German Government Struggles To Tap Encrypted Skype Calls

from the crypto-works dept

The Wikileaks project is starting to bear fruit, with documents leaked to the site beginning to get a lot of attention. The latest example is correspondence between the German government and a vendor (via Slashdot) that apparently makes software for intercepting Skype calls. Interestingly, the interception technology appears to be pretty primitive and rather expensive. The software has to be installed on the Skype client, and the vendor suggests that this can be accomplished by attaching a trojan to an e-mail or physically entering the premises to install the software on the target machine. And, evidently, only Windows 2000 and XP are supported; Vista support is still in the works. The company charges thousands of euros per target computer. This suggests that Skype's encryption technology is secure against at least the eavesdropping techniques available to the German government. Apparently they haven't found a way to decode encrypted Skype traffic off the wire, so they're forced to resort to these fairly cumbersome attacks on Skype clients -- attacks that are no more convenient for law enforcement than simply bugging the target's office. That suggests that the risk of comprehensive government surveillance of online telephony is still a fair ways off. If you encrypt your online activities, they're probably pretty secure. Of course, it's entirely possible that other government agencies, such as the NSA, have more sophisticated eavesdropping technology that they haven't shared with the Germans. My guess is that any government agencies possessing really sophisticated eavesdropping tools are also less likely to have their private documents show up on Wikileaks.

Filed Under: encryption, germany, skype, trojans, voip, wiretapping
Companies: skype

Sprint Shoots For Patent Litigation Rather Than Innovation

from the not-this-again dept

We've noticed a certain pattern among tech companies once they run into business problems. Rather than figuring out how to improve their product by innovating, they resort to patent litigation. It's an all too common practice, unfortunately -- and can be a sign of how strongly a company believes in its own ability to actually innovate. Perhaps the latest to follow this unfortunate trend is Sprint. Sprint is clearly facing a number of problems in its effort to innovate out of trouble, so it probably will come as no surprise that it's now going after a bunch of small companies for patent infringement, concerning the same VoIP patents it used to squeeze money out of Vonage. Just as Verizon did with its Vonage patent windfall, Sprint has decided to turn around and sue more companies. Though, unlike Verizon, Sprint is focusing on smaller players who probably have even fewer resources to defend themselves, making them more likely to quickly settle, rather than deal with the cost and uncertainty of a lengthy patent lawsuit.

Filed Under: innovation, patents, voip
Companies: sprint

Will VoIP Finally Get Hacked?

from the we-shall-see... dept

Ever since VoIP first came on the scene, there were fear mongering reports saying that you shouldn't use VoIP because it will get hacked. However, in all these years, we've yet to hear a serious report of VoIP getting hacked -- and, even the scary warnings about VoIP hackers have quieted down. Yet, here we are, with a security company now claiming that 2008 will be the year that VoIP gets hacked. Of course, that security company is also selling a solution to prevent VoIP systems from getting hacked, so perhaps you should take the prediction with a rather large grain of salt. So which is it: is hacking VoIP networks not that easy? Is the fear overblown? Or have we just been lucky?

Filed Under: hacked, predictions, voip

Drunk Off Patent Success Against Vonage, Verizon Moves On To Cox

from the who's-next dept

Having successfully sued Vonage over VoIP patents, despite an inferior product and plenty of prior art, it appears that Verizon is seeing who else it can sue for VoIP patent infringement. First on the list is cable provider Cox, who offers VoIP to its customers, just like most cable providers these days. A successful lawsuit against Cox would almost definitely mean additional lawsuits against all the other cable providers, who have also been much more successful than Verizon in actually offering a VoIP service that customers find useful. Of course, in this day and age, it seems that rather than improve the product, the answer is to sue everyone else for patent infringement. Just like the Founding Fathers intended.

