Feeds

back to article A backdoor into Skype for the Feds? You're joking...

Heavyweights of the cryptographic world have lined up behind a campaign against proposed US wiretapping laws that could require IT vendors to place new backdoors in digital communications services. Technical details are vague at present, but the planned law could mandate putting wiretap capabilities in endpoints to cover …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

I wonder what terrorist threat will be dreamt up next to get this legislation over the line...

23
0
Anonymous Coward

I heard that terrorists are trying to recruit people by using porn!

Therefore, we should ban porn!

1
0
Silver badge

Or we should mandate a federal law enforcement back door

6
1
Silver badge

" I heard that terrorists are trying to recruit people by using porn!"

No. The Islamic nutters hate porn therefore we have to encourage more porn (plus beer and bacon)...

2
0
Bronze badge

The next threat is that Big Brother's safety is threatened by unknown terrorists who SMS text one another to coordinate their attack that will stop the Oceania from conquering Airstrip One.

1
0
Bronze badge
FAIL

RE: get this legislation over the line...

More likely some bastard will spout "Think Of The Children!!!" as the excuse for this.

0
0

This post has been deleted by a moderator

Anonymous Coward

Re: Every call you make with Skype gets copied to MS servers

"services such as Skype, Google Hangouts and even Xbox Live."

I see that selective reading is still working out well for you, Eadon.

8
3
FAIL

Re: Every call you make with Skype gets copied to MS servers

To be fair he has a point. The FACT is that CURRENTLY every SKYPE call is copies to MS servers. These laws should they come to pass will instruct other companies to follow suit. So it is you sir, who is reading between the f*cking lines.

7
4
Anonymous Coward

Re: Every call you make with Skype gets copied to MS servers

I had a quick look and couldn't find any website which states (unless you read between the lines) that Microsoft retains calls & IMs. The only exception I found was that if a message fails to be delivered then it is stored on a temporary basis until it is able to be sent.

That said if you can point me to a legitimate source then I'm more than willing to be corrected.

0
0

Re: Every call you make with Skype gets copied to MS servers

There was discussion recently (may have been mentioned on Slashdot as well, can't remember) regarding the uninvited Redmond based requests being seen against URL's shared in Skype chats.

In fact, I think El Reg even mentioned a story on it.

6
0

This post has been deleted by a moderator

Linux

Re: Every call you make with Skype gets copied to MS servers

Why does this suprise anyone ?

After all its very likely their OS also has backdoors.

With closed source software you would be silly to assume there is not a backdoor..

1
0

Re: Every call you make with Skype gets copied to MS servers

They obviously store IMs, because the back history is there forever, until you delete it. Which is a useful feature.

0
0
Anonymous Coward

Re: Every call you make with Skype gets copied to MS servers

"They obviously store IMs, because the back history is there forever, until you delete it."

I was being driven crazy by old Skype conversations re-appearing across several PCs when a remote contact was detected as online. Someone said the history was stored on the PC - so I did a few experiments.

Unlike MSN "no history" does not delete the log on closing the window. It only does it when you logout of Skype. As I always hibernate PCs - then it never removed the logs.

However I am not fully convinced that there isn't a copy on the Skype servers.

0
0
Anonymous Coward

Time for open source peer-to-peer

Time for platform independent peer-to-peer instant messaging software, VoIP software, and (for the heck of it) email software, to run on every major PC & phone OS.

7
0
Silver badge

Re: Time for open source peer-to-peer

You might want to give Bitmessage a look.

2
0

Re: Time for open source peer-to-peer

https://dukgo.com/blog/xmpp-services-at-duckduckgo

0
0
Bronze badge
Alert

Re: Time for open source peer-to-peer

You might want to give Bitmessage a look.

The documentation says "Each message requires a proof of work that is designed to take around four minutes." Please correct me if I'm misunderstanding something, but that doesn't sound like a substitute for instant messaging.

0
0

Almost too damned depressed to think about it

Call me Mr. Cynical, but I assume that there is always a back door in any given system. It may have been put there for the best of reasons, but it will be exploited and abused; and usually by people that insist it is for our own benefit.

@ AC 11.11 GMT - if you don't use these systems, you must have something to hide and therefore be a terrorist?

4
1
Bronze badge
Happy

Re: Almost too damned depressed to think about it

I agree - and this always makes me laugh, because it's like in poker, weak is really strong, and strong is really weak.

The FBI argue the net is “going dark” to them, thanks to encryption technologies which render valid wiretapping warrants useless.

FBI: YEAH, uh, hey look, um, we can't read your encrypted communications, nooooo sir, so, uh, go ahead and write all those messages because we (cough) can't read them. Nope. La de da, la de da...

