Slashdot Mirror
Skype Encryption Stumps German Police
TallGuyRacer writes "German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer, Joerg Ziercke, said. "The encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it. That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted.""
According to this PDF document, Skype encryption is based on open standard (such as AES, SHA-1, etc).
According to this article, our good friends at the NSA "may" have put backdoors in some of the technologies that could be used by Skype.
And, then, according to this other article, it does not matter what technologies you use, if your CPU is wide open to analysis and crypto attacks.
And, of course, there is the question of using a 'secure' communication system on a completely insecure operating system, such as Windows. Why do you think they talk of intercepting the communication before it becomes encrypted? Probably because the vast majority of suspects use Windows. Using Linux, or MacOS, would not be much of an improvement either.
Conclusion? Well, the Bundespolizei (that's German police to you) may not have the means to decipher your skype communications right now. But it's getting there, thank yo uvery much. And there are agencies out there who certainly can, and will.
And what happened to free german crypto? I thought Germany had the only sane policy about crypto in the industrial world?
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Exactly. The Anti-terror craze has long reached German lawmakers, and they are in a rage creating law after law (though not as bad as in the US and UK) and seeing what survives the Bundesverfassungsgericht, the court that decides if laws are against the German Grundgesetz (Basic Law, comparable to the US Constitution).
In the case of the "Federal Trojan", it was decided in 02/07 that such measures are illegal to conduct, and decisions made by the Bundesverfassungsgericht are equivalent to laws. So what they're doing now, they're keeping the discussion (and the fear-mongering) alive and continue to develop the trojan despite it being illegal, in an effort to undermine that decision. Most notorious for this behaviour is, of all people, our Minister of Interior, Wolfgang Schäuble. He repeatedly clamored and still clamors for this and other measures which are explicitely forbidden by the Grundgesetz and the Bundesverfassungsgericht, for example shooting down abducted planes. He's one of the single largest threats to what he has to protect by job description, namely the Grundgesetz.
The grass is always greener on the other side of the light cone.
The term GröFaZ was *not* something you wanted to be caught using when the Nazis were in power. It is a (disrespectful) abbreviation of 'Größte Führer aller Zeiten' (Greatest leader of all times) which was what the Nazi party propaganda machinery used to call their big boss.
Mielipiteet omiani - Opinions personal, facts suspect.
I like the old calculation we had in statistics:
- There is a severe sickness, which only one of 100,000 people gets.
- There is a test for this sickness, which is 99,9% accurate, that means, that the result of only 1 in 1000 persons is wrong. (In reality you have two numbers, one giving how high the rate is to give a false positive, and another one for the false negatives, but for the sake of the calculation we consider them equal).
How high is the chance, after you got tested positive, that you in fact have the severe sickness?
In 99 out of 100 this was a false positive.
The same goes for the search of terrorists.
Terrorists are very seldom, lets say that only 1 in 100,000 persons in Germany is a terrorist (this still gives 800 terrorists living in Germany, far too much compared with the number of terroristic acts committed!). Lets say that the police has means to be 99,9% accurate to tell beforehand if a suspect is a terrorist or not, before asking for secret computer searches.
It still means that in 99 out of 100 cases a complete innocent person's computer will be searched.