations and tip off suspects. On the other hand, if antivirus software ignores "official" spyware, then spyware vendors will start trying to camouflage their software as government-installed software to avoid detection. Ultimately, there may be no way for anti-spyware products to turn a blind eye to government-approved spyware without undermining the effectiveness of their products.

Hence, I'm skeptical of the idea of government-mandated spyware, although I don't think it should be ruled out entirely. That may sound like grim news for law enforcement, which does have a legitimate need to eavesdrop on crime suspects. But it's important to keep in mind that law enforcement officials do have other tools at their disposal. If they're not able to install software surveillance tools, it's always possible to do it the old-fashioned way--in hardware. Law enforcement agencies can always sneak into a suspect's home (with a court order, of course) and install bugging devices. That tried and true method works regardless of the communications technology being used.

Permalink | Comments | Email This Story

Skype Outage Highlights How Skype Is A Bit More Centralized Than Expected

Mike Masnick — Thu, 16 Aug 2007 11:32:01 PDT

Lots of folks (including many of us here at Techdirt) have discovered that VoIP/IM service Skype is having a pretty massive outage right now, where most, if not all, Skype users simply cannot login. There are plenty of alternatives for people to use, but for those who are used to using Skype (or who use it as a phone replacement, as some do), it's probably a bit of a nuisance. Still, this has to raise some questions. Part of the value of P2P networks was supposed to be their lack of a central point of failure. The idea was you couldn't easily take down (or censor) a P2P network for that reason. With Skype, the fact is that it wasn't completely a P2P app, as the authentication was still centralized. However, this may make some people wonder. After all, there were accusations in the past that Kazaa wasn't really decentralized, and it was Kazaa's founders who built Skype -- and some have said that they simply reused Kazaa's underlying code in building Skype. So, don't be surprised to see some question how decentralized Skype really is after seeing a failure like this one.

Permalink | Comments | Email This Story