back to article No Skype traffic released to cops or spooks, insists Microsoft

Microsoft's Skype subsidiary didn't hand over any user content to law enforcement, according to the software giant's first ever report on how it deals with official requests for data. As previously reported), Microsoft's transparency report revealed that Redmond received 75,378 requests from law enforcement agencies worldwide …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Doesn't need to hand it over

Security services can just plug straight in without having to ask so Microsoft can easily say "we don't hand anything over".

All you businesses buying Lync, doesn't this make you feel nice and secure with all that Skype integration ?

7
7
Anonymous Coward

Re: Doesn't need to hand it over

It's the man, they're out to keep us down!

Yes the security services can magically plug into skype, the point to point service...

2
6
Anonymous Coward

Re: Doesn't need to hand it over

Whereas you can have an Open Source, such a Ignite that uses XMPP .....ha ha ha ha ha haaaaaaa, secure, oh please your killing me...

1
3
Silver badge
Big Brother

Re: Doesn't need to hand it over

Another case of " Don't piss down my back and tell me it's raining."

The likes of the CIA and MI5 are not Law Enforcement agencies. I wonder what the numbers of inquiries relating to security services are and how many of those were refused? Not many I'll bet!

When someone bigger and tougher than you has easy access to your back door I suppose you just have to bend over and be their bitch!

9
0
g e
Silver badge
Holmes

Re: Doesn't need to hand it over

That was my first thought, too, they don't need to actively hand anything over as an 'enforcement' request likely just consists of 'What was the wiretap server's IP again?'

3
1

Re: Doesn't need to hand it over

Skype stopped being proper decentralized p2p after Microsoft bought them, so it's not improbable that a central supernode can alter the routing of your calls to go through a central server to facilitate wiretapping.

6
1
Anonymous Coward

Re: Doesn't need to hand it over

Yes the security services can magically plug into skype, the point to point service...

Lots of ways in which you theoretically get access. Reroute traffic from a Skype super node, backdoor the code so you can jack into a session in progress at source or target (transit is harder because traffic can switch routes), use Skype as a launch platform to import all sorts of other "features" on demand (helped by the fact that lots of people leave Skype running)...

4
0
Silver badge

Re: Doesn't need to hand it over

"Yes the security services can magically plug into skype, the point to point service..."

Point to point, via Mae East or Mae West, or LINX, or any of a few other choke points that can quite easily be sniffed, you mean?

Come on. This is hardly a new trick.

2
1
Anonymous Coward

Re: Doesn't need to hand it over

Not Mae West, she went offline in 1980..

0
0
Bronze badge
FAIL

Re: Doesn't need to hand it over

And that NSA key didn't belong to the NSA, it was as Microsoft said: just an unfortunate string choice.

Right... Microsoft will be selling swampland next...

1
0

This post has been deleted by a moderator

Anonymous Coward

Re: Only believe a rumour

You're such a fucking 'tard.

The only requests reported are law-enforcement based because non law-enforcement bodies don't need to make requests. Not because "Microsoft gave them backdoors wah wah boo hoo you should use Google services and FOSS which is similar in terms of code security but maintained by shitheads like Eadon and therefore a gazillion times less secure"

Because ECHELON. Can the chaps in the Doughnut translate a call made from Skype to Viber and rerouted through Tango and identify all parties involved without asking anyone at all?

Oh yes. More easily than you can buy yet another cheeseburger, you stupid fat bastard..

1
11
Silver badge
Windows

Re: Only believe a rumour

Blimey- what a knob AC!

3
1

This post has been deleted by a moderator

Anonymous Coward

Re: Only believe a rumour

Google's not so bad and code security in FOSS is actually quite good.

However, FOSS requires admins and a badly set up linux server is actually worse than a spoonfed GUI-driven Active Directory setup by a long way. The GUI prevents the most idiotic errors while the console allows Eadon and his ilk free rein to be cretins.

Oh. Here's how technical Eadon is - his blog for his toy that Duncan Bannatyne wouldn't shit on - or it would be if Google hadn't decided it was host to malware.

2
3
FAIL

Re: Only believe a rumour

"Can the chaps in the Doughnut translate a call made from Skype to Viber and rerouted through Tango and identify all parties involved without asking anyone at all?"

Cite references to support your claims, or STFU and go back to watching X-Files reruns.

1
1
Anonymous Coward

@Flip

Cite references to support your claims, or STFU and go back to watching X-Files reruns.

There's very little X-Files about it. The place is incredibly dull and filled with dull people ruled over by bureaucrats. That doesn't change the fact that aren't actually many other jobs going for a PhD pure mathematician so dull in this case tends to equate to "really very good at crypto-boffinry".

I am not a crypto-boffin. I've just seen them at work.

As for references, well... there aren't many published papers on the internet about the upgraded capabilities of ECHELON. For obvious reasons. So you can dismiss my comments and blame it all on eeeeeeeeeevil Microsoft (and Google since they listen to Google Talk too, not that you want to hear it) as you see fit.

That doesn't make them any less accurate.

