Dropsafe

by Alec Muffett

Skype denies system upgrade enables in-call spying # Doesn’t matter any more – and I also don’t believe them

Sorry guys, nobody’s going to believe you now, even if your denial is true; in the mid/late-2000s I spoke to some Skype staffers who told me off-the-record that there was an internal project to provide law-enforcement access on demand – for voice, specifically, and beyond the usual “intercept it at the POTS” manoeuvre.

But it shouldn’t matter any more – the short version for security-conscious people is now that if you are using Skype for any conversation where secrecy matters, or for any conversation where the identity of the participants matters, then you are doing something wrong. It was like this last year, and it’s moreso now.

Skype has issued a formal denial to reports that it has been allowing law enforcement to listen in on users’ calls following a change in its system architecture.

“Some media stories recently have suggested Skype may be acting improperly or based on ulterior motives against our users’ interests. Nothing could be more contrary to the Skype philosophy,” said Mark Gillett, Skype’s chief development and operations officer in a blog post.

The allegations came after Skype reconfigured its system architecture so that some of the supernodes on its peer to peer network were moved inside Microsoft’s data centers. This shift, coupled with a patent for “legal intercept” systems Microsoft was granted shortly after taking over the company, caused concern among some that Skype was selling out its users to the Feds.

Gillett categorically denied this was the case, saying that shifting the supernodes was begun before Microsoft bought out Skype, and that it is being done purely to improve service and make it more reliable and easier to upgrade in the future.

While Skype has had a policy of working with law enforcement on monitoring in exceptional circumstances he said, the rules of engagement for such a tactic are clearly stated on its website and Skype hasn’t changed its position. Calls are fully encrypted and information on users is not being kept.

“The enhancements we have been making to our software and infrastructure have been to improve user experience and reliability. Period,” he said.

In El Reg’s opinion, Skype appears to be talking sense on this. Shifting part of the VoIP provider’s backbone into Microsoft data centers makes a lot of sense for Redmond, as it is looking to integrate Skype more deeply into its cloud offerings as it tries to make money on its $8.5bn purchase. ®

via Skype denies system upgrade enables in-call spying • The Register.

Comments

2 responses to “Skype denies system upgrade enables in-call spying # Doesn’t matter any more – and I also don’t believe them”

  1. Carl

    Agreed; it seems more or less inconceivable that, whether technically true because of careful wording, Skype’s denial implies anything remotely approaching privacy and security for its users. Voluntarily or under duress, if their infrastructure technically allows interception, logging, eavesdropping, then these things are happening and will continue to happen, as has been the case since forever with old-school telephony. The only security they realistically promise is needle-in-haystack obscurity because of lots of users, but storage is cheap and computers are very quick, nowadays.

    Reply
  2. Dave Walker

    I think that the modern moral of this story is “if you really care about privacy security, build and host it yourself”.

    (Equally valid, of course, is “if you really care about privacy and security but have a slightly different slant on your threat model from the usual one, build it yourself and host it on a set of carefully-chosen IaaS providers”…)

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts