Slashdot Mirror
Microsoft May Add Eavesdropping To Skype
An anonymous reader writes "The U.S. Patent and Trademark Office published a Microsoft patent application that reaches back to December 2009 and describes 'recording agents' to legally intercept VoIP phone calls. The 'Legal Intercept' patent application is one of Microsoft's more elaborate and detailed patent papers, which is comprehensive enough to make you think twice about the use of VoIP audio and video communications. The document provides Microsoft's idea about the nature, positioning and feature set of recording agents that silently record the communication between two or more parties."
It's coming soon...
Damn - I just switched over to Ooma.
Time to start working on an audio stream encryption front end.
Skype has been acting a bit annoying lately, and I can't figure out if I can blame M$ yet...
For example, it has popped on top of my other applications for no apparent reason and it has a large ad on the screen when it does. I'm about to uninstall it, but I want to make sure my rage is justified.
Worse, they'll probably put eavesdropping in the audio path of the PC (where the DRM is now), so that no crypto software on the client end can bypass it.
To the now rather long list of reasons I need to find a convenient IP-POTS skype alternative.
They really have had a bad few months in terms of user experience.
So, when they install tools for our government to spy on us, it's supposed to be a good thing.
And when they do it to help other governments we don't agree with, it's an enemy to democracy and helping to undermine the ability of peaceful protest.
Love the double standard inherent in this. Maybe we can use the stuff the US is working on to stealthily deploy an internet in places to get around 'oppressive regimes' to prevent wholesale, un-tracked monitoring of our communications.
Oh, right, if you call yourselves the good guys, it's all OK. But, make no mistake about it ... this will help the 'Bad Guys' as much as it will help the 'Good Guys' ... China wants to listen to your VOIP too.
Lost at C:>. Found at C.
I don't think twice about using my home phone because the police have ability to intercept it.
I don't think twice about using my cell phone because the police have the ability to intercept it.
This is really is one of those situations that if you aren't doing anything illegal don't worry about it and if you do worry about it find another tool.
Technology, the cause of and solution to all of life's problems.
Oh good. So Microsoft can use this patent to prevent anyone from eavesdropping on VIOP calls.
I'm _SO_ sure that's why they want it.
--Joe
There isn't a shred of evidence that this will be added to Skype. Just because they filed a patent application, doesn't mean anything. Companies file for patents all the time, and is no indication that something will ever be deployed.
Bottom line, this whole headline and story is just pure speculation, and hype. In short, FUD. Slashdot and CmdrTaco should be ashamed for the yellow journalism.
Now only Microsoft products will be able to have this feature! Other developers can just tell the police that adding intercept technology to their VOIP product would be a patent violation.
========
CINC, 4th Penguin Legion
So yes, it implements intercept. Obviously. Just try to sell a VOIP PBX to an operator without intercept.
I would be amazed if skype didn't implement intercept yet.
Zfone is a new secure VoIP phone software product which lets you make encrypted phone calls over the Internet. Its principal designer is Phil Zimmermann, the creator of PGP, the most widely used email encryption software in the world. Zfone uses a new protocol called ZRTP, which has a better architecture than the other approaches to secure VoIP.
* Doesn't depend on signaling protocols, PKI, or any servers at all. Key negotiations are purely peer-to-peer through the media stream
* Interoperates with any SIP/RTP phone, auto-detects if encryption is supported by other endpoint
* Available as a "plugin" for existing soft VoIP clients, effectively converting them into secure phones
* Available as an SDK for developers to integrate into their VoIP applications
* IETF has published the protocol spec as RFC 6189, and source code is published
[...]
http://zfoneproject.com/
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
Jojin and HedgeHog from Bugemos.com made a comic strip about this 2 weeks ago. And it's not their first comic strip prophecy which turned out to be true.
If a privacy technology is insufficient to protect pedophiles and terrorists, then it is insufficiently strong enough for me.
The quality of the technology should transcend the user's choice between good and evil, as the allegation of evil is often done by those who know it well.
Really, I am curious. Does this surprise anyone ?
That argument has been debunked long ago.
The problem is that if any organization has access to it, then the most corrupt or infiltrated agent has access to it.
Any specific information about a person that cause them to be distinguished from the rest can be used against them, if not through due process, then by sport.
If you don't believe me, publish your contact details here.
Whether you have anything to hide in particular is irrelevant.
Why use skype when there are VOIP applications that use standards, are built with open source so can be verified by others, support encryption, and are not controlled by a single large company?
Either I'm getting this horribly wrong or it has been common knowledge that lawful interception capability has been in Skype for ages. It's what made our police (in Germany) stop whining about not being able to catch Terrorist using Skype (something to that tune is also mentioned in Skypes wikipedia article btw. for what it's worth).
Also with Skypes architecture being as it is I'm wondering who could ever think Skype isn't able to intercept any phone call on a whim. Even without access to the data stream endpoints (which in the case of lawful interception isn't a problem) they can easily influence negotiation to make the talk go over a Skype controlled relay. I have yet to see any evidence to the fact that they do not have the capability to recover the keys used to encrypt the calls or influence route negotiation.
Hell they could outright patch a targets Skype to do whatever they want...
Unless you want US and potentially other countries listening in on your calls you better not use Skype. Microsoft buying Skype didn't change one bit about that fact.
The problem with audio stream encryption is that it will be before the compression codec. When you feed uncompressed but encrypted audio into the skype codec expecting voice it either wont' be able to compress it enough to send, or very bad things will happen to the signal and it probably can't be decrypted. If you try compressing it first, then you are still screwed when you try to decrypt it.
In the 80's when CB radio took off people tried building encryptors for that but it pissed the feds off and they got shut down.
Some drink at the fountain of knowledge. Others just gargle.
Enough with these distractions. Let's get back to deriding the Chinks for not upholding human rights if you don't mind...
If calling a man-in-the-middle attack "legal" counts as an innovation, our patent system is more deeply fucked up than I realized...
Step 1, MS puts this into MS-Skype.
Step 2, MS get their paid for lackeys (sorry congress critters) to outlaw any VOIP solution that does not allow Police Interception and specifically required this tech
Step 3, Enforcement. MS-Skype becomes the only legal VOIP solution in the US. ISP's are madated to block any other type of VOIP traffic.
Step 4, MS raises the price of MS-Skype by 500% per minute. Profit.
I'd rather be riding my '63 Triumph T120.
Most of us don't compete in some way against Skype. Many more software companies do compete with Microsoft. I wonder what safeguards are in place to prevent Microsoft from abusing the power of having such wiretaps.
I won't trust the US government any more or less than any other government. After thousands of years of death, destruction, corruption, and injustice caused directly by organized coercion (i.e. government), only a fool would trust ANY government. History has proven over and over again that government serves the interest of the elite who control government, not "the people" as the age-old claim goes.
Secondly, how is it possible to secretly spy on a person in order to benefit that person? In the real world, a person who spies on you is called a stalker -- and certainly does NOT serve your best interest. What makes government any different? Lip service, blind patriotism, guns, and false promises are the only differences I notice.
Also you could use on Android devices the App Redphone from Whisper systems for full call crypto, Moxy Marlinspike got himself onto the terrorist watchlist for writing that app! LOL so you know it works. He must really hate to travel now.
here is their site:
http://www.whispersys.com/
Between this and the "Vested Stocks" issue, Microsoft is well on the way to burying another great product it purchased!
Fantastic business model!
OK, so now there is verification. But did anyone think things would go any other way?
Well, if there was no plan to do so before I'm sure that this post will be the proverbial muse M$ was looking for.
For a while, transcripts of Skype calls have been showing up in German court records. Law enforcement already has got access, probably through a variety of means.
is if the government first passes a law requiring ALL VoIP communication to have this recording capability in place. I don't believe Microsoft is intending to release a product here. They're just thinking about the possibility that the government might one day require it, and if so, they want to be able to make money off of it. It's not as if the concept is new, and I see no reason to believe Microsoft is actively creating a product or has any intention of doing so.
In other news, Microsoft may:
* add image processing [to Skype]
* add remote document scanning [to Skype]
* add virtual machine technology [to Skype]
* add clustering capabilities for seriously big high definition video technology [to Skype]
I'm quite sure Microsoft has patents on all the above, but none are alarming enough to mention. This article is FUD. Absolutely no link has been drawn between the Skype product and this patent, except that Skype does voice transmissions and this patent is for a system that intercepts them.
Also, I believe Skype uses a peer-to-peer method for communicating between nodes, which would make it hard to apply this patent to Skype anyway. The peer-to-peer nature of Skype is why the last big outage took quite a while to resolve. They couldn't just "reboot their servers"; updated software had been deployed to the nodes (ie. you) and was malfunctioning.
EPIC FAIL or EPIC WIN:
When I opened this article, the advertisement at the top was for SKYPE. When I worked @ a business journal and we produced web based articles and emails sent out, we rearranged articles to ensure that they were not right next to advertisements that were promoting/denouncing the same thing as each other.
Bad demographic ad placement, imo.
Apparently little has changed on the Zfone web site since 2007. The download has been unavailable since 29 January 2011.
Anyone have a link to a download?
Is this really that big of a development? I mean how long have our landline calls been monitored?
I hate sharing the world with thoughtless people like you. You enable injustice and oppression, which in turn harm me.
The worst part about people like you is how uncompromising you are about your stupidity. You staunchly refuse to listen to reason, be educated, or rub two damn neurons together and get a clue.
I hope you die young.
There are already more secure alternatives to Skype. Like mumble and SIP. and they're copyleft.
Just FYI, Xbox Live already does this. All data sent over the Xbox Live network is encrypted, *except* voice communications. This is to allow Federal agencies to listen-in if required.
So this isn't a big shock; Microsoft buys a VOIP product, changes it to comply with policies it's already established for VOIP products.
Comment of the year
I thought Morgan was the Intercept.
Honestly, that is kind of one of the legitimate uses of this.
If you call up a number and they require your card number, you don't want a recording of that part of the transaction sitting on their servers somewhere waiting to get hacked or sold off or abused in some other way, but you will want a recording of the call for liability reasons. You also don't want the servers that are handling your connection doing this job, because that kill resources, to you hand that job off to another machine (many machines actually, it is a complex process when you have a bunch of concurrent calls at the same time).
MS is just covering their bases and cornering as much as they can (granted we have been doing this kind of stuff for years, so I'm not sure how valid the patent is).
This is all about limiting Free Speech. After all, censorship is everywhere. The gov’t (and their big business cronies) censor free speech, shut down dissent and ban the book “America Deceived II”. Free speech for all.
Last link (before Google Books bans it also]:
http://www.iuniverse.com/Bookstore/BookDetail.aspx?BookId=SKU-000190526
All MS has to do is set the license fee to $1M. That would just about stop anyone else from selling any VOIP software in the US that wasn't Skype.
This is a 'Legally Mandated Monopoly' They'll get away with is because of the 'War on Terror'/Patriot Act.
So this records voip calls in the same way you can record pots calls ?
How is this patentable as not obvious ?
I have been looking for XMPP alternatives for Skype for a good while. Jingle using SRTP does look good. http://xmpp.org/extensions/xep-0167.html#srtp
adding evavesdropping would ruin skype. Its time to switch,
If you have a patent on wiretapping, does that mean you don't have to get a warrant?
Somebody needs to get a patent on a method for using a cell phone to record police traffic stops. That would invalidate any state law saying otherwise.
No, it doesn't "say" that anywhere. The only time you hear the assertion that a blowjob isn't sex is from a guilty husband or boyfriend.
Or perhaps even a guilty wife or girlfriend...
But don't let me stop you being sexist.
Any company offering a VoIP service is, I would think, legally *required* to provide law enforcement with a means to do a wiretap.
If the Law gets a Warrant, that's quite appropriate according to the Constitution.
If you want untappable VoIP, you'll need to use a direct, encrypted connection, and better hope the NSA hasn't figured out how to crack the cipher you pick.
Going through any third-party service (Skype, Google Talk, etc), is just asking to be tapped.
Do you think that Apple, if given the opportunity, would not do the same?
http://info.ee.surrey.ac.uk/Personal/N.Katugampala/pubs/pubs.htm
Not to mention, Skype already has interception in China, and probably in other countries with governments that require it.
You maybe able to get around this by getting the full ( not the stub ) international installer and using that. But the Chinese Skype definitely has censoring and interception built-in.
Here's an article, but there are lots of references to this on the web...
http://www.wired.com/threatlevel/2008/10/chinese-skype-s/
Ahh man they'll be listening to our Sunday skype call with the family and listening in on my son's first words. THAT IS if they actually do this. Just because they have a patient doesn't mean they'll do it.
Sky is falling!
How can this be legal worldwide? In my country ( a non-american, western democracy ) it can only be legal to record a private conversation if both parties have been notified that they are being recorded.
The only other way to legally record, is by law enforcement after they have received a warrant from a court judge, which is fine by me if due process has been followed.
So in many countries, the eavesdropping 'features' MS are adding may be illegal to use without a court granted warrant.
PSTN calls aren't encrypted so why would you expect Skype calls to be encrypted?
Skype has been "intercept-able" for some time now - thanks to CALEA.
And yes, before Microsoft, before Yahoo, it was secure enough to some degree as only the endpoints of the conversation had the only keys (AES-128) for the conversation, but Skype has long been vulnerable to man in the middle (MITM) type attacks due to their requirement to permit CALEA monitoring of the traffic.
Also, you folks are aware of the little "additions" that the NSA put into the AT&T offices years ago to monitor data throughput - this shouldn't surprise you, but there are switch vendors that make interception gear that can record conversations off DS3's (that was 2005) and stream them out.
Lemme get this. A software based voice encryption app, run on a phone. Then run through a wireless telco data connection. Then run through Tor. Then it exits another wireless telco data connect. Then is decrypted via software on another phone. The only question is if the latency is measured in 10s of seconds.
The lag is bad enough with small plain text web pages, and you expect Tor to be realtime with voice? Though a typical phone data connection? If you're gonna posit a "solution", at least make sure they have a realistic use.
Diné Bizaad yee Nidaazbaa'ígíí éí doo t'áá diné bizaad chodayoos'iid da ndi, naabeehó bisiláotsooí bizaad chodayoos'iid.
The Navajo Code Talkers didn't use just Navajo, they used military Navajo.
I.e., the Navajo they used was itself encoded, albeit not very strongly, so things like "abreast" in the plaintext English worked out to "ant breast" (pure gibberish) in the Navajo.
Hágoónee / Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
The relatively new QuteCom (aka Gizmo5), available in debian/ubuntu, supports SRTP (which is basically the same thing as zfone, as far as I understand things). It's very usable (more than zfone), and also happens to be the best linux VOIP client I've ever used.
It's not at ms could yap for the government, but that no one else could, withoutht violating the patent?
FBI: "here is our warrant. Intercept that call."
Non-ms skype competitor: I'm sorry, but I'm prohibited from doing that. Perhaps you could get the target to use skype?
Try www.gold-lock.com.
Every authority has the capacity to intercept telecommunications. The only real difference is the extent to which that facility is used for legitimate crime prevention / law enforcement purposes or abused for the purposes of economic interest of the state in question. The ex head of the French Secret Service (Claude Silberzahn) has openly admitted to this type of spying for the benefit of French state owned commercial interests ... so this is not a practice that is restricted to international backwaters in strange far-off lands. If you are communicating over an unsecured public network you should assume that somebody could be listening - not necessarily that they hare, but that it is possible for them to do so.
We've used the Gold Lock product to good effect - works well on mobiles (not all - iPhone, Nokias, Blackberrys and Android) and PC too, so is very similar to Skype (no video, but who cares for serious business / secure communication?).
Yea cuz Microsoft REALLY wants to know what I had for dinner last night.
Unless you make yourself a target by doing stupid things, this isnt a issue. Of over the 600 million users of skype, microsoft really doesnt give a flying **** about your conversations unless it involves harm to their company or terrorism, or other illegal activities.
And those smart enough to DO those illegal activities wouldnt be stupid enough to use skype to communicate in the first place.