NY Times on VoIP, Skype Profile and the FBI

securitas writes "The New York Times Business section published a longish profile of P2P VoIP startup Skype, founded by the people that brought you P2P file-sharing client Kazaa. Previously the domain of geeks everywhere, this is significant if only because it seems to signal that VoIP is starting to garner mainstream consumer interest and serious business interest. The article discusses Vonage and a Daiwa Securities telecom report that says Skype 'is something to be scared of, and is probably set to become the biggest story of the year.' Critics dismiss it as hype. But Skype faces a potential court battle with the FBI. 'Because traffic over Skype is strongly encrypted and distributed over wide-ranging sources, it could hamper authorities' ability to wiretap.' An FBI spokesman says, '... it is something that we are looking into.' Of course last week's Minnesota federal court ruling that exempts VoIP from traditional telecom legislation doesn't hurt the case for VoIP. The text of the ruling is expected to be available this week. Read the previous Slashdot stories on Skype and the Vonage vs Minnesota case for some background."

Privacy first.

"But Skype faces a potential court battle with the FBI. 'Because traffic over Skype is strongly encrypted and distributed over wide-ranging sources, it could hamper authorities' ability to wiretap.' An FBI spokesman says, '... it is something that we are looking into.' "

Since when does the FBI have the right to wiretap it's citizens? I have the right to privacy when it comes to my communications.

Re:Privacy first.

[BenitoM]

You forgot the difference between an occasional wiretap and ongoing surveilance. Even with encrypted communications, the FBI can still tap lines with a keyboard sniffer. It just takes a black bag job to do so.

The purpose of placing central chokepoints and stopping strong encryption is to permit ubiquitous surveillance. The requirements of CALEA are that something like 1% of all calls must be monitorable. This is a HUGE number - far in excess of the number of wiretap requests. It can only be justified by large scale surveillance of many individuals.

Wiretapping on a scale implied by a prohibition against encrypted long-distance communication is something different than wiretaps ordered for specific criminal cases. It implies a sea change in attitudes about the role of citizens and government. These changes directly contradict the views of the 18th century enlightenment. Security and national defense trump individual rights now.

Wait a minute...

[Entropius]

First, the FBI does not have the right to demand that new systems go out of their way to support snooping--maybe they do legally, but they shouldn't morally.

Second, there are already encrypted real-time internet communications protocols: Secure AIM comes to mind. If this technology gets blocked because it "can't be wiretapped", then something's fishy: it won't let The Terr'ists do anything They couldn't already do.

Wow, sometimes I wonder about this country.

And would you buy a used car from Kazaa?

[heironymouscoward]

Frankly, these guys have a poor reputation: they make a product that is designed to aid breaches of copyright, they use their network to install spyware and possibly worse on their users' computers...

It's hard enough to keep a clean rep (look at Google), but frankly I'd think twice before installing anything with the label "Made by the Guys who Brought You Kazaa!".

I'm saying meteor...

[YanceyAI]

"We think the Skype offering (and whatever may follow it) is akin to a giant meteor hurtling on a collision course toward Earth," the report said.

Other analysts are more skeptical. Eventually, they say, Skype's growth will depend on customers who do not understand peer-to-peer networking or have computer headsets. Moreover, the program works best over broadband connections, which just 16 percent of Americans have at home, according to a May report from the Pew Research Center.

Hmmm. Nice to try to downplay it, but the music industry sure is in an uproar over something that is mostly only for broadband users who know how to use P2P file sharing...namely the swapping of mp3's...and popular music has a smaller base of interested parties. And I don't see that not having a $10 headset is going to cripple the popularity of this.

Everyone uses the phone.

Errr...Ok, Wait a second.

[Bowie+J.+Poag]

Written communication became popular, because it was an improvement over word of mouth. Anyone could learn how to do it. It was free at first, but as it caught on, people payed for the priveledge.

Telegraphy became popular, because it was an improvement over commication by postal mail. Anybody could set it up. At first, it was free, but soon people payed for the priveledge.

