Skype Encryption Stumps German Police

TallGuyRacer writes "German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer, Joerg Ziercke, said. "The encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it. That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted.""

Skype unbreakable?

[niceone]

Well, it seems they are not really trying - they are not even talking to Skype about it.
What they want is permission to install spyware - something that is illegal in Germany at the moment:

Ziercke said there was a vital need for German law enforcement agencies to have the ability to conduct on-line searches of computer hard drives of suspected terrorists using "Trojan horse" spyware.

That's the real point of the story, not that Skype is unbreakable.

Re:Skype unbreakable?

[Silver+Sloth]

Indeed. Also from TFA

Spyware computer searches are illegal in Germany, where people are sensitive about police surveillance due to the history of the Nazis' Gestapo secret police and the former East German Stasi. I would hope that they are illegal in any civilised country.

Re:Skype unbreakable?

[OrangeTide]

Governments often tell us that there is some threat that they want to protect us from, and if we just give up a little bit of our freedom they will make society much safer. We fall for this trick over and over again.

Re:Skype unbreakable?

[bug1]

Well, what if it DOES make society safer?
Safer for society as a whole, or safer for the elites ?

is there a balance of some sort to be found?
A perception of balance... balance according to which perspective ?

What's a good place to draw the line?
Does there have to be a "line", can freedom vs security be seen in black and white ?

People always repeat the "he who sacrifices liberty for security..." line, but what would a better solution be?
Those with power will always say they need more of it, how can those with power be prevented from abusing it ?

Zero policing?
Is there any point having laws if they aren't enforced ?

No laws?
If there were no state imposed laws would human behaviour still be government by morality/ethics, are they laws ?

Absolute freedom?
Is freedom a state of mind ?

Would that mean complete chaos and anarchy, and if so, is the freedom still worth it?
Does anarchy imply chaos, or just a lack of authority ?
Do humans have the ability to abandon all order ?
How would you describe chaos in a society ?
Is freedom an abstract concept, if so, on what terms do you value it ?

Why?
I could answer that, but i have to go.

I look forward to rexchanging opinions again in the future.

Re:Skype unbreakable?

[vrai]

And what's worse/better is that the US didn't hold up to it's part of the bargain and sign up to a similar agreement.

Not that I'm defending this treaty in anyway, nor the period during which it was unilateral, but the US Senate signed off on it last year. Apparently the Senate was concerned that the UK might use the treaty to extradite IRA members who had fled to the US and that would apparently be a bad thing.

Re:Skype unbreakable?

[TheRaven64]

It seems to me that, even if it were legal, it would be very hard to admit as evidence in court. If a computer is compromised then the defendant has a good defence against being responsible for anything found or done with the computer. The hard part, usually, is proving that the computer was compromised. If the prosecution are claiming that they are the ones that compromised it then there is no way a decent barrister would fail to convince the jury that their client had absolutely no responsibility for anything done to the computer.

Re:Skype unbreakable?

[ewn]

Well they can already do that now, for example by installing microphones in suspect's homes, but it requires a court warrant and a considerable amount of work. The Bundestrojaner would make snooping simpler, both in technical and in legal terms. And we know that if technology is cheap and simple, it's going to be used more. That is, i think, the government's goal here: gaining the ability to infiltrate a large number of computers, say of a significant percentage of Muslim citizens, or the globalization sceptics of Attac, or any other group that potentially features undesirable behaviour. No court would ever allow such a sweeping surveillance, and the police doesn't have the resources to bug thousands of homes anyway.

Re:Skype unbreakable?

Apparently the Senate was concerned that the UK might use the treaty to extradite IRA members who had fled to the US and that would apparently be a bad thing.

So the US government supports terrorism. Presumably only if it is done by white people with cute accents.

The US people also supported terrorism back in the day (well, those that claim to be Irish), before they understood the actual reality of terrorism.

I doubt the UK government would want to get into the hassle that extraditing any such people would inevitably lead to of course, but if the US is harbouring and protecting terrorists willingly then it really needs to sort out what its story is regarding terrorism.

Re:Skype unbreakable?

[presarioD]

Well, what if it DOES make society safer?

History has repeatedly proven that when a government asks its citizens to give up liberties it is working against making society safer but more absolute and submissive. Can you provide with any example where people who gave up their freedoms became safer? I can cite alot of counterexamples: nazi/fascist/communist governments that miserably failed in all fronts, including safety (the state safety-keeping apparatus turned against the citizens). Now neo-capitalism wants to join the club and they are going to be different exactly why?

Please don't use the words "democracy and freedom" in your answer, I've just eaten...

