Slashdot Mirror
Microsoft May Add Eavesdropping To Skype
An anonymous reader writes "The U.S. Patent and Trademark Office published a Microsoft patent application that reaches back to December 2009 and describes 'recording agents' to legally intercept VoIP phone calls. The 'Legal Intercept' patent application is one of Microsoft's more elaborate and detailed patent papers, which is comprehensive enough to make you think twice about the use of VoIP audio and video communications. The document provides Microsoft's idea about the nature, positioning and feature set of recording agents that silently record the communication between two or more parties."
It's coming soon...
Time to start working on an audio stream encryption front end.
Worse, they'll probably put eavesdropping in the audio path of the PC (where the DRM is now), so that no crypto software on the client end can bypass it.
To the now rather long list of reasons I need to find a convenient IP-POTS skype alternative.
They really have had a bad few months in terms of user experience.
So, when they install tools for our government to spy on us, it's supposed to be a good thing.
And when they do it to help other governments we don't agree with, it's an enemy to democracy and helping to undermine the ability of peaceful protest.
Love the double standard inherent in this. Maybe we can use the stuff the US is working on to stealthily deploy an internet in places to get around 'oppressive regimes' to prevent wholesale, un-tracked monitoring of our communications.
Oh, right, if you call yourselves the good guys, it's all OK. But, make no mistake about it ... this will help the 'Bad Guys' as much as it will help the 'Good Guys' ... China wants to listen to your VOIP too.
Lost at C:>. Found at C.
Oh good. So Microsoft can use this patent to prevent anyone from eavesdropping on VIOP calls.
I'm _SO_ sure that's why they want it.
--Joe
There isn't a shred of evidence that this will be added to Skype. Just because they filed a patent application, doesn't mean anything. Companies file for patents all the time, and is no indication that something will ever be deployed.
Bottom line, this whole headline and story is just pure speculation, and hype. In short, FUD. Slashdot and CmdrTaco should be ashamed for the yellow journalism.
No. This is a problem.
The Police are supposed to get a warrant before they spy on you. It's a key element of the laws surrounding the situation. There are controls and accountability.
What controls and accountability are here?
This is a corporation abusing you in a way that you should never tolerate from a government.
A Pirate and a Puritan look the same on a balance sheet.
You won't mind me remotely exploiting your systems and downloading personal files from your devices then would you? I mean, no biggie if you're not doing anything wrong. Right?
Now only Microsoft products will be able to have this feature! Other developers can just tell the police that adding intercept technology to their VOIP product would be a patent violation.
========
CINC, 4th Penguin Legion
So yes, it implements intercept. Obviously. Just try to sell a VOIP PBX to an operator without intercept.
I would be amazed if skype didn't implement intercept yet.
Zfone is a new secure VoIP phone software product which lets you make encrypted phone calls over the Internet. Its principal designer is Phil Zimmermann, the creator of PGP, the most widely used email encryption software in the world. Zfone uses a new protocol called ZRTP, which has a better architecture than the other approaches to secure VoIP.
* Doesn't depend on signaling protocols, PKI, or any servers at all. Key negotiations are purely peer-to-peer through the media stream
* Interoperates with any SIP/RTP phone, auto-detects if encryption is supported by other endpoint
* Available as a "plugin" for existing soft VoIP clients, effectively converting them into secure phones
* Available as an SDK for developers to integrate into their VoIP applications
* IETF has published the protocol spec as RFC 6189, and source code is published
[...]
http://zfoneproject.com/
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
VoIP was that other tool. I'll want more information about this before I become too concerned, but the whole notion that if you aren't doing anything illegal why worry is just complete apologist bullshit.
There's all sorts of legal activities which could ruin ones life if people in general found out. If you're gay and not out, having people listening in to communiques with a boyfriend or girlfriend could definitely ruin ones life.
Hey...MS can't let Apple get too far ahead in the ongoing "Big Brother" race.....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Jojin and HedgeHog from Bugemos.com made a comic strip about this 2 weeks ago. And it's not their first comic strip prophecy which turned out to be true.
I admittedly didn't RTFA but I don't see anything in the summary that suggests that anyone is planning to use this without a warrant. If MS or the police try to, that's still wiretapping and still illegal; but just developing the technology isn't inherently illegal or worrisome. Granted, that's assuming that the technology won't be abused...
If a privacy technology is insufficient to protect pedophiles and terrorists, then it is insufficiently strong enough for me.
The quality of the technology should transcend the user's choice between good and evil, as the allegation of evil is often done by those who know it well.
Really, I am curious. Does this surprise anyone ?
This is the most damaging and poorly thought out sentiments that I hear of late ...
If you're not doing anything wrong, don't worry, citizen. Only the guilty need privacy. Only criminals use encryption. Upstanding people don't have secrets. We have to know everything to prevent thought crimes. We know what's best. Fuck that.
Deciding that we have no expectation of privacy is a dumb idea. Deciding that only people who are doing something shady try to guard their privacy is completely wrong-headed. You start out with fourth amendment rights against unreasonable search and seizure. In theory, there is supposed to be warrants and judicial oversight to keep this in check. Lately, the trend has been to side-step all of that stuff.
There are lots of legitimate reasons why someone would expect to keep some things private ... and taking those away under is a horrible idea.