2
0
Anonymous Coward

@AC 14:26GMT - Re: Only believe a rumour

... badly setup by Windows sysadmins Linux server.... There, I fixed it for you! Oh and for your information, an ugly command line console actually keeps the idiots away. Microsoft's latest failures with their cloud services ( http://www.bbc.co.uk/news/technology-14851455 ) wouldn't have happened at a command line. You certainly need GUI for that.

3
2
Silver badge

Blah blah ECHELON blah

Didn't help toward the tail end of 2001, did it?

How does ECHELON track the source of a message sent via onion to a directional radio, disguised as 35mhz model aircraft servo noise, to onion again, through the compromised computer of someone who thought they were getting free porno, bounced around inside the data centre of an admin who thought that USB mouse in the post really was a free manufacturer sample, out to an embedded system stuck in a tree with a solar panel, through someone's compromised wifi router and galivanting merrily on its way to a botnet stolen through the use of clever Google searches, embedded into a jpeg as slightly shifted luminance values and then recieved by some guy in a 3rd world country with a satellite downlink accessing the web server on one of the botnet nodes?

It might not exactly be Skype, but you don't really need much bandwidth to say "the plan is go, Ahmed."

Question is whether you need to trace the message at all.

1
1
Anonymous Coward

Re: Blah blah ECHELON blah

Didn't help toward the tail end of 2001, did it?

Actually, it did. Stuff was picked up. You can't blame the tech for the fact that nobody acted on it.

2
0
Facepalm

Tinfoil hats

Seem to be a must-have fashion item round here.

In a world where unencrypted email is the day to day reality, the abilty of 'security professionals' to make balanced views of risk seems a litte off.

2
5
Bronze badge

Re: Tinfoil hats

Big firms SHOULD ask for non backdoor systems.

Why? Industrial espionnage. Happens every day...

2
0

This post has been deleted by a moderator

Silver badge

Re: Tinfoil hats

Actuall, Eadon, you have to produce (internally) your own experts, otherwise you're just relocating your trust.

3
0

This post has been deleted by a moderator

404
Bronze badge
Mushroom

Lies.

Microsoft is trying to mollify the unwashed due to the April 6 deadline to convert from Winders Messenger to Skype - fuck 'em, ICQ still works (until I can write or find a replacement for the family bidness)

5
1
Silver badge
Black Helicopters

Nothing to see here, move along.

Yesterday upon the stair

I met a man who wasn't there

He wasn't there again today

I'll bet he's from the CIA

-----------------------

Apols to: William Hughes Mearns

7
1
Anonymous Coward

I am not saying this is true in this case, but...

"We have turned over no customer data to law enforcement.

<sotto voice>... because all data, once it hits our service, is no longer customer data; it belongs to us.</sotto voice>"

I in no way assert this is the case with Skype and Microsoft - I just observe that these are the sorts of semantic games Big Corporations play. This could just as easily apply to Apple, Google, or anybody else.

6
1
Flame

Use Skype

* To run a bank and burglar it

* To start a war on a pretext

* To organize terrorism aimed against "Axis of evil" states

But don't you dare to use Skype to

* Organise a protest against the banker-robbers

* Organise a protest against ethnic cleansing and Apartheid by a certain state

Skype is essentially as secure as using a HF ham radio and talking to someone in Rome while sitting in London. I am sure they can only operate in Russia because the Russians have the master key to ALL traffic. And the same is with all other nation states, of course.

3
1
Flame

Plus

If you dear shills want to disprove my claims, then please ask your paymasters in Redmond to publish a Whitepaper on how Skype crypotology actually works. So far all we know is that they use some obfuscated crap that is modified DES. We don't really know how they distribute keys, how they properly authenticate and most important, how Lawful Interception actually works.

If you, dear shills, tell me that "the technique of lawful interception is secret", then we simply have to assume you leak the key to "everybody who potentially needs to know". As you are a commercial entity, I have to assume you simply XOR the session key with a constant and then slowly insert that into the bitstream. The only real security being the specification how the session key is leaked. In other words, a determined hacker will get access, too.

4
0
Anonymous Coward

In the meanwhile, in Saudi Arabia...

(to paraphrase Life of Brian)

http://www.bbc.co.uk/news/world-middle-east-21932432

1
0
Big Brother

Releasing Skype content?

"The software giant explained that its practice is to require a valid subpoena or equivalent document before releasing non-content data and a court order or warrant before turning over content"

I thought Skype used end-to-end encryption?

"All Skype-to-Skype voice, video, and instant message conversations are encrypted. This protects you from potential eavesdropping by malicious users."

Does Skype use encryption?

Does Skype use encryption?

1
0

This is ofc assuming there isnt some sort of government/judicial order covering up data requests... I've not read the report but if a request for information had a secrecy clause then microsoft couldn't report it?

0
0
Anonymous Coward

I assumed that microsoft had bought skype on the government's behalf in some gomar explorer-esque black operation.

http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/

http://www.theregister.co.uk/2011/05/10/microsoft_buys_skype/

1
0
Black Helicopters

The UK authorities made /more/ requests for user data than the US authorities. Not more requests per capita. More requests. That is pretty worrying. Hopefully that is just because the Olympic year was included and this isn't a general pattern.

0
0
This topic is closed for new posts.

Forums