Skype Encryption Stumps German Police

TallGuyRacer writes "German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer, Joerg Ziercke, said. "The encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it. That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted.""

Skype unbreakable?

[niceone]

Well, it seems they are not really trying - they are not even talking to Skype about it.
What they want is permission to install spyware - something that is illegal in Germany at the moment:

Ziercke said there was a vital need for German law enforcement agencies to have the ability to conduct on-line searches of computer hard drives of suspected terrorists using "Trojan horse" spyware.

That's the real point of the story, not that Skype is unbreakable.

Re:Skype unbreakable?

[Silver+Sloth]

Indeed. Also from TFA

Spyware computer searches are illegal in Germany, where people are sensitive about police surveillance due to the history of the Nazis' Gestapo secret police and the former East German Stasi. I would hope that they are illegal in any civilised country.

Re:Skype unbreakable?

[GroeFaZ]

Exactly. The Anti-terror craze has long reached German lawmakers, and they are in a rage creating law after law (though not as bad as in the US and UK) and seeing what survives the Bundesverfassungsgericht, the court that decides if laws are against the German Grundgesetz (Basic Law, comparable to the US Constitution).

In the case of the "Federal Trojan", it was decided in 02/07 that such measures are illegal to conduct, and decisions made by the Bundesverfassungsgericht are equivalent to laws. So what they're doing now, they're keeping the discussion (and the fear-mongering) alive and continue to develop the trojan despite it being illegal, in an effort to undermine that decision. Most notorious for this behaviour is, of all people, our Minister of Interior, Wolfgang Schäuble. He repeatedly clamored and still clamors for this and other measures which are explicitely forbidden by the Grundgesetz and the Bundesverfassungsgericht, for example shooting down abducted planes. He's one of the single largest threats to what he has to protect by job description, namely the Grundgesetz.

Re:Skype unbreakable?

[oliverthered]

As a good example,
The US managed to get the UK to agree to deport anyone they asked for in case they were terrorists.

The first people the chose to ask to be deported were a bunch of bankers that had done some dodgy dealings, hardly terrorists.

And what's worse/better is that the US didn't hold up to it's part of the bargain and sign up to a similar agreement.

Re:Skype unbreakable?

[TheRaven64]

It seems to me that, even if it were legal, it would be very hard to admit as evidence in court. If a computer is compromised then the defendant has a good defence against being responsible for anything found or done with the computer. The hard part, usually, is proving that the computer was compromised. If the prosecution are claiming that they are the ones that compromised it then there is no way a decent barrister would fail to convince the jury that their client had absolutely no responsibility for anything done to the computer.

Re:Skype unbreakable?

[ewn]

Well they can already do that now, for example by installing microphones in suspect's homes, but it requires a court warrant and a considerable amount of work. The Bundestrojaner would make snooping simpler, both in technical and in legal terms. And we know that if technology is cheap and simple, it's going to be used more. That is, i think, the government's goal here: gaining the ability to infiltrate a large number of computers, say of a significant percentage of Muslim citizens, or the globalization sceptics of Attac, or any other group that potentially features undesirable behaviour. No court would ever allow such a sweeping surveillance, and the police doesn't have the resources to bug thousands of homes anyway.

Re:Skype unbreakable?

Apparently the Senate was concerned that the UK might use the treaty to extradite IRA members who had fled to the US and that would apparently be a bad thing.

So the US government supports terrorism. Presumably only if it is done by white people with cute accents.

The US people also supported terrorism back in the day (well, those that claim to be Irish), before they understood the actual reality of terrorism.

I doubt the UK government would want to get into the hassle that extraditing any such people would inevitably lead to of course, but if the US is harbouring and protecting terrorists willingly then it really needs to sort out what its story is regarding terrorism.

Re:Skype unbreakable?

[presarioD]

Well, what if it DOES make society safer?

History has repeatedly proven that when a government asks its citizens to give up liberties it is working against making society safer but more absolute and submissive. Can you provide with any example where people who gave up their freedoms became safer? I can cite alot of counterexamples: nazi/fascist/communist governments that miserably failed in all fronts, including safety (the state safety-keeping apparatus turned against the citizens). Now neo-capitalism wants to join the club and they are going to be different exactly why?

Please don't use the words "democracy and freedom" in your answer, I've just eaten...

Re:Skype unbreakable?

[Sique]

There is a big difference between tapping a phone or a search warrant on the one side and a secret search of one's computer.

For a search warrant to be executed the suspect has to be present, or at least an outside witness has to be present. (I don't know about the legal situation in the U.S., but at least in Germany this is the case.)

Phone tapping can't create phone conversations that never happened.

But if you can install a software on a person's computer without him noticing, then you could also put counterbande files like the oh so beloved bomb construction howtos or kiddie porn on the computer.

