Feeds

back to article Microsoft patent points to Skype snooping

A new Microsoft patent points towards Skype becoming equipped for lawful interception, which could be important as the service grows up to challenge traditional telcos. The patent was filed back in 2009, but published* last week and picked up by Computerworld. Titled "Legal Intercept", it covers one way in which a VoIP-based …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Oh dear

>better off petitioning their governments, rather than raging against the companies trying to obey the law

I predict this will not get in the way of the anti-microsoft bile we are about to witness.

If someone really wants to listen in on your conversatons they will MS or no MS.

4
12
Mushroom

Re: Oh dear

"I predict this will not get in the way of the anti-microsoft bile we are about to witness."

Oh, that's right: Microsoft are "only following orders", so any justified criticism of their enthusiasm to do so is just "bile". Cast your mind back (if you can) to the Nokia Siemens Networks Iran surveillance scandal to see where corporate enthusiasm leads.

"If someone really wants to listen in on your conversatons they will MS or no MS."

Yay, the path to shiny isn't blocked after all! Sheesh!

8
0
Trollface

Oh Dear

Nobody has posted a message and you are complaining about what is going to be posted.

Could you predict the winning numbers for next weeks lotto as well please.

4
0
Silver badge

Oh dear, oh dear

Nobody is complaining, simply predicting. Can I predict the winning numbers for a lottery? I don't do lotteries so I have no interest in doing so.

They are many articles where it is not worth reading the comments because they are so predictable. Any article about Dixons/PC World will be full of self righteous know it alls with huge inferiority complexes. Articles about viruses will have the linux fan boiz tossing off while claiming only Windows machines fet infected and their OS is far superior. Articles about McKinnon will have US readers baying for him to be waterboarded in Guantanamo while UK readers will blame the US sys admins.

Why do you think there are such comments at the end of articles, requests from moderators not to be complete dick heads and from time to time pre-prepared standard comments to save the brain dead from having to think?

1
4
Flame

Heres a thought Chris W

Go read the Daily Fail or Guardian then.

0
0
WTF?

Impunity

http://www.oreillynet.com/etel/blog/2007/04/skype_revenue_from_national_se_1.html

"Skype Revenue from National Security Agency?

- Skype can turn on a computer’s microphone on command

- data are routed to servers that use speech recognition to look for suspicious phrases

- algorithms can use the sound of keyclicks to guess [...] what is being typed.

Alain Brun (Head of Data Protection at the European Commission) refers to: an

agreement between Skype and Echelon to enable a 'spy' mode on all Skype products.

Financial analysts believe that a Skype-NSA could explain Skype’s business model.

Outside payments by government agencies would explain how Skype can hope to make

a profit. Otherwise the purchase of Skype by eBay still doesn’t make sense."

(Dr. Moshe Yudkowsky, O'Reilly Community, 2007)

5
2

WTF?

>>> - algorithms can use the sound of keyclicks to guess [...] what is being typed.

Is that claim actually supposed to be taken seriously?

4
3
Bronze badge

Prolly

Sounds about right

They prolly get a 5% tax break for the next ten years yada yada yada, all then need to do is buy skype and give them access to it.

About a year ago i think it was they were offering prizes to crack skype.

2
0
WTF?

Sorry to spoil the fun

but you should read the comments on this article, or just click on the last link...

1
0
Silver badge

@Bilgepipe

Perhaps surprisingly, a 10-minute sound recording of someone typing on a standard keyboard is sufficient to allow a 96% accurate decoding:

http://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html

5
0
Anonymous Coward

@Keyboard Recording Nonsense

Change your keyboard layout to Dvorak. Not that big of a deal.

Steve

Sent from my iPhone

3
1
Silver badge
Thumb Up

Yes

I've seen it done ... initially the intercept is a little flaky but after a couple of dozen words it's very accurate. But it does require a real keyboard - at least the demo I saw did - so I doubt that it's going to work so well on a glass keyboard.

