Skype has hit back against a wave of stories speculating that the internet telephony outfit has made chat recordings, call logs and other user data more available to the authorities. In truth such assistance to law enforcement has been going on for at least five years, as Skype itself acknowledges. A series of stories in Slate, …
Oh come on, do they really think everyone is that stupid?
Governments, especially the US, are openly trying to get access to all data they can and the meetings with various service providers about interception is common knowledge. They have been requesting some companies have backdoors in software or master keys for some time now.
Pointing out that they could already give some Skype info in the past does not negate the fact that the change in structure along with new techniques can give them more information than just connection details and times, which is what the US government is pushing them for.
For all the fluff in their rebuttal of more wiretapping, Skype have not actually denied they are implementing changes that increases the wiretapping abilities of law enforcement. They have gone all around the houses to give other explanations but they have not denied the accusations at all.
Re: Deny everything
"Pointing out that they could already give some Skype info in the past does not negate the fact that the change in structure along with new techniques can give them more information than just connection details and times, which is what the US government is pushing them for."
I think the point is that it doesn't give them more - that the capabilty to listen in is already there. When they basically admit that they can already do this, it does take the wind out of conspiracy theories that they're adding the capability. Or have I missed something? I always assumed that Skype had the technology to do this already. Where did all these people come from who thought they didn't or is this just the media trying to be shocked on other people's behalf again?
Re: Deny everything
They have only admitted before to giving law enforcement logs that show who was talking to who and timestamps of conversations as this is all they could provide. However now they will include the actual content of conversations, which is the difference.
Before the change in the network structure of skype , there were situations where direct connections between parties could be made so these conversations could not be intercepted and spied on easily. Now the content of these conversations can also be recorded.
People who do not want the authorities to know what they are talking about will use other methods anyway. Linking who talks to who and when may help law enforcement with some small petty crimes but they use the terrorist fear to bring in snooping which will not help help catch terrorists.
Don't trust it if you don't do it yourself.
That's what people should take as a default. Any telecoms provider (old or new) will help law enforcement listen to your calls. If they didn't, the various governments would flatten them. Email and modern telecomms have been the best thing to happen to Intelligence agencies in centuries.
The technology for secure communication is there, however. In fact it's used - for example Lync (way better than Skype) supports encrypted voice (and IMs) and you can use that, but you need your own network, otherwise you still have a third party in the loop.
But there are fine Open Source products for this as well. A few things are needed though - wrapping this up in a more friendly fashion for the WIndows and Mac users is one. (Linux users can handle themselves. And so can plenty of Windows and Mac users but even these have to admit they're a small part of the userbase). Secondly, the ability to move your account around without faffing around with certificates, etc. A nice touch is that in recent years we have been provided with an additional component to make doing this ourself easier - the unique identifiers in modern computers and smartphones used for DRM, can also be used for giving ourselves unique profiles without faffing around with security certificates or trying to work out how to call someone from a different device. You could use the APIs in Windows 8 to add devices to your account, just as you can with any Metro program. And I expect you could put something together in OSX also. Then you have an account with approved devices that you can use to make encrypted calls.
What's lacking? Well critical mass and a provider that can plug your VOIP service into the normal phone networks. Companies are available that provide the latter. Obviously once you dial outside the network then you're no longer encrypted, but the idea is to get more and more people on the network. VOIP is where we'll end up sooner or later anyway. Applications should have a little padlock indicator like HTTPS in browsers - indicating that this call is secure or not.
Anyway, just thinking online. If you're using a public network, you are solely reliant on your country's judiciary to protect you from snooping so the question is do you trust them? Sometimes you're even dependent on another country's judiciary! If your call goes through the USA and you're not a citizen, take it for granted that they'll listen in if they want to. Exactly how far did we get with prosecuting the Bush administration for illegal wiretaps. Not far - the Obama administration killed the investigation as soon as they got into power. If you want privacy - you need to do it yourself.
Read it properly
"The move to supernodes was not intended to facilitate greater law enforcement access to our users' communications."
Either law enforcement is already happy with the access it's got or the move to supernodes was not intended to facilitate greater law enforcement access but that's the happy side-effect of the move.
Re: Read it properly
Agreed. Everything is couched in terms of "intent", not in terms of the scope of the functions.
If you want privacy don't use electronic networks.
We don't let the Feds use our gear...
...we gave then the encryption keys so they can use their own. They only use ours to pretend they don't have direct access and scan every conversation that takes place in real time.
Of course it's not absolutely secure, nothing is..
It's a bit like corruption; everyone (in this case everyTHING) has its price.
For basic calls, Skype is OK, but if you're discussing stuff which cannot brook intercept risk (which can be simply discussing prices on a major deal, it doesn't need to immediately be terrorism), Skype isn't the best answer.
We spent a YEAR looking for the best product, and ripped apart all sorts of concepts which looked good bu were either flawed in approach, crypto, implementation or even legality. Where you host also determines how vulnerable you are to ABUSE of law - the UK with its badly controlled and not-so-transparent use of RIPA and Anti.Terror laws is a good yet disappointing example.
In the end we took a product, but hosted it ourselves..
Re: Of course it's not absolutely secure, nothing is..
"In the end we took a product, but hosted it ourselves.."
Mind my asking what you chose? I can't find anything off the shelf that would be easily deployable and supportable across a lot of users. I was going to look into Lync but deployed with our own server obviously. It's closed source unfortunately, but probably safe. Thoughts?
Is Encryption a 4-letter Word?
Personally, I have no sympathy for anyone who cries foul when they entrust sensitive information to 'the network' unencrypted and get burned. As Ron White remarks, "you can't fix stupid."
Anonymous posted all that information on Microsoft to better enhance their service, for Microsoft's benefit. Microsoft is now aware of their security flaws, so they can better secure them, so they should be happy also.
So glad Microsoft recognizes enhancement of services.
It' not Skype I don't trust, it's Balmer and his gang of Federal btown-nosers
MS has always been open door to Plod from all countries. They even wrote tools to hack their software,
As far as I am concerned all written material carried by Skype gets encrypted.
"Skype is not transparent about its surveillance capabilities"
More importantly, are they allowed to be wholly transparent about what they let various national governments see and hear? Sounds like the sort of thing they may not be allowed to advertise.
Look at the brouhaha involving wiretapping in the States not so long ago. Telecomms folk complied with the government, and were granted retrospective immunity from the laws they had to break in order to do so. Lets be honest here, they've got a limited ability to say 'no'. So if you're not using some suitable encryption system on all your calls and emails and letters, you should never assume that they're private.
Either this is a case of some journalists suddenly waking up to how easily they can be spied upon, or somebody has shorted their Skype stock and has been spreading a little FUD...
My Skype alternative is Brosix
For me, I personally decided to shift to Brosix ! I think it is free, much more secure than Skype and there no ads in the clients to pop out below contact list as Skype does !