4
0
Black Helicopters

In the name of the big and bad terrorism threat, where each and every foreign state is perceived as potential (future) threat, all is permitted.

Everyone opposing this is not very patriotic and must therefore be a terrorist.

Its a case of 'if you're not with us, you're against us', simple really.

4
2
Silver badge
Facepalm

Re: Mr C

"In the name of the big and bad terrorism threat, where each and every foreign state is perceived as potential (future) threat, all is permitted....." So, are you denying that there is any terrorist threat or that you don't think they use encrypted coms? Try taking off the trendy ideological blinkers and learning a few home truths - they're not just using OTS products like PGP, they're writing their own (http://www.pcworld.com/article/142149/article.html, http://www.wired.co.uk/news/archive/2012-05/03/how-al-qaeda-hid-secret-docs-in-a-porn-video, http://www.schneier.com/blog/archives/2013/02/new_al_qaeda_en.html).

As to those that think importing foreign opensource software is a good idea, I'm sure the FBI would agree - it would be the equivalent of one person in a crowd wearing a shirt saying "Look at me, I'm doing evil!" All the FBI/NSA have to do is record the encrypted stream (they can claim reasonable grounds), arrest you and then get a court order for you to decrypt it or go to jail for contempt. After the first dozen or so anarcho-liberal twits have gone down "to prove a point" I would suspect the popularity of said opensource software to dip sharply.

0
8
Bronze badge

Re: Mr C

"it would be the equivalent of one person in a crowd wearing a shirt saying "Look at me, I'm doing evil!" All the FBI/NSA have to do is record the encrypted stream (they can claim reasonable grounds), arrest you and then get a court order for you to decrypt it or go to jail for contempt."

I'm no legal expert, but I don't think that would pass constitutional muster any better than arresting the guy just for wearing your "I'm doing evil" shirt would.

3
0

Re: Mr C

There are ways to encrypt stuff so that you can plausibly deny you have the ability to decrypt it any more.

0
0
Anonymous Coward

@Matt Bryant

I think he might be arguing that where discussion of 'terrorism' is concerned, truth, reason and proportionality went for a long walk years ago and rarely feature in any current debate on the topic. If the FBI is screaming for something, it doesn't mean that the reason they want XYZ is the one stated, or if it is, that there won't be plenty of mission creep that will leave the population wondering whether worrying about terrorists actually wasn't safer than living in fear of state organs with way too much power. As to the ideological argument; the swivel eyed right wing nutjobs are the arsewipes using 'terror' for everything from getting kids to eat their greens to selling overpriced security kit that doesn't work to stopping Joe Public photographing trains, etc, etc.

I've spent plenty of time in places where blowing things up as protest is something of a national sport, but it's always the implacable gents with the suits, shades and the weight of the state's ideology du jour behind them that make me really fucking nervous.

2
0
Silver badge
Facepalm

Re: Re: Mr C

"I'm no legal expert, but I don't think that would pass constitutional muster....." Please feel free to put it to the test. You could get someone in Pakistan or some other NSA/FBA hotspot to start sending encrypted messages to you and see what happens, and I'm sure helpful types like the ACLU would be racing to your defence. But don't be surprised if that comes after the police have raided your home, your office, interviewed all your friends, colleagues and family, and whilst you're in an orange jumpsuit and sharing a cell with someone probably not too wonderful whilst your family scrabbles to seel stuff to make your bail.

0
0
Silver badge
Stop

Re: @Matt Bryant

Whilst I'm generally in agreement with the idea a lot gets passed simply because it has "counter-terror" tones, I have to point out your accusation that " the swivel eyed right wing nutjobs" are the source is simply too silly for words. For a start, in the UK, the years of Tony Blair's and then Gordon Brown's Nu(t)Labour showed the Left is much more determined to trample on rights than the Tories (remeber the ID cards fiasco?). In the US the Dummicrats have proven just as adept at using their powers as any of the Bush administartions (for example, Obambi has upped the number of drone strikes, and where do you think they get the targetting info from?). And let's not get started on the good ol' USSR and friends and their histories of "the end justifies the means, Comrade".

0
0
Anonymous Coward

Re: @Matt Bryant

"For a start, in the UK, the years of Tony Blair's and then Gordon Brown's Nu(t)Labour showed the Left is much more determined to trample on rights than the Tories (remeber the ID cards fiasco?)."

The Blairites were so far right in the Labour party that they made many of the Tories look decidedly liberal.

That is not to say that extreme left wing of the Labour party aren't conservative ( small 'c' ) about most things. The Labour Party for decades were a bit like the CofE - many of their members had forgotten the original guiding principles of equality and tolerance.