The main problem with secretly spying on a computer is that it compromises the computer. From a legal point of view material gained with a secret computer search shouldn't be brought to court, because there is no way to prove that the evidence isn't faked.

Re:Skype unbreakable?

[bhima]

I've thought about this idea that the Bundestrojaner would make snooping cheaper and easier. I think it would have another effect: About 15 minutes after they let the first one out into the wild some teenager in Slovenia would publish a CLI app that would detect and disable it or alternately hijack the app to share the contents of the drive on whatever P2P app Slovenian teenagers are into this week. Then everyone who *really* had a reason to make sure they were not infected would have this app and only the average Joe would be out there sharing his hard drive contents with the world.

Re:Skype unbreakable?

[Vlad_the_Inhaler]

The term GröFaZ was *not* something you wanted to be caught using when the Nazis were in power. It is a (disrespectful) abbreviation of 'Größte Führer aller Zeiten' (Greatest leader of all times) which was what the Nazi party propaganda machinery used to call their big boss.

Re:Skype unbreakable?

[Sique]

I like the old calculation we had in statistics:

- There is a severe sickness, which only one of 100,000 people gets.
- There is a test for this sickness, which is 99,9% accurate, that means, that the result of only 1 in 1000 persons is wrong. (In reality you have two numbers, one giving how high the rate is to give a false positive, and another one for the false negatives, but for the sake of the calculation we consider them equal).

How high is the chance, after you got tested positive, that you in fact have the severe sickness?

In 99 out of 100 this was a false positive.

The same goes for the search of terrorists.

Terrorists are very seldom, lets say that only 1 in 100,000 persons in Germany is a terrorist (this still gives 800 terrorists living in Germany, far too much compared with the number of terroristic acts committed!). Lets say that the police has means to be 99,9% accurate to tell beforehand if a suspect is a terrorist or not, before asking for secret computer searches.

It still means that in 99 out of 100 cases a complete innocent person's computer will be searched.

Re:Skype unbreakable?

[Dogtanian]

I think that comment is too broad reaching. Specifically, the senators from New York and Massachusetts, where the Irish-American political influence is strongest, opposed this extradition treaty. That's the ultimate hypocritical irony. You'd think that New Yorkers would be less inclined to support terrorists after 9/11, but it looks like the old double standard is still in place. Or at least if there are a few votes in it.

The rest of the country didn't care, but it was never high on the U.S. priorities. They probably didn't care because the UK had already enacted its side of the bargain. Frankly, the UK government should have shoved this alleged agreement to the bottom of the pile until the US stopped trying to appease a (supposedly) tiny minority of sentimentalist fuckwits.

And frankly, if the rest of the country didn't care about this anti/pro-terrorism double standard and blocking their side of a bargain that was supposed to be in their interest, then they're just as guilty.

Can you imagine what would have happened if- during the 1980s- an organisation had tried to kill senior members of the U.S. government, including the president, and had come damn close to succeeding? And the UK had continued to allow fundraising for this organisation? That's exactly what happened in reverse with the IRA, and it defies belief that there was so little diplomatic fall-out- and it's also damn obvious that if the Americans were victims this would never happen in reverse.

And years later, when it's the US's turn to suffer the effects of terrorism, and the sycophantic UK government led by that contemptible poodle, Tony Blair, is going along with virtually *everything* their government wants, the US is still letting a bunch of sentimentalist IRA-sympathising scum and hypocritical vote-seeking senators dictate the same old double standards?

Seriously, this is beneath contempt.

Re:Skype unbreakable?

[TooMuchToDo]

If the police can compromise a computer, then anyone else with the right tools can. Therefore, anything found on the computer should not be admissible as there's no way to verify who (myself, the police, or a remote malicious user) has manipulated the contents of the PC.

Re:Skype unbreakable?

[corsec67]

Especially since the police hack could introduce other vulnerabilities into the system that makes it easier for other people to exploit.

Great

[dalmiroy2k]

Not only Skype gives us free, multiuser lag-free video conference with excellent quality, now we know our conversations are private.
I have nothing to hide, but nothing to share either.

Re:Great

[paulhar]

Assumption: this isn't dis-information designed to make us all feel safer about using Skype's encryption

isn't that the point of encryption?

[petes_PoV]

encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it.

Whether it's the police or just some nosey old git (Q: how can you tell the difference?) who's eavedropping on your conversation, the point is that only the person you're talking to should be able to decrypt the data.

If the police don't like that, that can always try to outlaw it - or require that keys are made available to them.

The problem you get then is people who "spoof" an encrypted datastream by just sending random numbers (tho' not from a Microsoft source as we've recently been told) down the line.
How do you know when a stream of apparently encrypted data has been decoded anyway?

Re:isn't that the point of encryption?

[sid77]

If the police don't like that, that can always try to outlaw it

If cryptography is outlawed, bayl bhgynjf jvyy unir pelcgbtencul.

Good Police Work

[hanssprudel]

This is a good thing. Having to install monitoring at the source or destination means an operation that requires effort and, hopefully, a court order. This means that their is judicial oversight, and that to catch criminals police have to do, you know, police work rather than just sitting around spying on us.

Ubiquitous encryption does not make law enforcement impossible. It just makes indiscriminate law enforcement impossible.

Plenty of attacks left, thank you very much

[Noryungi]

According to this PDF document, Skype encryption is based on open standard (such as AES, SHA-1, etc).

According to this article, our good friends at the NSA "may" have put backdoors in some of the technologies that could be used by Skype.

And, then, according to this other article, it does not matter what technologies you use, if your CPU is wide open to analysis and crypto attacks.

And, of course, there is the question of using a 'secure' communication system on a completely insecure operating system, such as Windows. Why do you think they talk of intercepting the communication before it becomes encrypted? Probably because the vast majority of suspects use Windows. Using Linux, or MacOS, would not be much of an improvement either.

Conclusion? Well, the Bundespolizei (that's German police to you) may not have the means to decipher your skype communications right now. But it's getting there, thank yo uvery much. And there are agencies out there who certainly can, and will.

And what happened to free german crypto? I thought Germany had the only sane policy about crypto in the industrial world?

yes, it's not rot13

[borkee]

and german police is not alan turing, obviously

Don't throw me in dat dere briar patch!

[fishdan]

We cannot break Skype encryption, and we have publicly announced that, so it's perfectly safe for you to keep on using it! Really!

Snatch 2007

[moro_666]

couldn't resist. this is just so "snatch" :

Turkish: F*ck me, hold tight. What's that?
Tommy: It's me belt, Turkish.
Turkish: No, Tommy. There's a Skype in your trousers. What's a Skype doing in your trousers?
Tommy: It's for protection.
Turkish: Protection from what? "Zee Germans"? ;-)

It's all about building trust..

[OlivierB]

Oh noes, the police can't decipher Skype! We're all gonna die!
Yeah right.
If you are paying attention, Skype is incorporated in Luxembourg, which is part of the EU, just like Germany (they actually share borders).
Do you think the EU would allow for some European company to provide tools to "terrorists" without having eavesdropping ability?

Now for the real story; German Police is putting on a little show so people actually trust *more* the closed-source Skype software.

If the German Police had no way of eavesdropping they would either (a) Shut up about it or (b) Actually say they have supercomputers that can decipher anything (even if this is not true). (a) or (b) would create enough FUD for "terrorists" to actually distrust Skype as a communication medium.

This is all spin doctor speak, and I would never trust Skype for sensitivie material communications. The Zfone project http://zfoneproject.com/ is a much more secure system.

Smells like BS to me

[DrXym]

Even assuming the crypto is perfect, the police would still be able to infer a lot from who is calling who. A terrorist communicating with another terrorist, shows they know each other, where they are in the world, what their calling routines are (frequency, time, who they call next), the length of conversation and so on. They might even be able to infer who is doing the most talking from the amount of traffic in each direction. All without knowing the actual conversation text.

And that assumes the crypto is perfect and the police / intelligence services are incapable of decrypting it, playing man in the middle, or failing that installing a trojan, or planting a bug, or listening through a wall or whatever.

It sounds like BS. Even perfect crypto gives them more information that they had to begin with. It sounds like they want to have their cake and eat it too.

I'm concerned about my uncles dog.

[forgoil]

Are they really thinking that they can thwart terrorists and such with this kind of surveillance? Any nonsense sentence can be a code to act, it's been used for ages. The idea of the intelligence organization sitting in cubicles and spying from a chair is bound to fail, and has failed many times over. So this is both useless, and effectively is spying on a countries citizens. This is what Stasi did, this is classic KGB, it smells of Gestapo, is this what we call freedom? Privacy is more important than it has ever been, and we will fight for it, and declaring war on your own people because they want their privacy is just as bad as the terrorists and the mafia.

Idiots, Skype decrypts calls for all authorities!

[barwasp]

Skype is a telecommunications company and for having their teleoperator license required to allow wiretaps for law enforcement purposes - so it works also in USA. Or do you thing that USA would just allow osama bin laden to host conference calls with wannabe terrorists using Skype. In fact Skype clearly admits that they decrypt the calls for all requesting authorities.

Kurt Sauer, Skype's chief security officer, said there are no "back doors" that could let a government bypass the encryption on a call. At the same time, he said Skype "cooperates fully with all lawful requests from relevant authorities." He would not give particulars on the type of support provided. The german police just wants to install trojan horses for monitoring the germans. If the polizei were really after those encrypted skype calls they would just sue skype, and not be whining their lack of skills in public.