Is Skype Helping Law Enforcement Spy on Conversations?

The hot issue on tech sites Monday was that Skype could be spying on your conversations, helping law enforcement should they have a reason to listen in.

According to Slate, Skype has in the past resisted laws in the United States that would require online chat companies to comply with creating a wiretapping "backdoor" to accommodate requests by law enforcement. This stance could have changed with a recent tech update, but Slate says Microsoft, which operates Skype, is not divulging that information.

CNET reports in the past Skype was "so heavily encrypted that the company went on the record about not being able to participate with wiretapping." Slate reported that Skype has been considered "virtually impossible to intercept."

But as WebProNews explains, in May Skype moved from peer-to-peer (P2P) network connections to its own Linux-based server. It calls the move "funny because Microsoft was using Linux servers instead of Windows Servers to host Skype." It is this switch that could allow for the backdoor into wiretapping capabilities.

It was previously impossible due to the strong encryption and P2P networking that powered the service. The move to dedicated servers would definitely make it infinitely easier for law enforcement to wiretap Skype calls.

Slate points out that accusations against Skype first started by hackers who said the flip was made to allow for "lawful interception" of online calls. This notion was rejected by the company, but Slate probed further. Here's what Slate's Ryan Gallagher found:

[...] when I repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming. Citing “company policy,” Skype PR man Chaim Haas wouldn’t confirm or deny, telling me only that the chat service “co-operates with law enforcement agencies as much as is legally and technically possible.”

So what has changed? In May 2011, Microsoft bought over Skype for $8.5 billion. One month later, in June, Microsoft was granted a patent for “legal intercept” technology designed to be used with VOIP services like Skype to “silently copy communication transmitted via the communication session.” Whether this technology was subsequently integrated into the Skype architecture, it’s impossible to say for sure. Perhaps Skype’s reason for refusing to answer the interception question is because Microsoft has instituted a stricter media strategy than back in 2008. Either way, looking at Skype’s privacy policy today, it’s clear the company is certainly in a position to hand over at least some user communications to authorities if requested.

PC World points out that there could be flaws to Slate's conclusions though:

The problem with that theory is a) Microsoft applied for this "Legal Intercept" patent two years before it acquired Skype, and 2) the patent doesn't really say much about how the technology would actually work, let alone bust through Skype's 256-bit AES end-to-end encryption.

PC World states original claims by hackers that the network technology changes made by Skype were to create a wiretapping backdoor has resulted in people "jumping right on the paranoia pony and riding it to the finish line." It points out that Microsoft denied these claims at the time saying its network updates were to improve service and security.

Still, with wiretapping and online communication tracking finding its way into the media many times of late, it's not just that Skype could be providing law enforcement with user communications that's disconcerting. As Slate puts it, "it’s that Skype isn’t being candid about the status of its relationship with law enforcement." PC World echos this sentiment saying Microsoft should consider issuing transparency reports, like Google, and also publish guidelines for how user information could be obtained by authorities following the proper legal channels.

(H/T: Gizmodo)