Skype No Longer Willing To Claim That Its Calls Are Untappable By Law Enforcement

from the well-now... dept

For years, we've noted that various governments have sought to be able to wiretap Skype -- and the company has always insisted that its peer-to-peer architecture made it impossible. Last year, however, some hackers suggested that there was now a backdoor in Skype. And now when a reporter for Slate, Ryan Gallagher, is pushing the company on this issue, it refuses to make a clear statement onto the ability to wiretap Skype calls. You can draw your own conclusions.

It is, of course, possible that this is just the tighter-lipped way of Microsoft, now that the software giant owns Skype, but it certainly is raising questions for those who believed that Skype was a safe way to hold conversations away from the ears of increasingly intrusive government surveillance. It seems like there's new incentive for others to work on truly secure voice communications.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: privacy, skype, wiretapping
Companies: microsoft, skype


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    F!, 24 Jul 2012 @ 3:09am

    Alternatives?

    I understand Jitsi in combination with XMPP(Jabber) can do encrypted end-to-end connections, mostly for text but I think voice is available. I think TorChat utilizes the Tor network for increased privacy.

    I've heard good things about Asterisk VOIP software, but I don't know much about it...

    Been casually keeping an eye out for secure communication tools over the years, that's about the best I can come up with. Any other ideas?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Jul 2012 @ 4:26am

      Re: Alternatives?

      "I've heard good things about Asterisk VOIP software, but I don't know much about it..."

      I can inform you on this point.

      First of all, Asterisk is not a VoIP client. Asterisk is a software implementation of a PBX. Put simply, what it does is receive calls (usually VoIP calls, though, with the appropriate hardware, you could also handle calls from the telephone network) and forward them to an appropriate destination.

      For example, you could implement an asterisk dialplan (a funny work for "script") where, when callers dial in, they are greeted with a voice prompt that says "Press 1 to go to Tech Support, Press 2 to go to sales..." (you get the picture).

      And then, when they, for example, press 1, they are sent to a queue (where they get to listen to loud music and voice prompts that reassure them that "your call is important to us"), until they are eventually picked up by a human. Call proceeds normally from then on. This is just a simple example. The call manipulation possibilities Asterisk offers are virtually endless.

      I, personally, have some experience with it, having used it at work to implement a call center for a small operation - a painful experience, mind you, but a rewarding one, since I knew next to nothing in regards to VoIP.

      In my experience, I've learned that documentation is scarce, and configuration is somewhat painful. The way some of its features are implemented sometimes seem archaic and not at all flexible, making you have to jump through hoops to do something that should have been simple. But it is light on resources and gets the job done rather well after it is up and running.

      Asterisk has a bunch of interesting features for call centers and telephone networks in general, but I doubt end-users would be interested. Unless you want to build a VoIP network of some sort from the ground up to replace Skype's network, Asterisk is not for you. And even if you are, there is probably software out there that is better suited for such things.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Jul 2012 @ 6:00am

      Re: Alternatives?

      The whole group is called "softphones" you can search for it.

      http://www.voipsupply.com/blog/free-sip-softphone-roundup
      https://en.wikipedia.org/wiki/Soft phone

      Just pay attention to the "encryption"
      https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol
      And how the keys are negotiated, if it depends on third parties that can be tapped and bugged, if you have to give the key to someone personally that is the secure option.

      This protocol does not require prior shared secrets or rely on a Public key infrastructure (PKI) or on certification authorities, in fact ephemeral Diffie-Hellman keys are generated on each session establishment: this allows the complexity of creating and maintaining a trusted third-party to be bypassed.

      https://en.wikipedia.org/wiki/ZRTP

      The ways that don't need "trusted third parties" to manage keys are the best bets.

      https://en.wikipedia.org/wiki/Comparison_of_VoIP_software

      https://en.wikipedia.org/wiki/ IP_Phone
      https://en.wikipedia.org/wiki/List_of_SIP_software

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Jul 2012 @ 3:20am

    Of COURSE they can be tapped for years! Search "Megaupload" and "Skype" on Google. The USA DOJ lists over 100 Intercepted Skype calls over a three year period as evidence for extradition.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Jul 2012 @ 3:21am

    Conspiracy

    M$ built that backdoor so they could stay in the pockets of government.

    \paranoiddelusions

    link to this | view in chronology ]

  • icon
    Mesonoxian Eve (profile), 24 Jul 2012 @ 3:28am

    This is the same company who gives Linux keys to law enforcement to by pass its own operating system.

    But I've said this before: if you believe there's privacy when you're using these programs, Microsoft isn't the one to blame.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 24 Jul 2012 @ 4:22am

    I personally don't do anything unlawful or illegal (in my country at least, I'd be screwed on copyright grounds in the US or so I think). But, come on, if I had to do anything illegal I'd be using open source communication tools with end-to-end encryption. I wonder if the Govts are just naive or if what they want is to really just control the average Joe/Jane. Any criminal with half a brain will take several steps to conceal their activities online.

    link to this | view in chronology ]

    • icon
      Machin Shin (profile), 24 Jul 2012 @ 6:13am

      Re:

      Well you see, here in the US the government works really hard to have nothing but the best crooks. It does all these stupid things to catch the people making stupid mistakes.