Telephones became popular, because it was an improvement over communication by telegraph--It circumvented the charges normally associated with communication by wire. And anybody could do it.

The internet became popular, because it was an improvement over communication by telephone. Relaying information from point to point over a public network was cheaper than calling long-distance, and anybody could do it. Soon, people began paying for the priveldge.

Given our own track record, what on earth makes you think your VoIP service is going to be free? Like any other service, infrastructure is paid for by those accessing it. The networks that make it happen don't build themselves, you know.

Its a novelty for now, sure, but 10-20 years from now, you're going to be doing the same thing you're doing now. Paying someone to communicate a message over their medium.

The idea that VoIP is going to remain a free-as-in-beer alternative to traditional phone networks is a pipe dream. Sure, it's a charmingly optimistic to think so, in a cute sort of pat-you-on-the-head sort of way, but..At the end of the day, the one who pays the piper calls the tune.

Re:Errr...Ok, Wait a second.

[phippy]

For the same reason that highways are (for the most part) free, that's why. When communications are viewed as a way to improve commerce, it will be free. (just like highways)

Re:Errr...Ok, Wait a second.

[JUSTONEMORELATTE]

There's a key difference in VoIP -- it is a very small bandwidth requirement, and other (for-pay) services are driving the installation of very high-bandwidth infrastructure.
Analogies are hard to come by because it's an environment without many parallels. Certainly it won't be free to get broadband just to use VoIP, but if Charter is able to bill you $100+ for your ultra-premium digital cable TV with 10M internet access, do you think it's worth the overhead to try to meter and bill for an additional buck or two of VoIP usage each month?

--

How much do you pay for e-mail?

[univgeek]

Since e-mail is an improvement over snail-mail (and possibly phone-alls), do you see everyone paying for it?

While all the previous improvements you mentioned needed new infrastructure, e-mail and VOIP do NOT!! Introducing new applications on the Internet is easy! That's where the end-to-end, dumb network, smart edge nature of the Internet shines!! And that, my friend is where your analogy breaks down.

Re: Highway analogy

[phippy]

I totally agree, and am happy to see someone working in that space make comments like that.

"the transport company shouldn't care what data I send over the pipe" -- this indeed should be the case, but it's increasingly not. I don't want to digress, but priority is being given not to the type of content (video, audio, web, etc.) like it should, but to the actual content itself, these days.

Closed-Source Crypto Can't Be Trusted.

[billstewart]

There's absolutely no way to trust crypto that you can't inspect. It doesn't have to be GPL-compliant politically-correct Free Software, but you really do need to be able to see the source and the documentation. The problem isn't just that Kazaa has done spyware in the past, though that certainly doesn't increase their trustability. The problem is that with closed-source systems that deliberately don't implement standards, there's no way to tell how much security they're trying to give you whether they've done it competently or not.

For instance, Skype says they're using 256-bit AES to encrypt your voice. That's a really good start, but how do they exchange keys? Is there a way to steal the keys? Is there a way for a man-in-the-middle attack to get both you and the person you're talking with to pass your voice calls or key exchange messages through the attacker? Since it's a supernode-based system, there's a very convenient place to _locate_ a MITM... How do you even verify that the directory entry for the person you're trying to talk to is really theirs? Since Skype's documentation hypes the fact that it's using AES, and doesn't mention public key, that strongly implies there's no public key infrastructure to help you.

Microsoft's original PPTP had at least seven things wrong with its crypto, most of which were related to password handling or crypto key reuse (which is Rule Number 1 for what not to do when you're using RC4 encryption.) Some of their weaknesses were in their fundamental protocols, and some of them in their implementation of their protocols. As far as we can tell, Microsoft was trying to do the right thing, and could afford to hire real engineers, yet they screwed up inexcusably badly. Skype doesn't document their protocols, or their implementation, and at least their marketing people don't understand enough crypto to be able to tell if their engineers have a clue, much less whether there's deliberate spyware included, or who gets to be the spy if there is.