Skype raises eyebrows over security and wire-tapping

Our audience is smart enough to know that no electronic system of communication is impervious to eavesdropping and there’s very little out there that’s near 100% secure. So it should come as no surprise that Skype is getting some publicity of its internal network restructuring that started occurring once Microsoft acquired the company last year.

The charge: Microsoft is reconfiguring the Skype network so that it Law Enforcement Agencies (LEA) can have access to intercept calls over the network to aid in investigations.

The reality is of course convoluted with no concrete evidence but it’s worth mentioning what exactly is going on here. So head past the break to get the scoop.

Skype Headquarters?  (Orig. image via South Park)

As Rafael Rivera explained a few months ago is his article about Skype and Windows Phone, Skype’s original network operated on a peer-to-peer node system which means that Skype only initiated the calls but the actual communication was one-to-one with no one as the middleman.

That structure also has the benefit of being very difficult to intercept. In fact, Skype used to brag about its security and LEA used to lament it because they could not listen in on to calls. Instead, LEA would have to use a Trojan-attack on the target’s machine (opens in new tab) to gain access (as opposed to remote access, wire-tapping, etc.).

The downside to the network is it can get messy with no real way to harness and control it, especially if you wanted to unify the system to roll it out across various services like Office 2013, Xbox 360 or Windows Phone.

Sometime in late spring, Microsoft started to reconfigure the network making it more centralized by giving-called ‘super nodes’ more power. Our understanding of these changes was because Microsoft is starting to re-do Skype in order to align it with the company’s vision for future VOIP services. Presumably off-loading some of the server-work from peers to super-nodes will take the processing power off of the end-user and will allow Microsoft to tailor services. That’s our understanding.

The more malevolent and somewhat conspiratorial reason is Microsoft is doing this just to appease LEA so that Skype is now vulnerable to eavesdropping—or rather to make it easier for them to do so.

WP Central

This idea does have some merit. For instance, right after Microsoft bought Skype it won a controversial patent for “legal intercept” technology designed to be used with VOIP services like Skype to “silently copy communication transmitted via the communication session.” Okay, even we’ll admit that is highly coincidental and is curious.

What’s more, the US Government is asking internet companies for a “back door” to their software for LEA purposes by amending the Communications Assistance for Law Enforcement Act, or CALEA (1994), in essence making software “wire-tap friendly”. In other words this is more than a Skype issue.

Microsoft and Skype are not confirming nor denying it either telling Slate only that they (Skype, Microsoft) “co-operates with law enforcement agencies as much as is legally and technically possible” (we already know they store chat logs for instant messages up to 30 days). Before we jump on that statement as a confirmation, remember Microsoft does not necessarily want to advertise the fact that they can’t track you either as that’s tantamount to inviting potential criminal activity to their network.

So when you combine the re-working of the Skype network, Microsoft’s patent, changes to CALEA  along with Microsoft’s “cooperation” with LEA and we can see how “Skype is no longer safe for secure calls” can be interpreted.

Our feeling on the matter was this move to re-organize Microsoft’s Skype was being done for strategic purposes anyway but the government’s request and Redmond’s patent probably was a convenient option to exercise as well. Has Microsoft actually done this? We just don’t know.

Bottom line, which you already knew is don’t use Skype if you’re a political dissident or concerned about privacy. What is interesting though is noting previously how hard it was to crack Skype for LEA.  Either way, hopefully you now know a bit more on the topic.

Source: Slate, CNet

Daniel Rubino

Daniel Rubino is the Editor-in-chief of Windows Central, head reviewer, podcast co-host, and analyst. He has been here covering Microsoft since 2007 when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, Microsoft Surface, laptops, next-gen computing, and for some reason, watches. Before all this tech stuff, he worked on a Ph.D. in linguistics and ran the projectors at movie theaters, which has done absolutely nothing for his career.

  • This shouldn't even be a surprise.  Any service on the internet has to have this for security reasons, and plus I believe (not 100% sure) this is now required by law in the U.S.
    If you're doing anything wrong, then you shouldn't have anything to worry about.
  • I suppose although you have to wonder how enterprise could feel knowing their traffic may be monitored by Microsoft, especially if they're a competitor. It's a sticky issue, for sure. 
  • Isn't that was Lync is for?
    Though considering the "competitor" part, makes sense to avoid MS products if possible.
  • By law (in the US) all ISPs must provide law enforcement with a mirror port capable of capturing 100% of simultaneous inbound and outbound data. With this, they can very simply capture everything you are doing on the internet and a use of one several utilities to -literally- replay what you've done. An entire Skype conversation can be captured even without the knowledge that there was one. The only thing this change would do is make it easier for the call to be captured. For instance, a Skype username could be tapped instead of a users ISP. However, the govt currently uses this existing "complexity" as a way to petition for higher reaching warrants which grant a larger scope of which to pull data from (think level3). So, in reality this actually may reduce the amount of data that's captured (yours and mine) in attempt to capture a specific persons
  • I guess the question then becomes what is defined as wrong wrong and how that is determined by law enforcement outside of laws on the books. Personally, I completely understand that with internet use, you "sign up" knowing that you will never be completely secure. You can certainly take measures to avoid getting into trouble. So as Dan said, this doesn't come as a surprise. Still, it makes you a bit leery about what exactly are they listening for
  • It's curious some people can't help themselves when China is the subject, but then say "if you're not doing nothing wrong you don't need to worry".
  • i think its a bit different in that China will actively block and censor information/chats where the US just monitors for activity, but both countries will "may be" make a fake accusation just to throw those that they don't like in jail
    don't get me wrong, i don't like this at all...
  • "If you're doing anything wrong, then you shouldn't have anything to worry about." This line of thought is sooooo wrong. Especially since it is only people who are not doing anything wrong that will be victims. People who are doing something wrong will just use another tool because they know they are doing something wrong. People who are not doing anything wrong will simply be victims of people who might be doing something wrong and yes, in many cases the governments are doing something wrong. Let alone that even if governments are very good intentioned there are people in the government who are not.
  • Great words
  • +1
  • Exactly wrong doers on a VPN with an encrypted session or on someone elses connection. While the general public gets clowned by the goverment watching teens and adults get off on skype. How ass backwards is that?
  • I hate that argument so much. I wish all the paranoia that's around us everywhere for more than ten years now would go away again. We are giving up all our freedom just to feel safer. (When we actually aren't. Instead we're all treated like potential criminals.) :-(
  • +1
  • "If you're [not] doing anything wrong, then you don't have anything to worry about"
    I really, really hate that statement - it's been used for decades by people insisting we give up all privacy and that it's somehow okay if you're not doing anything wrong. Years ago it was discovered our uni network admins were logging and reviewing private chat logs to make sure no one was doing anything wrong. People would often discuss deeply personal matters, or even sexual matters, in private that is no business of anyone else. There was quite a sh¡tstorm over that! I object to such backdoors as it opens us up to hackers, and the LEA have no jurisdiction outside the US.
  • They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
    - Benjamin Franklin, notes to the Pennsylvania Assembly, prior to Feb. 17th, 1775
  • Thaman04, when is the last time you had sex? What is your Amazon order history for the last few weeks? Did your parents have any mental issues? There is no reason not to share with us all of this, unless you have something to hide...
  • Don't use it of you're a "political dissident or worried about privacy". Enough said :)
  • I'm cool with it.
  • Maybe they threatened to bring charges against MS once they obtained know the government loves to go after MS. Maybe this is why Apple was invited to the Whitehouse and not MS :-]
  • Probably it's more the fact the Microsoft is a US company, not that anyone has it out for them.
  • My biggest concern isn't someone (being bored to death while) eavesdropping my conversations on skype; I consider far more annoying someone (rubbing its hands while) trying to sell me stuff based on my internet surfing habits.
  • There are plugins that add extra cryptography layer over Skype to encrypt the conversation to unwanted listerners. Maybe reasons are different...
  • I get it. Still, please note this: how many times did you, so to say, break the law using a computer? -right. And: how many times did you spend money based on what you saw on the internet? See my point?
  • Considering how probably every single one of us has illegally downloaded copyrighted content. I'm pretty sure, many of us are using our computers to break the law quite often...
    If not, why did everyone freak out about SOPA/PIPA?
    As for the advertisments, you hold the money. If you can't control yourself, you're really not in a position to blame others.
    The problem here is the privacy. It's kinda creepy to know that if I chat with my friend and type the word "bomb", there's probably someone listening in to my conversation.
    Not only that, but those people from LEA are humans, and we all know that not all humans are good people. Who knows what terms they're searching for on their lunch breaks?
  • Noooo.....there goes my Syndicate....
  • If you don't want the gov snooping on you now a days you just dont use a phone.
  • I hear they can intercept carrier pigeons & smoke signals too :(
  • This is why I wear I tin foil helmet I'm sure Microsoft are listening to my thoughts.
  • As a matter of fact, while the author showed me some particularities I wasn't completely aware, I think the fact that voice over IP makes authoritarian governments very nervous. Last Spring governments fell through Twitter, and Skype played a major role. If you want to be successful in China you need to comply.
  • Amazes me how often in a country where having a lemonade stand without a permit is quickly being considered a crime, people are willing to say not to worry if you aren't going anything wrong. Seems to me that daily, things we have the right to do are becoming illegal and labeled "wrong". Have we become the land of the sheep, home of the slaves?
  • It is an awful excuse the "you don't need to worry", it implies everyone who doesn't like this sort of control are shady. It has nothing to do with that.