But there are other ways of attacking a glass keyboard.

0
1

well, you can't know

It is like, secret agencies are always 10 years ahead of consumer accesible tech and science.

These guys don't buy World's most powerful supercomputers to play Crysis at max settings for sure.

0
1
Anonymous Coward

Re: well, you can't know

"It is like, secret agencies are always 10 years ahead of consumer accesible tech and science."

And how come the rest of the government are 20 years behind?

0
0
Silver badge

Because it's secret!

Duh!

0
0
Flame

keyboards

> Change your keyboard layout to Dvorak.

in other words, use a caesar cypher 'cos that's really unbreakable.

0
0
Silver badge

"data are routed to servers that use speech recognition to look for suspicious phrases"

Damn, so that is why the system is so slow. I mean, God forbid it do something logical like work out *your* IP address, and work out *their* IP address, and let data be piped directly between the two machines...

0
0
Silver badge

Easier still

Since skype is just an application it can read pretty much anything on your harddrive and monitor what you're doing.

There is no need to go to the lengths of listening to keyclicks when you can just record keystrokes.

0
0
Facepalm

Law of averages meets "maintaining appearances"

And good luck getting a tech this week if you're a GS-14 or below, by the way…unless you're in a corporate-welfare-oriented DoD or security-theatre role, of course

0
0
Black Helicopters

OS alternatives?

Are there any good open-source alternatives to Skype?

2
0
Linux

JITSI

jitsi.org

1
0
Trollface

in my experience

"good" and "open source" are usually mutually exclusive

1
17
Pint

Wouldn't say good more like bloody useful!

So we don't mention....

Apache

MySQL

Postgres

Postfix

Sendmail

Linux Kernel

GCC

Back under you're bridge trolly!

4
0
Silver badge
FAIL

How many billion to zero?

Talk about way to piss a company down the drain. If the Govt can listen in then so can anyone else -> your secure call simply isn't. Can't wait to read about the Anonymous recordings of supposedly secret comms.

2
0
Silver badge
Megaphone

Just so long as...

...the transscripts show up on WikiLeaks.

1
0
Bronze badge
Unhappy

Right to intercept?

"That won't wash in the real world, and neither will denying governments the right to listen in on their citizens."

I don't believe the capability to listen in on any of their citizens is (or should be) an automatic right for a government. It should be provided by public mandate, surely, and be removable in the same way? I was under the impression that a democratic government's powers are provided by the consent of the population. Where there is no consent, there is no power, and no right.

I do notice that people seem to have forgotten who works for whom, in the government -> population relationship :(

28
0
Silver badge

Democratic government?

How about a democratically elected dictatorship who farm the population?

"Where there is no consent, there is no power, and no right.". Ideally so but I see a problem here.

Your rights as you perceive them are irrelevant, it's how those rights are interpreted by a legal system that is either sympathetic or hostile to your position.

1
0
Bronze badge

Handing over power

"I was under the impression that a democratic government's powers are provided by the consent of the population"

Is it not more that by election are simply consenting to allow others to make decisions on your behalf, period?

The problem, with 'democracy' as the UK has evolved it, is that, having handed over consent, there is little accountability to ensure decisions are made as the electorate would like. An elected government (even one which the majority did not vote for) will still claim a mandate for whatever it is they decide to do.

We like to think that government is there to represent us, reflect our wishes and desires. Government thinks, because it's in power, whatever it does will. It's the disconnect between what we think we are handing over and what we actually do. We don't notice it when government does what we agree with but it's very noticeable when we do not agree.

1
1
FAIL

There hasn't BEEN a democratic government…

…in the US, in the sense that the high-school textbooks indoctrinate subjects to believe since at least 1974, and you can make an excellent case for 23 December 1913.

Back when the world was a collection of agrarian/subsistence economies that were each effectively governed locally, people could do something about that.