Re:Skype unbreakable?

[Sique]

There is a big difference between tapping a phone or a search warrant on the one side and a secret search of one's computer.

For a search warrant to be executed the suspect has to be present, or at least an outside witness has to be present. (I don't know about the legal situation in the U.S., but at least in Germany this is the case.)

Phone tapping can't create phone conversations that never happened.

But if you can install a software on a person's computer without him noticing, then you could also put counterbande files like the oh so beloved bomb construction howtos or kiddie porn on the computer.

The main problem with secretly spying on a computer is that it compromises the computer. From a legal point of view material gained with a secret computer search shouldn't be brought to court, because there is no way to prove that the evidence isn't faked.

Re:Skype unbreakable?

[Dogtanian]

I think that comment is too broad reaching. Specifically, the senators from New York and Massachusetts, where the Irish-American political influence is strongest, opposed this extradition treaty. That's the ultimate hypocritical irony. You'd think that New Yorkers would be less inclined to support terrorists after 9/11, but it looks like the old double standard is still in place. Or at least if there are a few votes in it.

The rest of the country didn't care, but it was never high on the U.S. priorities. They probably didn't care because the UK had already enacted its side of the bargain. Frankly, the UK government should have shoved this alleged agreement to the bottom of the pile until the US stopped trying to appease a (supposedly) tiny minority of sentimentalist fuckwits.

And frankly, if the rest of the country didn't care about this anti/pro-terrorism double standard and blocking their side of a bargain that was supposed to be in their interest, then they're just as guilty.

Can you imagine what would have happened if- during the 1980s- an organisation had tried to kill senior members of the U.S. government, including the president, and had come damn close to succeeding? And the UK had continued to allow fundraising for this organisation? That's exactly what happened in reverse with the IRA, and it defies belief that there was so little diplomatic fall-out- and it's also damn obvious that if the Americans were victims this would never happen in reverse.

And years later, when it's the US's turn to suffer the effects of terrorism, and the sycophantic UK government led by that contemptible poodle, Tony Blair, is going along with virtually *everything* their government wants, the US is still letting a bunch of sentimentalist IRA-sympathising scum and hypocritical vote-seeking senators dictate the same old double standards?

Seriously, this is beneath contempt.

Re:Skype unbreakable?

[ReeceTarbert]

apply to a court for a warrant

You've just answered the question yourself: without a search warrant, the scope for abuse is immense.

Of course there are the usual, broad categories (terrorist, pedophiles, criminals, etc.) that make it sound as the sensible thing to do, but once you grant such sweeping powers, what's preventing the police to use them to spy on political opponents, activists, or anyone else who just happens to "think different"?

RT
--
Your Bookmarks. Anywhere. Anytime.

Re:Skype unbreakable?

[TooMuchToDo]

If the police can compromise a computer, then anyone else with the right tools can. Therefore, anything found on the computer should not be admissible as there's no way to verify who (myself, the police, or a remote malicious user) has manipulated the contents of the PC.

Re:Skype unbreakable?

[Mattsson]

It's rather obvious that what you regarded as terrorism depends on who you are.
There isn't many who see themselves as evil terrorists who's only goal is to murder and destroy.
They see themselves as freedom fighters, holy warriors, the peoples saviors, etc, etc.
Those who get shot, bombed, maimed, etc, see them as terrorists and any who support them as supporters of terrorism.

Re:Skype unbreakable?

[TooMuchToDo]

Ah, but the police can't guarantee that the "patch" they install, nor their initial malware install isn't open to vulnerabilities.

Re:Skype unbreakable?

[Kattspya]

Hmmm... If it was Keitel that coined the term he probably didn't mean it in a negative sense. Keitel is probably one of the greatest yes-men ever. It's not so surprising that he was the author of that sentence only he was serious. It looks like the ones who didn't like Hitler took that phrase and ran with it.

Re:Skype unbreakable?

[neomunk]

I'll go through the list, but first let me state that most REASONABLE laws are a balance between two parties' freedoms, not a trade off between liberty and security. There have been many unreasonable laws implemented (as the GP points out) and you offer quite a few of them in your list. Here we go, point by point:

Yelling "fire" in a crowded theater?

Actually, look up the origins of this ole' gem. It was coined in an attempt to stifle political dissent, not a very good example of enhancing security. In the LITERAL case of yelling fire in a crowded theater, you are infringing upon other people's essential freedom of reasonable safety. By putting other people at risk of personal harm you are doing more infringing than you are expressing, and the law demonstrates proper balance.

I know, some of you are going to point out that "people's essential freedom of reasonable safety" is the same thing as security. The difference is a matter of quantification. Figuring HOW MANY people are you prevented from losing the freedom of REASONABLE (it's caps because it's important) safety, balanced against the freedoms you are limiting in the attempt is a little easier to get your hands on than 'what about the children?!?', if you catch my drift. In most cases today when you see the balance of safety/liberty being called into question, it's almost always obvious which side is more reasonable just my doing the math. You know, things like (number of people hurt by terrorism)/(number of people wiretapped) and so forth. Patterns start to emerge, and the results are starting to look obscenely lopsided.

The rights of states to secede from the Union?

That had nothing to do with security, and everything to do with economics and nationalism. No balance between freedom and security to find here, only a balance between freedom and economic and social factors.

The right to own slaves?

Again, you have no right to infringe on other people's rights. Any laws written in such a vein are tools of oppression/division. And how EXACTLY does this particular infringement of freedoms make people safer? That's an odd proclamation to make.

The right to marry multiple women?

Again, where does this have anything to do with security? And what about the right to marry multiple MEN? I don't understand at all where you're going with this question, it's just another example of a law designed to make the population more submissive to authority.

The right to fuck children?

Again, this is a serious infringement of someone else's rights. You are doing serious harm to a child by 'fucking' them, thus infringing on their liberties in a manor grossly outweighing any expressions of freedom you may claim.

The right to freely use/purchase/sell heroin?

Here's where you come close (still no cigar). In my personal opinion, this is another case of bad law. You should have absolute sovereignty over what substances enter/do not enter your system. However I CAN UNDERSTAND (though still disagree with) the argument that heroin use increases the chance of committing other crimes. In this case it is STILL bad law, because it's making illegal the increase probability of infringement of other's rights, not actual infringement.

The right to plot the assassination of the President of the Unites States?

FFS, this is ludicrous. First, if it IS illegal to plot such a thing with NO INTENTION of acting upon it then that is bad law at it's shiniest. Second, if you're planning to DO such a thing you're (of course) attempting to infringe on another person's essential right to life. Can you figure out the balance here?

The right to kill for any arbitrary reason?

I've covered this in sufficient detail.

The right to cross the highway on foot?

You're infringing on other's rights to properly use the equipment they own (have paid for), their rig

Re:Skype unbreakable?

[Alsee]

You have a stable society when some nut guns down a schoolyard and the law does not change.

I happen to live in New York. I for one refuse to allow terrorists to terrorize. I for one refuse to cower in fear. Terrorists can kill a number of people - any drunk nut with an automatic weapon in a schoolyard or a mall can kill a number of people. However terrorists cannot destroy America. Only Americans can destroy America - fearmongering powermongering gestapo-police-state idiots terrorizing fellow Americans into destroying America.

It's funny how it was New York that got hit on 9/11, but how New Yorkers are some of the loudest voices objecting to fearmongering and objecting to surrendering freedom in the name of police-state security measures.

I live in New York. I refuse to be terrorized. We need to pursue and combat terrorists - be we need to do it in a pre-9/11 world with a pre-9/11 mindset and pre-9/11 laws.

First you ensure rights and civil liberties and limits on government powers, and then and only then do you pass laws and allow police to pursue criminals within those constraints. It would certainly be easier for the police to prevent crime and catch criminals in they could engage in warrantless searches and seizures and wiretaps, it would indeed make us safer from common criminals. But no, "actually making society safer" is not an acceptable or tolerable justification. First you ensure rights and civil liberties and limits on government powers. If the police then overstep those bounds, if for example the police obtain evidence without a proper search warrant, then the evidence is thrown out of court and the criminal goes free. And setting the criminal free is the correct response, because a government which itself has become criminal is a far more dangerous thing than any criminal individual. Sometimes liberties and rights are a nuisance and impediment to police fighting crime and catching criminals, oh well, too bad.

Terrorists have failed to terrorize me, but some of my fellow Americans have me scared shitless. People who advocate fear, people who use it as an argument to surrender their own liberty and rights, and to forcibly revoke OTHER PEOPLE's liberties and rights, to destroy America.

Warrantless wiretaps. Free Speech Zones. Arbitrary non-judicial National Security Letters. Denial of Habeas Corpus. A president who calls the Constitution a "Goddamn peice of paper". Torture.

NO, it is not worth it. NO, NOT even if it "does make society safer".

P.S.
I wrote first hand as an American and in relation to specific issues of my fellow Americans, but the message itself is intended to be global. There are frighteningly many people all across the globe who like police states and who think it is a grand idea for themselves to infringe the rights and liberties of others in the name of security. It was just easier to speak in a first hand context, with 9/11 potentially becoming America's own version of the Reichstag fire. Violating rights and liberties and instituting police state measures is a global pattern, fearmongers who wish to institute such measures in the name of security are the real enemy. They need to be fought from the start, for the process and the government powers feed upon themselves and it becomes increasingly difficult if not impossible to oppose them after they have gotten rolling.

-

Great

[dalmiroy2k]

Not only Skype gives us free, multiuser lag-free video conference with excellent quality, now we know our conversations are private.
I have nothing to hide, but nothing to share either.

Re:Great

[paulhar]

Assumption: this isn't dis-information designed to make us all feel safer about using Skype's encryption

isn't that the point of encryption?

[petes_PoV]

encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it.

Whether it's the police or just some nosey old git (Q: how can you tell the difference?) who's eavedropping on your conversation, the point is that only the person you're talking to should be able to decrypt the data.

If the police don't like that, that can always try to outlaw it - or require that keys are made available to them.

The problem you get then is people who "spoof" an encrypted datastream by just sending random numbers (tho' not from a Microsoft source as we've recently been told) down the line.
How do you know when a stream of apparently encrypted data has been decoded anyway?

Re:isn't that the point of encryption?

If the police don't like that, that can always try to outlaw it - or require that keys are made available to them.

They're police. They can just get a warrant and setup a bug in the place of interest, or use one of those microphone systems that can sit across the street and listen in by observing the fluctuations in a window.

Sorry, but surveillance shouldn't be easy.

Good Police Work

[hanssprudel]

This is a good thing. Having to install monitoring at the source or destination means an operation that requires effort and, hopefully, a court order. This means that their is judicial oversight, and that to catch criminals police have to do, you know, police work rather than just sitting around spying on us.

Ubiquitous encryption does not make law enforcement impossible. It just makes indiscriminate law enforcement impossible.

Re:Plenty of attacks left, thank you very much

[SerpentMage]

Yeah I think they can't break the encryption, and not because they can't break the encryption itself. But if you read the article look at what it says.

>> Experts say Skype and other Voice over internet Protocol (VoIP) calling software are difficult to intercept because they work by breaking up voice data into small packets and switching them along thousands of router paths instead of a constant circuit between two parties, as with a traditional call.

That's the real problem. The packets are scattered all over the place and they can get a lock on the data. They probably can break the encryption but then they would only get piecemeal information sort like, "Plan " ... " meet " .... " blow " ... " place "... Which could mean "Plan A is to meet tomorrow and blow the place beside the train station... " OR "Plan to meet tomorrow at the new pub, and blow the old place like a pop stand." Same missing words, two entirely different meanings...

Interesting... You could develop an encryption where fifteen people talk and give pieces of the sentence and the meaning is only apparent when you piece everything together....

Getting Through the Encryption Not the Story

[segedunum]

Getting through the encryption is not the story here. What they want to do is this:

"There are no discussions with Skype. I don't think that would help," he said, adding that he did not want to harm the competitiveness of any company. "I don't think that any provider would go for that."

If you are talking about getting to data after encryption, or before, why wouldn't you talk to Skype?

Ziercke said there was a vital need for German law enforcement agencies to have the ability to conduct on-line searches of computer hard drives of suspected terrorists using "Trojan horse" spyware.

This is completely unrelated to being able to tap encrypted communications. This is on a whole different level, and contravenes many laws brought into many countries for spyware and data protection.

These searches are especially important in cases where the suspects are aware that their internet traffic and phone calls may be monitored[?????!!!!!!] and choose to store sensitive information directly on their hard drives without emailing it.

God only knows what this means.

Ziercke said worries were overblown and that on-line searches would need to be conducted only on rare occasions.

How would they propose to do this, and get 'software' installed undetected?

"We currently have 230 proceedings related to suspected Islamists," Ziercke said. "I can imagine that in two or three of those we would like to do this."

Well, being an Islamist or belonging to some other group is not a crime, and I dare say if you searched many peopless hard drives for stuff about bombs and explosives then you could find something. That doesn't mean that they're going to do anything.

This is yet another old and decrepit security services organisation, worried about its future, worried about its funding, people who are worried about their jobs and worried about its place in the world.

Re:Getting Through the Encryption Not the Story

[bhima]

"Islamist" is newspeak for a militant extremist Muslim. In my mind, because it lacks militant or extremist, it is double plus ungood.

I hear it on the English language news broadcast in Austria / Germany all the time. Don't they use it in the US?

