Skype Wiretap Nuances

Tools

Skype says it is unable to comply with court-authorized wiretap requests, says News.com. A closer examination of the question and Skype's reply bears examination and thought.

News.com conducted a survey asking a number of big name vendors about the privacy of instant messaging and other services they offer. One of the questions was: "Have you ever received a subpoena, court order or other law enforcement request asking you to perform a live interception or wiretap, meaning the contents of your users' communications would be instantly forwarded to law enforcement?"

Skype's reply with underline emphasis provided by this reporter: "We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request."

Skype doesn't say it hasn't received any requests to perform live interception of phone calls, just that nobody's asked them for Skype-to-Skype communication. This would imply that SkypeIn and SkypeOut, the services that touch the PSTN, might be fair game. The company has said in the past that it cooperates with all lawful requests from "relevant authorities," so a reasonable person might assume that if you're making calls through Skype that touch the PSTN, those calls could be subject to lawful intercept.

However, there's a rolling assumption that peer-to-peer calls that stick to Skype's peer-to-peer network and are encrypted with 256-bit AES are potentially untouchable, while centralized voice/VoIP services operated by Yahoo, AOL, Microsoft and others could be readily tapped.

Fanning the flames of speculation is Skype's closed software architecture and a large body of work by independent researchers that have going through detail reverse engineering of the program and how it works. Since Skype is a "black box," there is no way to know if there's a backdoor of sorts to tap into a client and copy the voice stream to somewhere else or any way to know if such a process was occurring.

For more:
- News.com's speculation that Skype is secure
- For security geeks, a very cool compilation of Skype independent security analysis

Related articles:
Skype resists inter-operability
Skype: Stand-by for violence with open telephony.
Do as we say, not as we do; Skype wants open access to wireless devices