Filed Under: cable companies, patents, voip
Companies: cox, verizon

Quick! Who Else Has A VoIP Patent That Vonage Can Settle Over?

from the sue-and-settle! dept

We've covered in too much detail how it's some sort of "open season" on Vonage when it comes to VoIP patents. After dealing with ridiculous and expensive patent lawsuits from companies who failed to actually innovate in the same way Vonage did, the company was pressured by Wall Street to quickly settle the various patent lawsuits filed against the company. Of course, rather than settle matters, that simply opened the door for other companies to go searching through their patent portfolios to see if there was anything they could sue Vonage over. Indeed, following those settlements it didn't take long for AT&T to dig up a patent and sue -- which was quickly settled as well. Thought things were over? No such luck. Nortel just showed up last month to sue and it took all of about a week and a half for Vonage to settle that case as well.

The Nortel case is slightly different because Vonage actually already had a patent infringement lawsuit going against Nortel, but it wasn't really initiated by Vonage. Instead, it had been initiated by a patent holding firm that Vonage bought in 2006. The end result of the settlement doesn't involve money changing hands, but just a cross licensing agreement for the patents. So what's the big lesson that Vonage and others have learned from this? It's certainly got nothing to do with innovating. It's to hoard as many patents as possible so that you have your own nuclear stockpile for when someone else sues you. Want to know why the USPTO is overwhelmed? It's not because there aren't enough examiners (as some will claim) or that there aren't enough funds. It's because the way the system now works is that you are supposed to file patents on every tiny little advancement so you can use it to protect yourself against lawsuits from everyone else. That's not about innovation. It's about waste. In the meantime, since it's still open season at Vonage, who's going to be next? There are a ton of other patents in the VoIP space that can surely be used in a lawsuit, right?

Filed Under: lawsuits, patent thicket, patents, settlements, voip
Companies: nortel, vonage

And Another One: Nortel Latest To Sue Vonage Over VoIP Patents

from the who-else? dept

A "patent thicket" is when so many different entities claim patents on a particular space or product, it becomes nearly impossible for any company to actually put a product out in that space without either having to pay ridiculous patent license fees or face a series of patent lawsuits. There are plenty of patent thickets out there -- and a big one is in the VoIP space. The concept of using internet protocol for voice communications has been out there for ages, and there were lots of attempts to get such a service working in the late 90s. While technically it was possible, the real problem was that most users didn't want to go through the hassle of setting things up to use VoIP. Vonage was the first company to get past that hurdle by making things easy: you plug a box into your modem, and then you plug in a phone -- and everything works just like your current telephone. It was this simplicity, combined with a big advertising campaign, that made VoIP popular. It certainly wasn't the basic technology advances that almost everyone in the space had figured out well before. Yet, Vonage's ability to attract users made lots of other firms jealous, leading to a series of patent lawsuits. Earlier this year, under pressure from Wall Street, Vonage agreed to settle such patent lawsuits from Verizon and Sprint, as well as some tiny patent holders. As we noted at the time, this was simply flinging the gates wide open -- and anyone who had any kind of patent related to VoIP should probably sue Vonage as fast as possible.

AT&T couldn't resist and dredged up some VoIP patents itself. And, sure enough, Vonage quickly settled. Of course, that wouldn't be the end. Now along comes Nortel, who has also sued Vonage for infringing on nine separate patents. To be fair, Vonage may have also brought this one on itself, having first sued Nortel over its own patents, leading Nortel to retaliate. You would have hoped that Vonage would have learned its lesson that patent battles aren't particularly helpful, but it appears that the company took away the wrong lesson, and is hoping to get in on the patent dollar bonanza. All we're really seeing is a blatantly clear explanation of how patents are holding back innovation, rather than promoting the progress of useful sciences. Update In the comments, someone from Vonage notes that the company did not quite initiate this, as the lawsuit actually came from another company that Vonage acquired.

Filed Under: patent thicket, patents, voip
Companies: nortel, vonage

WiFi On Airplanes Coming. Does That Mean Airborne Skype?

from the we-can-hope dept

The New York Times says that several airlines are testing in-flight Internet services. JetBlue will apparently be offering free, but crippled service that includes only email and instant messaging. And Crunchgear suggests it will be even more crippled than that: only Yahoo! and BlackBerry-based mail and IM will be supported. For a lot of travelers (including me) that will be completely useless, although I guess something is better than nothing. At the opposite extreme, American (along with Alaska Air) is reportedly working on full-featured Internet access that will allow you to use the applications of your choice, but it will apparently cost around $10. The Times also notes the most intriguing possibility for this service: that Internet access may mean the ability to make VoIP-based phone calls. It's not clear that the Internet connection will be good enough to make phone calls practical initially, but as technology advances, it's only a matter of time before there's enough bandwidth to make calls practical.

The Times calls this a "pitfall" and says that American won't permit Internet-based phone calls. But I have trouble imagining that ban sticking. Once it becomes technologically feasible to make calls, it will be extremely difficult for airlines to enforce a no-calls rule. There's no automated way to block phone calls, and stewardesses will have a difficult time policing the activities of dozens of passengers. The only way it would work is if the caller's neighbor was willing to rat him out, and I suspect that fellow passengers are a lot more opposed to the idea of cell phones on airplanes in the abstract than they would be about an actual cell phone caller in the seat next to them. After all, cell phone calls are commonplace on buses and trains, and while they're occasionally annoying, they're no more annoying than a loud real-life conversation or a crying baby. There's no groundswell of support for banning cell phone calls on public transit, despite the fact that the annoyance factor is exactly the same. One possibility is that we'd see different airlines cater to different customers, with some airlines aggressively prohibiting airplane-based phone calls and others allowing them. My guess is that business travelers, who generate a disproportionate share of airline revenues, will find the ability to get work done on the airplane to be worth the minor inconvenience of occasionally having to listen to a neighbor's phone call, and so airlines that permit calls will be more profitable.

Filed Under: in-flight wireless, voip, wifi
Companies: american airlines, jetblue

German Proposal Gives A New Perspective On 'Spyware'

from the big-brother-is-hacking-yo dept

A VoIP expert has unveiled new proof-of-concept software that allows an attacker to monitor other peoples' VoIP calls and record them for later review. Unencrypted VoIP really isn't very secure; if you have access to the raw network traffic of a call, it's not too hard to reconstruct the audio. Encrypted traffic is another story. German officials have discovered that when suspects use Skype's encryption feature, they aren't able to decode calls even if they have a court order authorizing them to do so. Some law enforcement officials in Germany apparently want to deal with this problem by having courts give them permission to surreptitiously install spying software on the target's computer. To his credit, Joerg Ziercke, president of Germany's Federal Police Office, says that he's not asking Skype to put back doors in its software. But the proposal still raises some serious question. Once the installation of spyware becomes a standard surveillance method, law enforcement will have a vested interest in making sure that operating systems and VoIP applications have vulnerabilities they can exploit. There will inevitably be pressure on Microsoft, Skype, and other software vendors to provide the police with backdoors. And backdoors are problematic because they can be extremely difficult to limit to authorized individuals. It would be a disaster if the backdoor to a popular program like Skype were discovered by unauthorized individuals. A similar issue applies to anti-virus software. If anti-virus products detect and notify users when court-ordered spyware is found on a machine, it could obviously disrupt investigations and tip off suspects. On the other hand, if antivirus software ignores "official" spyware, then spyware vendors will start trying to camouflage their software as government-installed software to avoid detection. Ultimately, there may be no way for anti-spyware products to turn a blind eye to government-approved spyware without undermining the effectiveness of their products.

Hence, I'm skeptical of the idea of government-mandated spyware, although I don't think it should be ruled out entirely. That may sound like grim news for law enforcement, which does have a legitimate need to eavesdrop on crime suspects. But it's important to keep in mind that law enforcement officials do have other tools at their disposal. If they're not able to install software surveillance tools, it's always possible to do it the old-fashioned way--in hardware. Law enforcement agencies can always sneak into a suspect's home (with a court order, of course) and install bugging devices. That tried and true method works regardless of the communications technology being used.

Filed Under: germany, skype, spyware, voip, wiretapping

Vonage Settles AT&T Patent Suit; Anyone Else Want To Squeeze Free Money Out Of Vonage?

from the just-find-a-voip-patent-and-sue dept

The various patent lawsuits against Vonage have been a perfect example of almost everything that's wrong with the patent system. Vonage was the clear leader in this space -- being the first to successfully get this type of product to a widespread audience, even as the idea had been talked for years. Vonage's success had nothing to do with its technology acumen. The concepts behind VoIP services were widely known and widely discussed. The problem facing the space had always been an inability by any company to package it up in a way that people would buy it. Vonage figured that out. And for it, it got sued into oblivion by all the companies who were unable or unwilling to figure out. Just the fact that there were so many patents covering the basic concepts of "VoIP" (even when there was so much prior art) should have been a warning sign that perhaps most of those patents were bogus. However, once Vonage's investors started pressuring Vonage to just settle the cases, things only got worse. Vonage settled with Verizon and Sprint and even with some small patent holder very few people had heard of. With Vonage quickly trying to settle any such lawsuit, you can bet that plenty of companies went hunting through their patent portfolios, looking to see if they had anything related to VoIP which they could use to sue Vonage over. AT&T quickly found something and sued Vonage, knowing the company would quickly cough up some money. And, cough it up, it did. Vonage has agreed to pay AT&T $39 million. Anyone else have a VoIP patent? Might as well sue while Vonage's wallet is wide open...

Filed Under: patent thicket, patents, voip
Companies: at&t, sprint, verizon, vonage

Two States, Two Very Different Approaches To VoIP Regulation

from the quacks-like-a-duck dept

For many years, states have been trying to tax VoIP providers as if they were telcos. From the states' perspective, they were using a "quacks like a duck" test, whereby any phone service that acted like a traditional phone service should get taxed like a traditional phone service. Since states rely on tax dollars so much, this feeling was reinforced as people started ditching landline phone service for VoIP providers. However, there are a few problems with this. The reason that telcos are taxed is because of the structure of the telephone system, and the fact that the government more or less handed over rights of way and control of the system to private companies. VoIP providers, however, have the calls travel over the internet, changing the nature of the equation, and meaning that most of the reasons for taxing telcos shouldn't apply. Shouldn't, except for politicians who can't see beyond the money. Yet, taxing VoIP is a doubly bad idea, because VoIP is still an emerging service that is rapidly changing -- offering new services and opportunities that weren't possible on landline offerings. Putting a tax on it could kill a lot of that innovation. Too many states don't see that.

Jeff Pulver is showing the contrast between two states in dealing with VoIP regulatory issues. New Jersey has passed a law saying that it will not regulate VoIP, noting "The proliferation of new technologies and applications and the growth in the number of providers developing and offering innovative services using Internet Protocol is due in large part to a light regulatory touch, including freedom from traditional telephone regulation that these new technologies and services and the companies that offer them have enjoyed in New Jersey.... These economic benefits, including consumer choice, new jobs, and significant capital investment, will be jeopardized and competition minimized by the imposition of traditional State entry and rate regulation on Voice over Internet Protocol service and Internet protocol-enabled service."

Unfortunately, Missouri isn't quite so enlightened. Despite various rulings saying that VoIP should not be taxed, Missouri is trying to bend the rules to make at least some VoIP offerings (mainly those provided by cable companies) classified as telco services that need to be taxed. As Jeff notes, if this works, then expect other states to follow suit and create loopholes for taxing VoIP providers... and then watch as all VoIP related innovation happens elsewhere.

Filed Under: missouri, new jersey, regulation, voip