Suspicious Minds

[LordMidge]

The first thing I though was if I could hack a telephone system out of many what would I do?
Tell everyone I can't and get as many people using that system so that I can listen in onto as many as possible.
I'll go put my tinfoil hat on again now.

Re:Plenty of attacks left, thank you very much

[deroby]

WOOHOOOHOOO, I'm sooo scared now.

So what if Skype alters my Firewall settings : I 've strictly allowed it do do so !
(Tools Menu, Options, Advanced, Connection, [v] Allow Skype to modify my firewall settings)

Maybe the setting is on by default, not sure, but if it makes my Skype-experience any better, I don't see why I we have to 'create panic' like this ...
If you don't want any open ports, then don't install software that needs it in the first place, period.

Sigh.

Smells like BS to me

[DrXym]

Even assuming the crypto is perfect, the police would still be able to infer a lot from who is calling who. A terrorist communicating with another terrorist, shows they know each other, where they are in the world, what their calling routines are (frequency, time, who they call next), the length of conversation and so on. They might even be able to infer who is doing the most talking from the amount of traffic in each direction. All without knowing the actual conversation text.

And that assumes the crypto is perfect and the police / intelligence services are incapable of decrypting it, playing man in the middle, or failing that installing a trojan, or planting a bug, or listening through a wall or whatever.

It sounds like BS. Even perfect crypto gives them more information that they had to begin with. It sounds like they want to have their cake and eat it too.

I'm concerned about my uncles dog.

[forgoil]

Are they really thinking that they can thwart terrorists and such with this kind of surveillance? Any nonsense sentence can be a code to act, it's been used for ages. The idea of the intelligence organization sitting in cubicles and spying from a chair is bound to fail, and has failed many times over. So this is both useless, and effectively is spying on a countries citizens. This is what Stasi did, this is classic KGB, it smells of Gestapo, is this what we call freedom? Privacy is more important than it has ever been, and we will fight for it, and declaring war on your own people because they want their privacy is just as bad as the terrorists and the mafia.

Re:Don't throw me in dat dere briar patch!

[Fzz]

This is exactly what I would proclaim if I was able to decrypt the traffic and want users to think that I couldn't. Maybe not all whatever terrorists would fall for this but some would.

But then again, maybe they're smarter than this. Maybe they really can't break it. But they want you to think they can break it, so they tell you they can't, because they know terrorists (and slashdotters) always expect the government to try and mislead them. Great way to undermine confidence in Skype in circles of suspicious users, without causing problems for the regular users. You obviously fell for it :-)

Idiots, Skype decrypts calls for all authorities!

[barwasp]

Skype is a telecommunications company and for having their teleoperator license required to allow wiretaps for law enforcement purposes - so it works also in USA. Or do you thing that USA would just allow osama bin laden to host conference calls with wannabe terrorists using Skype. In fact Skype clearly admits that they decrypt the calls for all requesting authorities.

Kurt Sauer, Skype's chief security officer, said there are no "back doors" that could let a government bypass the encryption on a call. At the same time, he said Skype "cooperates fully with all lawful requests from relevant authorities." He would not give particulars on the type of support provided. The german police just wants to install trojan horses for monitoring the germans. If the polizei were really after those encrypted skype calls they would just sue skype, and not be whining their lack of skills in public.

Hanlon's Razor

[Moraelin]

While normally I would encourage a moderate dose of paranoia, I'd also recommend it to be balanced by Hanlon's Razor: never attribute to malice, that which is adequately explained by stupidity.

This being Germany, for a start you have to realize that the police doesn't seem to be particularly incline toward conspiracies, nor any good at it. They're also (still) more monitored than what, judging by the news coming from the USA, seems to be the case with the FBI and CIA. These guys will tell you up front that they want stuff like the "federal trojan". Then it gets struck down as unconstitutional, lather, rinse, repeat.

At any rate, they're not the kind who'll do a backroom deal with some ISP to do it in stealth and secrecy. They're very open in requesting to be allowed to do all sorts of stupid stuff. Which I guess is the whole idea in a democracy and rule of the law.

Also, well, I don't know which particular group tried to crack skype, but the general stereotype about German public servants is... not very flattering. Not that they're evil or insidious, mind you. They tend to actually be nice people. More like just thoroughly lazy, incompetent, underworked, underachieving... you get the idea. Some more extremely than others. There's a whole category of jokes about them.

So, well, going by the stereotype, I'd really go by Hanlon's Razor there. There's a possibility that they genuinely don't have anyone who can crack anything above ROT13.