      Then it takes these people and tosses them into criminal training (I'm sorry, I mean prison). This way they can all get together and learn from each other.

      As an added measure they put a little check in the box next to "felon" in their record to make sure once they are out of school (prison) they are not able to get a real job anymore.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Jul 2012 @ 4:58am

    Skype has no backdoors people.

    Now build the Ironic Mustache Twitter Interface to appreciate those words.
    http://www.instructables.com/id/Ironic-Mustache-Twitter-Interface/

    link to this | view in chronology ]

  • icon
    drew (profile), 24 Jul 2012 @ 5:32am

    and BAM!

    Business opportunity for someone else.

    link to this | view in chronology ]

  • icon
    Christopher (profile), 24 Jul 2012 @ 6:23am

    Government needs to be told that they cannot wiretap people (or scan all people's calls) without a warrant pointing to a specific phone or a specific person.

    One or the other. "Eschelon" or whatever they are now calling it needs to be killed, it's just a way to harass people who dare to speak out against government policies.

    link to this | view in chronology ]

  • icon
    Greevar (profile), 24 Jul 2012 @ 7:43am

    There's only one way to have secure communication.

    I need a quantum entanglement communicator. There's no way to tap that, since there is no transmission medium to tap into.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Jul 2012 @ 7:49am

    Ok, so what's a good open source alternative to Skype that works on Windows, Mac, and Linux, supports encryption, and is roughly no more difficult than Skype to install, set up an account on, and use?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Jul 2012 @ 12:23pm

      Re:

      ZRTP capable for Lin, Mac and Win.

      https://en.wikipedia.org/wiki/Jitsi
      https://en.wikipedia.org/wiki/Linphone

      Please note that capable doesn't mean it will always use that, in a world of many protocols people tend to make things to work with the most number of other protocols which can be a problem if you want to track the security of the communications because you can't see easily which protocol is being used.

      Now if you come to the darkside you can have even more choices. Linux rule the secure softphone market.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Jul 2012 @ 7:56am

    I heard about a project called GNU Free Call that was announced around the time Microsoft purchased Skype. It was supposed to be a Skype replacement, but I haven't heard any news about it since the announcement last year.

    Is GNU Free Call still in development, or did the project die off?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Jul 2012 @ 8:31am

    GNU/PGP voice?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Jul 2012 @ 8:52am

    Of COURSE they can be tapped for years! Search "Megaupload" and "Skype" on Google. The USA DOJ lists over 100 Intercepted Skype calls over a three year period as evidence for extradition.

    link to this | view in chronology ]

  • icon
    Violated (profile), 24 Jul 2012 @ 9:05am

    Skype calls recorded

    The FBI certainly tapped the Skype calls of the Mega employees when they say as much in the Mega indictment. What they do not say was if this Skype invasion was done under a court order or not.

    link to this | view in chronology ]

  • identicon
    Rekrul, 24 Jul 2012 @ 10:43am

    The words "Microsoft" and "safe" don't belong in the same sentence.

    link to this | view in chronology ]

  • icon
    AzureSky (profile), 24 Jul 2012 @ 11:59am

    mumble/murmur is a free opensource equivlant to Ventrilo or TeamSpeak, its encrypted end to end, and it works on pretty much any OS you want.

    http://mumble.sourceforge.net/

    it also is easy to adjust on a per client basis for bandwidth, even people on dialup can use it without issues :)

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Jul 2012 @ 12:41pm

      Re:

      Is Mumble encrypted?

      Your whole communication to and from the server is always encrypted. This encryption is mandatory and cannot be disabled. The so-called control channel, which transports your chat messages and other non-time critical information, is encrypted with TLS using 256 bit AES-SHA. The voice channel carrying speech and positional audio is encrypted with OCB-AES 128 bit. You and the server authenticate to each other using digital certificates like they are used for secured connections in Web-browsers.

      http://mumble.sourceforge.net/FAQ#Is_Mumble_encrypted.3F

      The TLS part is what makes it vulnerable to snooping.
      https://en.wikipedia.org/wiki/Transport_Layer_Security

      link to this | view in chronology ]

  • identicon
    Really Really Really?, 24 Jul 2012 @ 7:37pm

    Skype has been bought off n sold out

    Skype now puts ads in the calls, if you review the servers it connects to it literally connects to over 10+ IP addresses just at log in not to mention how many more it connects to when you place a call... If your so worried about people listening to you or privacy don't use VoIP....

    OoVoO & Mumble FTW

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Jul 2012 @ 8:11pm

    Did anybody seriously think otherwise?

    link to this | view in chronology ]

  • identicon
    molly, 18 Sep 2012 @ 5:15am

    nice info, thanx!) but as for me, i prefer to use this skype calls recorder http://www.imcapture.com/IMCapture_for_Skype/, i heard a lot of positive opinions about it!)

    link to this | view in chronology ]

  • identicon
    http://buyserviceonline.blogspot.com, 16 Feb 2013 @ 2:40am

    http://buyserviceonline.blogspot.com

    best skype alternatives to make free landphone and mobile call worldwide cheap
    http://buyserviceonline.blogspot.com/2013/02/best-skype-alternatives-to-make-free.html

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.