  • Sadly, an excuse I always see. At my work, there is a camera on me that management watches. They claim it is there for safety purposes but use it to watch my co-worker and I. If they even think we are not doing our job to their satisfaction, they raise hell. Point is, anything we do that can even be misunderstood, we will be in the wrong and quite often that is the case. Quickly this is becoming our everyday lives no matter where we go.
  • We have, because apparently no one cares about their privacy anymore.
  • Big brother is watching.....
  • I seen that somewhere
  • You'll see that everywhere.
  • Since all emails, msg, browsing habbits etc .. that are hosted by google, Microsoft and yahoo have to comply with local laws hence access for law enforcement agencies... I am not surprised Skype has joined the list. Remember they also have access to your Sky drive, google drive, windows phone details, iPhone details and android device.... Forget the agencies getting a court order ...thats just formality
    Blackberry devices used to be immune but sadly most gov agencies from around the globe now have access.. The Government now knows how you think.
  • I can't wait for Watch Dogs.
    "You are no longer an individual. You are data cluster bound to a vast global network."
  • Microsoft has always felt that running things through a server was more efficient. Their lync service is that way and I believe when they bought Skype they made no secret of the fact they would change it to be compatible with their existing way of doing things. Don't see how it could integrate with Lync and Messenger as a peer to peer.
  • This is old news government is been monitoring us for a long time.
  • Well, except for the fact that up until very recently, Skype was very difficult to "spy on" for governments. So yes, this is news.
  • I know your point but what I'm saying is sooner or later they will have access to whatever they want to access too, it just a matter of time. Now MS owned Skype they can't say no to big brother.
  • Well isn't it fair? I mean why should we be the only ones to have access to whatever we want...the only difference is what they specifically want access to. I'm not worried, whatever happens is only that which is meant to happen...thanks for the heads up DR@WPC ;)
  • By the way, I do have an actual opinion but I don't find this to be my venue...a little levity never hurt anyone, especially when EVERYTHING is SO dark and serious these days. I can only hope I can laugh as easily in the end. =(
  • "Everything is so dark"? I'm a little perplexed by that statement. Is it because of the bleak economic outlook in many countries? Perhaps I am fortunate in that I am in Australia where our economy is still booming, while the US and parts of Europe are in recession. I guess there's the continued US invasion of innocent middle-eastern countries? but that shouldn't affect your daily life... Um... I don't know, don't read the news? watch some comedies? :)
  • This is just one of the realities of being alive and using technology. I could care less, its not like I'm planning to assassinate any political figure or distribute child porn or run drugs across the border. So I have nothing to worry about.
  • Yeah, but neither did Sandra Bullock in The saw what happened to her! (O.O)
  • So don't do illegal activity.
  • There's easy cases like drug dealing, terrorism and then there are tough cases like political dissent and organizing against the government. That may not be important to Americans (as evidenced by some of the comments here, which I find shocking) but for the rest of the world where people are fighting for freedom, they should be aware that Skype may not be a good tool for organizing anymore. Tools like Facebook, Twitter and Skype have proven invaluable for democratic movements like the Arab Spring. I find it distasteful when some many people just piss away their freedoms under the rubric of "don't do illegal activity".  It's this kind of behavior that invites stronger forms of authoritarianism in our lives.
  • +1 - It's a shame, the world we live in these's getting darker by the day, lets hope at least the Syrians (with all of their experiences against Assad) establish a state that refuses to get its hands dirty.
  • Problem is though the internet was created in part by the US government to have a safe communications channel. It shouldn't be a stretch of the imagination that people built in ways to watch shady elements of the populace. As long as we fight to have laws out in place that ensure the innocent are protected then yes we have nothing to worry about. We live in democracies, we are the government.
  • Do you send non-encrypted email or non-encrypted instant messages?
  • @Daniel +1
  • I don't mind the LEA having access as long as its justified,,if they find something worth investigating further. I gladly give up this little amount of privacy to keep something like 9/11 from ever happening again.
  • This is why you are part of the problem. "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." Benjamin Franklin
  • Very smart
  • If wanting to prevent a tragedy that kills hundreds or even thousands of people means that you see me as part of the "problem" then so be it. But I'm sure If you had a family member or close friend die in one of those buildings then you would be thinking a little differently.
  • Oh ya, NDAA, TSA, SOPA, PIPA, FEMA, list goes on and on. Americans are now considered potential terrorists and guilty until proven innocent in which 911 made this infinitely easier to do by playing on your fears. If any of my family had died in the attack, they would not have wanted to see the country become a police state because of it.
  • Then do something about it, its your government.
  • @Electric Jack I agree. It's amazing how many civil liberties US citizens willingly gave up after Sept 11 due to fear / scare mongering.
  • Nope, I'd still be thinking you're part of the problem. The Franklin quote is spot on (and one of my favorites).
  • Americans are pathetic hypocrites. If any other nation practices surveillance & monitoring you yanks can't stop bitching & moaning about it. Yet you defend & justify your police surveillance state. Sad.
  • I can't believe this is even being defended.  And of course WPcentral doesn't want to ruffle any feathers at Microsoft. Sad. 
  • This should not be a surprise at all. Did you know that every internation call to and from the US is tapped? And I'm talking about landline and mobile calls. This has been going on for years so tapping into voip is no big surprise.
  • When Skype us so dangerous for our safety, than why has everybody the right to carry a gun?
  • If you thought you had any privacy, don't worry soon every phone call, text message, instant message, search, ... almost everything with your name attached to it will be collected, analyzed, cross-linked, and scrutinized. And no, it won't matter how legal or not it is.
    Although released in protest of a different program, The Pet Shop Boys have a perfect song for this: Integral. Nice use of QR Codes in the video. (Having trouble finding the original video on YouTube. Too many fan remixes!)