Skype could force end to wiretapping calls

Security experts are not completely convinced that Skype is as secure as it seems, because the company hasn't made its technology open to review. In the cryptographic community, opening software blueprints to outsiders who can point out errors is considered to be the safest way to go. Because of the complex mathematics involved, a properly designed cryptographic system can be unbreakable even if its method is known to outsiders.

But according to Schneier, if Skype's encryption is weaker than believed, it still would stymie the kind of broad eavesdropping that the National Security Agency is reputed to be performing, in which it scans thousands or millions of calls at a time for certain phrases. Even a weakly encrypted call would force an eavesdropper to spend hours of computer time cracking it.

Kurt Sauer, Skype's chief security officer, said there are no "back doors" that could let a government bypass the encryption on a call. At the same time, he said Skype "cooperates fully with all lawful requests from relevant authorities." He would not give particulars on the type of support provided.

The U.S. Justice Department did not respond to questions about its views on Skype's encryption.

Verso's Bannerman notes that Skype calls are decrypted if they enter the traditional telephone network to communicate with regular phones, so a conversation could be intercepted there. Skype does not reveal how many of its calls run on the phone network.

"There are other ways of getting at the conversation than brute-force decryption of the hacking," Bannerman said.

Schneier believes that eavesdropping on the content of calls is not as important to the NSA as tracking the calls, which is still possible with Skype. For instance, if a particular account were associated with a terrorist or criminal, it would be possible to identify his conversation partners.

"What you and I are saying is much less important than the fact that you and I are talking," Schneier says. "Against traffic analysis, encryption is irrelevant."

Steve Bannerman, vice president of marketing at Narus Inc. (he is unrelated to Verso's Bannerman), said his company's systems enable wiretapping of voice calls routed over the Internet, but not those from Skype.

The most that Narus' technology, which is used by telecommunications carriers, can do is identify what type of Skype traffic — voice call, text chat or video conference — is being used, and record the scrambled data for law enforcement officials. From there, he said, "who knows what those guys can do?"

MORE FROM SECURITY

Security Section Front

Framed for child porn — by a PC virus In China, battles over a new wall Spain: Internet-related child porn on the rise Google providing better view of personal data EU agrees on new Internet user rights Red Tape: ‘Fakeosphere’ ads target consumers Internet censorship limits could be set by WTO Cubans say Craigslist-like site is blocked Security center opens to battle computer attacks Reports: N. Korea behind cyberattacks on U.S. Security Section Front   Add Security headlines to your news reader: