The NSA Can Listen to Skype Calls (Thanks to Microsoft)

| Analysis

While Skype calls used to be secure from government or private snooping, changes made by Microsoft have made it possible for the government(s) to do just that. According to documents obtained from whistle-blower Edward Snowden by UK newspaper The Guardian, the U.S.'s National Security Agency is bragging about it.

LIstening in on Skype

According to the newspaper, Microsoft worked closely with the NSA to allow the agency to circumvent the encryption used by Skype. NSA documents boasted of the inclusion of Skype into its PRISM dragnet surveillance system, calling it a "team sport" to share Skype data between the FBI and the CIA.

Part of this change was based on Microsoft's decision to move Skype from more of a peer-to-peer communications system to a server-based service. By doing so, the company put the encryption in the hands of the servers, which then allowed the company to hand the keys of that encryption over to the NSA.

Microsoft made this change in part because if the growing needs of mobile users who might need push notifications and other server-side services for apps that might be running in the background or not be turned on.

CNet's Declan McCullagh noted that in 2008, before Microsoft bought Skype from Ebay, Skype spokespersons claimed that the peer-to-peer encryption techniques used by Skype would make it impossible for the company to comply with any government subpoenas for communications records.

Not so much now. The NSA documents say that it can listen in on audio, watch video, and that the metadata (IP addresses of the parties, location, and other information), "looked complete."

It's important to note that Microsoft is allegedly handing over information only when ordered by a court—FISA courts effectively never say no, but that's another issue. The point is that the company made it possible for once-secure messages to be decrypted, and that it did so actively.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

6 Comments Leave Your Own

iJack

The low number of TMO comments today notwithstanding, I am surprised no one has commented on this disgusting government activity. Do you all really not care? Have you become so stupefied by your iToys, that you think it doesn’t affect you also?

Americans used to have some grit, but not here, apparently.

Robbo

I’d say MS bought Skype to allow access to conversations by security organisations. My guess is that Skype was being used frequently by criminals and others because it was so difficult to crack, so something had to be done and MS was the man to get it done.
The way I think about the whole NSA, GHCQ, CIA business, is that if you can only monitor 10% of the traffic, what’s the point if catching the bad guys is your business, so the aim has to be 100% or very close to that. Skype was a big black hole of un-monitored communications and it had to be brought into the fold.
I’d also suggest that steve jobs somehow resisted these guys when they came knocking for back door entries, but with SJ gone, maybe the path became easier. Being a conspiracy artist, I’d also suggest that many of apples woes with governments is connected with their refusal to play ball fully with the NSA etc. Since apple has become a big player all the more important to get them on the team.

Bob Faulkner

>>>because if the growing need
“because of”

skipaq

I don’t use Skype. But this is just another example of the erosion of privacy taking place. Tha sad thing is that most people today think that this is alright. Young people aren’t even aware a change has taking place. To most of them it has always been this way.

ibuck

iJack, it’s not apathy. It’s whether this is the best forum for displaying our horror at our government’s abuse of our rights. It’s probably more productive to contact your elected reps: the President, your Congressman and your US Senators.

iJack

TMO posters are mostly well-educated and articulate.
What better place? Craigslist? Twitter? Facebook?
I don’t think so.

Log-in to comment