Skype No Longer Willing To Claim That Its Calls Are Untappable By Law Enforcement

from the well-now... dept

For years, we’ve noted that various governments have sought to be able to wiretap Skype — and the company has always insisted that its peer-to-peer architecture made it impossible. Last year, however, some hackers suggested that there was now a backdoor in Skype. And now when a reporter for Slate, Ryan Gallagher, is pushing the company on this issue, it refuses to make a clear statement onto the ability to wiretap Skype calls. You can draw your own conclusions.

It is, of course, possible that this is just the tighter-lipped way of Microsoft, now that the software giant owns Skype, but it certainly is raising questions for those who believed that Skype was a safe way to hold conversations away from the ears of increasingly intrusive government surveillance. It seems like there’s new incentive for others to work on truly secure voice communications.

Filed Under: , ,
Companies: microsoft, skype

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Skype No Longer Willing To Claim That Its Calls Are Untappable By Law Enforcement”

Subscribe: RSS Leave a comment
F! says:


I understand Jitsi in combination with XMPP(Jabber) can do encrypted end-to-end connections, mostly for text but I think voice is available. I think TorChat utilizes the Tor network for increased privacy.

I’ve heard good things about Asterisk VOIP software, but I don’t know much about it…

Been casually keeping an eye out for secure communication tools over the years, that’s about the best I can come up with. Any other ideas?

Anonymous Coward says:

Re: Alternatives?

“I’ve heard good things about Asterisk VOIP software, but I don’t know much about it…”

I can inform you on this point.

First of all, Asterisk is not a VoIP client. Asterisk is a software implementation of a PBX. Put simply, what it does is receive calls (usually VoIP calls, though, with the appropriate hardware, you could also handle calls from the telephone network) and forward them to an appropriate destination.

For example, you could implement an asterisk dialplan (a funny work for “script”) where, when callers dial in, they are greeted with a voice prompt that says “Press 1 to go to Tech Support, Press 2 to go to sales…” (you get the picture).

And then, when they, for example, press 1, they are sent to a queue (where they get to listen to loud music and voice prompts that reassure them that “your call is important to us”), until they are eventually picked up by a human. Call proceeds normally from then on. This is just a simple example. The call manipulation possibilities Asterisk offers are virtually endless.

I, personally, have some experience with it, having used it at work to implement a call center for a small operation – a painful experience, mind you, but a rewarding one, since I knew next to nothing in regards to VoIP.

In my experience, I’ve learned that documentation is scarce, and configuration is somewhat painful. The way some of its features are implemented sometimes seem archaic and not at all flexible, making you have to jump through hoops to do something that should have been simple. But it is light on resources and gets the job done rather well after it is up and running.

Asterisk has a bunch of interesting features for call centers and telephone networks in general, but I doubt end-users would be interested. Unless you want to build a VoIP network of some sort from the ground up to replace Skype’s network, Asterisk is not for you. And even if you are, there is probably software out there that is better suited for such things.

Anonymous Coward says:

Re: Alternatives?

The whole group is called “softphones” you can search for it.

Just pay attention to the “encryption”
And how the keys are negotiated, if it depends on third parties that can be tapped and bugged, if you have to give the key to someone personally that is the secure option.

This protocol does not require prior shared secrets or rely on a Public key infrastructure (PKI) or on certification authorities, in fact ephemeral Diffie-Hellman keys are generated on each session establishment: this allows the complexity of creating and maintaining a trusted third-party to be bypassed.

The ways that don’t need “trusted third parties” to manage keys are the best bets.

Ninja (profile) says:

I personally don’t do anything unlawful or illegal (in my country at least, I’d be screwed on copyright grounds in the US or so I think). But, come on, if I had to do anything illegal I’d be using open source communication tools with end-to-end encryption. I wonder if the Govts are just naive or if what they want is to really just control the average Joe/Jane. Any criminal with half a brain will take several steps to conceal their activities online.

Machin Shin (profile) says:

Re: Re:

Well you see, here in the US the government works really hard to have nothing but the best crooks. It does all these stupid things to catch the people making stupid mistakes.

Then it takes these people and tosses them into criminal training (I’m sorry, I mean prison). This way they can all get together and learn from each other.

As an added measure they put a little check in the box next to “felon” in their record to make sure once they are out of school (prison) they are not able to get a real job anymore.

Anonymous Coward says:

Re: Re:

ZRTP capable for Lin, Mac and Win.

Please note that capable doesn’t mean it will always use that, in a world of many protocols people tend to make things to work with the most number of other protocols which can be a problem if you want to track the security of the communications because you can’t see easily which protocol is being used.

Now if you come to the darkside you can have even more choices. Linux rule the secure softphone market.

Anonymous Coward says:

Re: Re:

Is Mumble encrypted?

Your whole communication to and from the server is always encrypted. This encryption is mandatory and cannot be disabled. The so-called control channel, which transports your chat messages and other non-time critical information, is encrypted with TLS using 256 bit AES-SHA. The voice channel carrying speech and positional audio is encrypted with OCB-AES 128 bit. You and the server authenticate to each other using digital certificates like they are used for secured connections in Web-browsers.

The TLS part is what makes it vulnerable to snooping.

Really Really Really? says:

Skype has been bought off n sold out

Skype now puts ads in the calls, if you review the servers it connects to it literally connects to over 10+ IP addresses just at log in not to mention how many more it connects to when you place a call… If your so worried about people listening to you or privacy don’t use VoIP….

OoVoO & Mumble FTW

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...