But concentration of power and wealth scaled a LOT faster than accountability or education, and that was pretty much the end of such charmingly quaint notions as "democracy" or "rule of law".

0
0

Intermediate

software to scramble the signal before it gets to Skype?

Mic>Scrambler>Skype>Internet>Skype>Unscrambler>speaker

Or would that fuckup the compression algorithm?

Surely, these days, anyone who wants to communicate securely can anyway, so what difference would it make if Skype had a backdoor? Just as I'm sure the NSA, FBI, MI5/6, GlobalMegaCorp scramble their calls, I'm sure anyone else wanting to do the same could, no?

1
0
Bronze badge

How to attract attention.

You're right, and wrong, if you want the security services to take an interest in your activities, using encrypted telephony is a good way, just as is repeating a number of key phrases too many time in a single open phone conversation. Government does us encrypted voice, but not as much as you might think, because it's expensive and inconvenient. To do it you need to have control of both end points, and share keys.

Encrypted streams shine out like anything on a network, and state, I'm hiding something, so al sorts of people will want to have a look, not just governments and their agencies. Talking in the clear is a much better bet, as the government is only likely to be listening in, if it has a warrant, and has cause that you are doing something wrong.

Ok, encrypting data streams is now a must for pretty much everybody, but voice no, and are you really saying you don't want governments to have the ability to listen in to the bad guys, just in case they might hear you discussing your acne problem with a chum.

It is impossible for the government to listen to everybody, it is just, way too expensive, and of no benefit. You'll only get listened too if give cause, and even then it has to be pretty major. Do you really think governments tap the phones of all the criminals in the UK, why do you think they would bother with you or me,

1
1
Ru
Black Helicopters

Re: How to attract attention

So, how do you tell the difference between a compressed and an encrypted datastream?

Next issue, how can you trust a snooping facility to only be used by law enforcement?

I won't bother asking about how far you might trust your government to do what's right.

If the government really wants to listen in on you, it will. This stuff like a skype backdoor is largely the state flexing its muscles to remind corporations who's in charge, or it is the echelon-style mass surveillance wet-dream back again. Neither will have an appreciable effect on anyone's safety, certainly not compared to police and intelligence agencies actually working for a living.

1
0
Black Helicopters

Meh!

"as the government is only likely to be listening in, if it has a warrant, and has cause that you are doing something wrong".

Tell that to Jean Charles de Menezes, oh! you can't tell it to his family instead...

"It is impossible for the government to listen to everybody" "Do you really think governments tap the phones of all the criminals in the UK, why do you think they would bother with you or me"

However they do snoop. It is quite easy to snoop for key phrases on microwave links and packets routed across the interwebs.

If I remember correctly Duncan Campbell (journalist for New Statesman magazine) home, new statesman offices and the BBC were raided shortly before the BBC broadcast a program about the now cancelled British spy satellite zircon. I have a vague recollection of reading something at the time that they were referring to the satellite as 'zipper' in their communications and it was only after they started referring it to zircon that they came to the attention of the plods. I'm open to correction on that, but that's how I remember it.

A colleague of me told me of in incident where the telecoms company he was working for were told that a certain banks encrypted communications between offices in Switzerland and the UK were not to be routed through France as the French didn't allow encrypted traffic on their networks.

How did they know it was encrypted??????

To add insult to injury, I believe the line concerned was a leased dedicated private line as well.

1
0

Re: Meh

>>" >>"as the government is only likely to be listening in, if it has a warrant, and has cause that you are doing something wrong".

>>"Tell that to Jean Charles de Menezes, oh! you can't tell it to his family instead..."

/Bit/ of a non sequitur there - they weren't listening in to him - the whole thing was nothing to do with Big Brother surveillance of innocent people, and everything to do with incompetent policing misidentifying someone leaving a building and also apparently not realising (despite presumably doing all kinds of training) that misidentification someone in a serious case (which has happened in the past, and will likely happen again in the future) could be pretty much to signing an innocent person's death warrant if that person was to do something as commonplace as get on public transport.

In any case, even if you were actually giving a relevant counterexample (possibly like the Zircon one), giving a counterexample isn't actually a great argument against someone saying '...only likely to be...', since that already suggests that there *will* be some counterexamples.

And in the Zircon example, it is kind-of related to national security, even if much motivation may be arse-covering for the defence industry. Even if entirely true as presented, it's not actually an argument against the suggestion that the government doesn't really have the ability to meaningfully snoop on /everybody's/ phone calls, since this obviously wasn't just some random citizen.

Doesn't make it right, but it's not evidence for a universal Big Brother either.

>>"encrypted communications between offices in Switzerland and the UK were not to be routed through France as the French didn't allow encrypted traffic on their networks."

>>"How did they know it was encrypted??????"

>>"To add insult to injury, I believe the line concerned was a leased dedicated private line as well."

Do you think a leased line between Switzerland and the UK involves a guy with a ladder walking across France putting up a special private piece of wire?

For whatever reason, if they decide to ban encrypted traffic on their network, that'll be likely to include *all* traffic.

1
0
Silver badge

Re: Intermediate

The

> Mic>Scrambler>Skype>Internet>Skype>Unscrambler>speaker

process would require a fairly lossless transmission. Just look at how badly Skype handles touchtones to realise that the scrambler/de-scrambler would need to have a very intimate knowledge of the encoding used by Skype to ensure that the process would work OK.

0
0
Silver badge

"why do you think they would bother with you or me"

Bad intelligence? Accusation from somebody that doesn't like you? Name "similar" to that of a wanted criminal/known terrorist?

Couple that with people who are employed to be as paranoid as hell, you might feel you don't have anything to hide or anything anybody would bother worrying about - but these could become large problems for somebody looking for some sense of wrongdoing on your part. It is our culture that it is easier to blame ("after all, you *must* be doing something wrong to have gotten this sort of attention in the first place") then to accept ("man, what a mess that is").

Face it - we *all* have secrets that could be taken badly by those looking to find fault. I have a disc of "Fight Ippatsu! Jūden-chan!!", shall I take it to the local church group and see how long it is before they explode...

0
0
Big Brother

Re: How to attract attention

"You're right, and wrong, if you want the security services to take an interest in your activities, using encrypted telephony is a good way, just as is repeating a number of key phrases too many time in a single open phone conversation. Government does us encrypted voice, but not as much as you might think, because it's expensive and inconvenient. To do it you need to have control of both end points, and share keys."

Which is why as many people should encrypt their streams (all varieties) as possible. Once the haystack gets big enough, they (pick your they) stop looking for needles.

I don't actually worry about my net traffic being listened in on, per se. I just don't think the government (or anyone else) should be doing so. It's the principle of the matter. I don't make exceptions for the police or the spooks, either. If it's that important, they can get a warrant, hunt me down the old fashioned way and stick a bug in my house. Of course, that means that so long as there are only a few like myself, I'm more than willing to send out streams of encrypted data for them to waste their time cracking open.

-d

0
0
Anonymous Coward

@ Daniel 4

" Of course, that means that so long as there are only a few like myself, I'm more than willing to send out streams of encrypted data for them to waste their time cracking open."

And every day I give thanks there are heroes like you patting yourselves on the back for sticking it to Da Man. Applause, applause, applause ...

0
0
Meh

Oh noes!

I'll have to conduct sensitive meetings face-to-face without mobiles at a secure random location.

Business as usual then.

2
0
Bronze badge
Joke

Face-to-face convo, and then ONLY inside a

The Thing with Two Heads style motorcycle helment so your lips cannot be read, and your voices will not carry.

http://www.youtube.com/watch?v=gWHNA_j7h5A

That'll perk up the attention of snoops...