1
1
Anonymous Coward

Re: @Matt Bryant

"I have to point out your accusation that " the swivel eyed right wing nutjobs" are the source is simply too silly for words"

Sorry, perhaps my "silly" bit of childish venting trivialises swivel eyed right wing nutjobbery too much. I think most here would understand who was being referred to, and as my fellow AC commentard points out Blair and crew were every bit as right wing, as Perle, Feith and co. You make the mistake of assuming the simplistic political labels bandied about entirely define the content - politicians seem to use 'left' (especially) and 'right' more as advertising slogans than statements of intent these days.

I still fail to see your point though. Anyone with an immutable fixed ideology that requires that they remake the world in the manner in which they THINK it should work ought to be suspect, and in UK terms that covers the entire current political mainstream. All political flavours subscribe to the idea of enabling big business to make pots of cash, irrespective of social consequences or geopolitical fallout, and will happily spin anything that moves to shift public opinion/expectations and make black look like a nice shiny white. Political spokestypes of any hue serving up 'terrorism with everything' is invariably a grotesque distortion of the facts to suit their own ideological ends, with the inevitable punted solution ("That's why we...) either amounting to handing a pile of cash to big business or ratcheting up state intrusiveness. Ideological obsession will kill us all, whether or not its labelled 'left' or 'right'.

0
1
Silver badge
Facepalm

Re: AC Re: @Matt Bryant

".....Blair and crew were every bit as right wing...." Perfectly true, it is very obvious that Blair was not a die-hard Leftie for the simple fact he was electable, some of the Party having realised they needed to hide behind a veneer of Centralism if they ever wanted to get enough public appeal to get back into No. 10. But they've fixed that and let control of Labour fall back into the hands of the unions, and their puppet Ed will ensure they remain unelectable for a good many years. Enjoy!

In the meantime, anyone thinking about using an off-the-shelf encryption tool might want to consider a simple fact - The Man (as you no doubt refer to the authorities in your paranoid fantasies) has had the capability to monitor website traffic for years. They can sit there and watch Abdul Wannabe Jihadi logging in from Birmingham to killthekaffir.com and log his every click - do you seriously think they haven't been watching the encryption vendors too? Ever wonder why AQ stopped using PGP and started writing their own encryption tools? DUH!

0
0
Anonymous Coward

So glad I only use IRC.

0
0
Anonymous Coward

Yeah, because there is no way that IRC traffic could be intercepted... Err...

0
0
Anonymous Coward

Perhaps, but at least there I can make a joke about blowing up Robin Hood airport without the Gestapo kicking down my door the next morning.

3
0
Facepalm

@ AC 12:27

Yeah, because there is no way that IRC traffic could be encrypted...

0
0
Pirate

Tin hat

Given how badly the Government manage the security of their own systems, how long would it be before this access was misused by someone else.?

2
0
Silver badge

Call me cynical, but I suspect a lot of the moves towards security by Joe Public for communications have been driven by the uncovered abuse of surveillance powers by all sorts of governments and companies/RIAA types.

3
1

Well, that's kind of what happened in the UK when the head of the Association of Chief Police Officers wrote to all the police forces to tell them to calm down on the whole harassing people taking photos thing. His motive wasn't that it was wrong or even illegal (in some cases) but that "the public" were actually starting to check what their rights really were ...

15
0
Silver badge

Shades of clipper

A smart phone is more than capable of running an app that offers end to end encryption as well as hiding which two devices a conversation or data transfer was occuring between. Security services might be able to glean some information about the call with traffic analysis but not the actual content.

Seems like little gain for such an odious law. A law which is bound to encounter serious domestic opposition and one that foreign companies and open source projects would actively circumvent.

It also reminds a bit of the clipper chip, an encryption chip that used a weak cipher and a key stored in escrow so security services could conduct surveillance of voice traffic. That particular plan fell on its backside after widespread opposition and I hope the latest efforts do too.

8
0
Unhappy

Is this the 90's again?

Wasn't legalized fed wiretap ability the argument Clinton made about the clipper chip back then? Let it die already.

1
0

And then...

Of course the next law that will have to be introduced is the one making it illegal to use any communication system that doesn't have a back door. "Oh, you were using that fancy foreign encryption system no back doors. I sentence you to 10 years!"

6
0
Anonymous Coward

Re: And then...

"Of course the next law that will have to be introduced is the one making it illegal to use any communication system that doesn't have a back door."

The precedent for that law already exists in the UK. On certain police investigations - if you can't provide the key to an apparently encrypted file then it's a criminal offence. I believe it is a two year jail term. Doesn't matter if they do not find any evidence of the original suspected crime.

