- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Microsoft may or may not have the ability to tap Skype phone calls, but the company just won't say, and it's not clear why.
Asked a yes/no question whether it can intercept encrypted calls made over the peer-to-peer voice and video service, the company says it tries to help out with legal eavesdropping as much as it can, but won't say exactly what that means.
"Skype co-operates with law enforcement agencies as much as is legally and technically possible," a company spokesperson says in an email response to questions about the capability. It's an answer that begs the question of whether it actually has the ability to tap calls as law enforcement agencies might request under the U.S. Communications Assistance for Law Enforcement Act (CALEA).
Asked why the company won't give a simple answer, the spokesperson responds: "It's the company position. You have our statements. That's all I can say. "
Suspicion that Skype might have means to eavesdrop on calls built in cropped up when Microsoft was issued a patent earlier this year on lawful intercept, aspects of which "relate to silently recording communications." This is done by modifying call requests so the communications path that is set up includes a node with a recording mechanism.
Beyond the issue of a built-in eavesdropping technology, the effectiveness of Skype security is also being questioned. Before Microsoft bought it last year for $8.5 billion, Skype was known for being secure through obscurity. The company would reveal nothing about the encryption it used, and governments demanded that Skype make it possible for them to listen in on the encrypted calls, and that is the current situation.
A report last year says the Egyptian government had the ability to eavesdrop on Skype calls made by dissidents during the uprisings there in 2010. It's not clear whether the government broke Skype's security or whether it had installed malware on Skype endpoint computers to capture calls as they were being played unencrypted on speakers or picked up by microphones.
As a consequence, the Electronic Frontier Foundation says to avoid Skype if security is essential and content is meant to remain private. "At this point we strongly recommend against using Skype," says Peter Eckersley, technical projects director at EFF.
A great deal of focus has been put on cracking Skype since it first became available in 2003, he says, and now he's heard rumors that surveillance companies have gear that can capture encrypted Skype voice streams and decrypt them later so they can be listened to.
If Skype can be tapped to accommodate law enforcement, not talking about it may be Microsoft's way of retaining the aura of security, says Matthias Machowinski, an analyst with Infonetics. "My guess is that it has something to do with changes in ownership," he says. "It used to be this scrappy little upstart. To a certain degree, they didn't have to comply with the requests of the U.S. government. Obviously they're in a whole different position now."