3
0
Anonymous Coward

I've nothing to hide

but will be removing Skype from PCs anyway.

10
0
Black Helicopters

Sky.net

So another master plan from MickeySoft, send billions buying something and then bugger it up so that it some people won't want to use it.

Using VoiP, but not using Skype, you must be hiding something.

The new name for Skype and MickeySoft ---- Sky.net

0
0
FAIL

Most of us accept

bollox

2
0
Anonymous Coward

Legal intercept

Many of the posters are right. Resources are tight so do not waste them on a wild scatter gun method.

There are a huge number of ways to detect what you want, pattern recognition is one of the main ones.

Detecting none standard patterns is always an easy one, just stop and think. Digital streams are already computer readable the hard work is done just read the stream. Automatic scanning of huge data volumes is far better than manual observations which used to be the case in many countries, probably still is in all the people's republics. [They are where the people get to lick the boots of the thugs, the people do it hence the public and they all do the licking, explains their names.]

Yes France has a bit of downer on any method not using clear, encapsulated VPN type traffic can get them very excited. Do not try this at home, I suspect that' other jurisdictions can apply.'

Sadly profiling is against the various human wrongs acts. [Don't you just love the way the be-robed weird ones like to support their own by insisting that almost anyone gets to stay if they have offended the laws where they now live.]

Frankly retained thugs are a far greater risk to my freedom to live than any one listening to me having a fight with some cretin in a government office [where the call is recorded anyway] who has fouled up for the umpteenth time.

As for Skype turning on this that and the other, remove the microphone if you are so concerned, ditto for the webcam, or remove skype.

Really it is simple and nothing new.

Act like a prat, be caught as a prat - job done.

0
1
Anonymous Coward

Companies make the laws, or defy them...

"Citizens aghast that their VoIP calls could be intercepted might be annoyed, but they'd be better off petitioning their governments, rather than raging against the companies trying to obey the law."

You need to petition both, but you have to go to the government to petition businesses (since you can't coordinate any form of petition against modern big business and they are perfectly fine doing business by bypassing the victim and dealing with the government or other businesses directly.) It's pretty difficult to know where the corruption starts, but you can't allow corporations to get away with something the government couldn't. Government should protect its citizens freedoms from all threats. When they let businesses get away with stuff it's that much easier to outsource things to the private sector where constitutional protections don't apply and there is no easy way to protest.

1
0
Silver badge
Linux

Yep

This is why we need open source telephony.

2
0
Linux

been available for a while...

http://www.speakfreely.org/ it can use a one time pad for encryption and has very low data rate codecs (below 2kbps) - one single DVD at each end used for single use pad generates many hours of impossible to break encryption....

1
0
Thumb Down

Don't let Government apologists tell you What the patent says....

You really need to read the patent.. this goes far beyond just intercepting skype communications. FAIL.........

Read the patent yourself. This is 1984 in disguise giving the government easy access to spy on all packet based communication EG ALL INTERNET TRAFFIC not just skype. FAIL!!!!!

3
0
Black Helicopters

But of course....

There is a certain degree of legitimacy in the government sponsored intercept. Part of the deal between public and government requires them to protect us. I agree with and expect this - with certain caveats, judicial oversight etc... OK there are some threats that could be argued to have been manufactured, Blair and Co. certainly kicked over a few hornets nests.

However, power corrupts, and the trawling of the entire Internet, VOIP included, is now fed to a number of gangster types, protecting corporate America.

Further details of commercial misuse of government data, and a clear description of what "Echelon" does, see: http://www.nsawatch.org/echelonfaq.html

0
0
Silver badge

Embrace Extend Extinguish

MS buys hot chips, pisses in them!

Its the only thing MS have been good at for 20 years and now they don't even realise they've still got their dick in their pants.

They just paid $8 billion for something just to shit on it? I cant even mix my metaphors properly I'm laughing so hard!

1
0

Page:

This topic is closed for new posts.