3
0
Silver badge

Re: And then...

"On certain police investigations - if you can't provide the key to an apparently encrypted file then it's a criminal offence. "

Certain crypto products like TrueCrypt provide a measure of deniability by offering a shadow volume functionality. Basically two keys work on the same data, one leading to the real data and one to the fake data. Providing your data is sufficiently "sensitive" but not incriminating you can disclose that key and the cops and CPS would be hard pressed to convince a judge you had not complied. e.g. fill the phony volume with pictures of your knob, suicidal thoughts, scans of your bank statements or anything else someone might wish to keep secret but of no relevance to the investigation and give it up when requested.

I doubt it would be easy to do in the context of a realtime conversation on a phone though. The device would have to generate and throw away the session keys so it was utterly impossible for someone to give them up even under duress. Additionally perhaps the app itself could make "phantom" connections between nodes mimicking real traffic, or act as a proxy between other nodes (a la freenet) as another form of deniability.

2
1

Re: And then...

If they suspect you of something and you're using Truecrypt, they will suspect the hidden volume is present.

3
0
Silver badge
Big Brother

they can suspect all they want

they can't *prove* it. That's the whole point. Although in the UK, the Home Secretary can lock people up without proof, so it's a redundant exercise.

1
2
Silver badge
Happy

Re: JimmyPage : they can suspect all they want

"they can't *prove* it....." Yes they can. All they need is a surface level scan of the drive and a professional to stand up in court and say "Yes, M'Lud, that pattern does not look randomly generated, therefore I believe the accused has a hidden partition they did not admit to and that they tried to hide, in contravention of the court order issued by yourself to oblige him to do so." Game over, do not pass go, do not collect your £200 in Bitcoins, just go straight to jail.

1
4
WTF?

Re: JimmyPage : they can suspect all they want

So they can look at the randomn data generated by Truecrypt to fill the empty space when the volume was created and tell the difference between that and the random-looking data generated by encrypting a file and writing it amongst that random data?

That's one hell of an expert you have there.

With respect, that sounds like a piece of Star Trek "insert technical stuff here" script. You've used a technical phrase and followed it with your required conclusion but it is, in non-geek parlance, utter bollocks.

4
1
Silver badge

Re: And then...

"If they suspect you of something and you're using Truecrypt, they will suspect the hidden volume is present."

They can suspect all they like. Convincing a judge is another matter, which is why it might be a good idea to make the fake volume as sensitive and personal as possible. Just not incriminating.

1
1
Silver badge

Re: JimmyPage : they can suspect all they want

""they can't *prove* it....." Yes they can. All they need is a surface level scan of the drive and a professional to stand up in court and say "

Then you wheel out your own expert who says how full of crap theirs is. That Truecrypt is a popular, free and ubiquitous tool that it's a considerable effort to set up a shadow volume, that they've offered no evidence that there is one, that the effort required to make one renders the presupposition highly questionable and that if there is a shadow volume it would be virtually impossible to test because of the way the software functions.

Then you get your defence to reiterate that the defendant has been completely forthcoming during the whole investigation and the only reason he initially refused to disclose his password was the highly personal nature of the "my genital wart pictorial diary" content on the volume which he subsequently relented to show and he knows nothing about the arms smuggling allegations the prosecution is on about.

2
1
Silver badge
FAIL

Re: JimmyPage : they can suspect all they want

"So they can look at the randomn data generated by Truecrypt to fill the empty space when the volume was created and tell the difference between that and the random-looking data generated by encrypting a file and writing it amongst that random data?...." Nope, all they need is an expert prepared to SAY it looks like an encrypted volume, which then makes it your word versus that of the coppers, and guess which way the average judge and jury will lean after the prosecutor has done a good job of slinging mud at your rep? The coppers don't even have to PROVE there is an encrypted drive anywhere, just that they REASONABLY SUSPECT (the actuall RIPA Part 3 Section 49 uses the phrase "believes, on reasonable grounds") there is one. They serve a Section 49 notice and the onus effectively shifts to the accused to prove there is not an encrypted partition or give up the key(s). Any info they can find to make it look like you have played with encryption (such as showing that someone from your IP address visited www.truecrypt.org, for example) just adds to their case. Having an encrypted volume inside an encrypted volume is just asking for trouble as it shows you are actively trying to hide information, giving the prosecution a stick to beat you with in court.

You may wish to consider the case of the animal rights activist convicted under RIPA, who insisted she did not even have any encrypted info on her PC (http://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice/).

1
0

Page:

This topic is closed for new posts.