Slashdot Mirror
Skype Encryption Stumps German Police
TallGuyRacer writes "German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer, Joerg Ziercke, said. "The encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it. That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted.""
when technology allows brain implants and wireless brain-to-brain communication. Oh joy.
The grass is always greener on the other side of the light cone.
Oh noes, the police can't decipher Skype! We're all gonna die!
Yeah right.
If you are paying attention, Skype is incorporated in Luxembourg, which is part of the EU, just like Germany (they actually share borders).
Do you think the EU would allow for some European company to provide tools to "terrorists" without having eavesdropping ability?
Now for the real story; German Police is putting on a little show so people actually trust *more* the closed-source Skype software.
If the German Police had no way of eavesdropping they would either (a) Shut up about it or (b) Actually say they have supercomputers that can decipher anything (even if this is not true). (a) or (b) would create enough FUD for "terrorists" to actually distrust Skype as a communication medium.
This is all spin doctor speak, and I would never trust Skype for sensitivie material communications. The Zfone project http://zfoneproject.com/ is a much more secure system.
Artificial intelligence is no match for natural stupidity
As a good example,
The US managed to get the UK to agree to deport anyone they asked for in case they were terrorists.
The first people the chose to ask to be deported were a bunch of bankers that had done some dodgy dealings, hardly terrorists.
And what's worse/better is that the US didn't hold up to it's part of the bargain and sign up to a similar agreement.
thank God the internet isn't a human right.
Why? If the police can, in extreme situations, apply to a court for a warrant to search a suspect's house, open their mail or tap their phone - and the US and almost every other country allows this - why shouldn't they be able to search a suspect's computer?
In Germany, secret searches of homes are prohibited. IRC, they have to happen in the presence of a member the household, or a neighbour. The telephone, mail and internet communication are not part of the home, and can be secretly monitored under the observation of a judge. The suspect has to be informed afterwards. The home enjoys a much stronger constitutional protection than communication.
Of course, the ministry of interior and the police argue, that they can't stop the terrorists, if they can't secretly hack the computer and monitor their communication.
And of course, it will only be used for severe crimes. Normal people have nothing to fear.
"Between strong and weak, between rich and poor [...], it is freedom which oppresses and the law which sets free"
I've thought about this idea that the Bundestrojaner would make snooping cheaper and easier. I think it would have another effect: About 15 minutes after they let the first one out into the wild some teenager in Slovenia would publish a CLI app that would detect and disable it or alternately hijack the app to share the contents of the drive on whatever P2P app Slovenian teenagers are into this week. Then everyone who *really* had a reason to make sure they were not infected would have this app and only the average Joe would be out there sharing his hard drive contents with the world.
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
The possibility of terrorists using skype is there yes, but right now according to most police forces IMHO is increasingly through use and throw sim cards over plain vanilla cellular networks.
And without any encryption to boot, most conversations are phrases within local dialects which listed out would mean anything from a shopping list to a planned assasination. The point here is rather than spying on the content its the point of origin and the investigative techniques used by most third world countries today that'll help. And definitely not the backdoors left in most protocols used by skype et. all by all the three letter agencies.
The type of curbs being tried by the German Police would essentially be useful against big time money laundering and crimes similar in vein.
The idea of compromised is a subjective term in most situations. When the Government or police do it, it is a tool, when credit card number spamer is doing it, it is compromised.
You see, the idea behind the compromised portion deals a lot with the intent of who compromised it. Compromised means that you don't know their intent, what they have done and cannot trust the computer for anything. This wouldn't necessarily be the case when the police do it. At least not in the virgin eyes of the courts who still believe the police wouldn't act in an unlawful manor.
Especially since the police hack could introduce other vulnerabilities into the system that makes it easier for other people to exploit.
If I have nothing to hide, don't search me
Under the US system of law, basically every law is a restriction on rights, and a great many of them make sense and are a necessary basis of a society.
When the tight tools means physical access to the machine or a direct connection through the ISP, then the likelihood of all else drops dramatically.
There is a possibility that everyone whoever has been arrested had been framed, but the likelihood is so small that not everyone claims it nor do others think it. IT would depends a lot on what steps needed to be taken and how likely someone else could take those steps. I could also be possible that the police end up seeing some other party putting the incriminating stuff onto your PC. But ultimately, it would/could be your defense that the computer was infected with something and you couldn't get rid of it. Or something similar to that. We have seen this in the past and it didn't fair to well, remember the schoolteacher who had pornographic popups due to malware on a presentation computer and ended up getting something like 40 years?
First, it should be unbreakable. If the government can crack it, then so can anyone else. There are so many bogeymen on the 'net, that it would be ridiculously irresponsible to deploy an easy-to-break VoIP system.
Second, Skype is very breakable. There's no secure key exchange: Skype is a totally trusted introducer. Government, if you want to break Skype, just ask them to help with your MitM attack.
But that vulnerability should be Skype-only, and a "serious" VoIP system should be quite resistant. IMHO, phone apps should be built on OpenPGP, except also include some kind of OTP support since most people talk to people they regularly meet in real life. (Actually, I sort of think we need OpenPGP to be expanded to include a standardized OTP.)
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.