Why is everybody so damned willing to live in a surveillance society? This makes no friggin' sense to me whatsoever. And every time I hear someone saying that if I'm not a criminal I shouldn't expect privacy I just want to scream at the sheer madness of that statement.
Lost at C:>. Found at C.
Yes, this is what allowed other governments to attain police state status.
We are heading in that direction.
About the same as here? http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy
TCP: Why the Internet is full of SYN.
The problem with audio stream encryption is that it will be before the compression codec. When you feed uncompressed but encrypted audio into the skype codec expecting voice it either wont' be able to compress it enough to send, or very bad things will happen to the signal and it probably can't be decrypted. If you try compressing it first, then you are still screwed when you try to decrypt it.
In the 80's when CB radio took off people tried building encryptors for that but it pissed the feds off and they got shut down.
Some drink at the fountain of knowledge. Others just gargle.
On the other hand, this is just technology. Technology isn't evil or good. This technlogy has the ability to be used by evil people, but it also has some good uses. The same technology exists for phone lines, but we don't scream "WHERE'S MY PRIVACY?" because there's a proper legal framework of warrants and whatnot to determine who can spy on your phone calls. If you want the same legal protections for VOIP calls, then don't talk to MS. Talk to your congressman (or member of parliament, or the equivalent in your country) to ensure that this technology will not be misused.
Also, what I want to know is how a patent dating back to 2009, before they even thought of buying Skype all of a sudden means they are going to eavesdrop on our Skype calls. Sounds a little alarmist to me. Just because they have the technology to do something, doesn't mean they are going to integrate it into a product.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Is this on the Linux version? The Linux version has historically been nice and tame compared to the nagware/adware-like Windows version, but I haven't installed the latest update that came out since MS bought them, I'm afraid it will be like the Windows version (which is even bundled with some stupid online game thing now).
"When information is power, privacy is freedom" - Jah-Wren Ryel
Most of us don't compete in some way against Skype. Many more software companies do compete with Microsoft. I wonder what safeguards are in place to prevent Microsoft from abusing the power of having such wiretaps.
I won't trust the US government any more or less than any other government. After thousands of years of death, destruction, corruption, and injustice caused directly by organized coercion (i.e. government), only a fool would trust ANY government. History has proven over and over again that government serves the interest of the elite who control government, not "the people" as the age-old claim goes.
Secondly, how is it possible to secretly spy on a person in order to benefit that person? In the real world, a person who spies on you is called a stalker -- and certainly does NOT serve your best interest. What makes government any different? Lip service, blind patriotism, guns, and false promises are the only differences I notice.
Most of the people who claim "Innocent people have nothing to hide" think they THEY are the ones who'll get to decide who's innocent.
They're wrong.
Yeah, because your POTS and cell carriers have absolutely no way to listen in on your conversation.
This post comes with a double-your-money-back guarantee!
Any offense taken to this post is at your sole discretion.
OK, so now there is verification. But did anyone think things would go any other way?
For a while, transcripts of Skype calls have been showing up in German court records. Law enforcement already has got access, probably through a variety of means.
In other news, Microsoft may:
* add image processing [to Skype]
* add remote document scanning [to Skype]
* add virtual machine technology [to Skype]
* add clustering capabilities for seriously big high definition video technology [to Skype]
I'm quite sure Microsoft has patents on all the above, but none are alarming enough to mention. This article is FUD. Absolutely no link has been drawn between the Skype product and this patent, except that Skype does voice transmissions and this patent is for a system that intercepts them.
Also, I believe Skype uses a peer-to-peer method for communicating between nodes, which would make it hard to apply this patent to Skype anyway. The peer-to-peer nature of Skype is why the last big outage took quite a while to resolve. They couldn't just "reboot their servers"; updated software had been deployed to the nodes (ie. you) and was malfunctioning.
So then why hasn't the country since the government has been out there with alligator clips doing legal intercept since the days of the telegram? It hasn't because there are legal requirements to do so. You have an expectation of privacy... until the judge signs a warrant saying they can intercept your communications.
If you have an issue with them intercepting your Voip then logically you must also be against lawful intercept on POTS and Cell phones. When will be staging the protests rally against those terrible government intrusions?
Technology, the cause of and solution to all of life's problems.
Total Epic Fail, man.
Apparently little has changed on the Zfone web site since 2007. The download has been unavailable since 29 January 2011.
Anyone have a link to a download?
Your post really is one of those situations where you cant see past your own nose.
Good-bye
The reason you don't think twice about those old techs' vulnerabilities, is that after you think once, you realize that its insecurity is inevitable.
VoIP doesn't have to be insecure; it's actually feasible to do it right, because your "terminal" is so outrageously powerful and capable in a way that couldn't be dreamt of on the 1880s.
The reason to worry about it, even if you're not doing anything illegal, is that systems that are deliberately designed to be insecure (specifically, insecure to criminals) are likely to be insecure to others, too. If LE is listening, who else? You remember what happened to the Greek government, right?
Designing this stuff to be deliberately insecure is just plain absurd, and we ought to be thinking of it as very strange and very evil, for new tech to not be all that it can be. So yeah, of course I advocate people "find another tool." That applies to everyone, not just people whose adversarial "brother" happens to be the Big one.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
If you think people are mad now, wait until the Facebook generation is in control.
Just FYI, Xbox Live already does this. All data sent over the Xbox Live network is encrypted, *except* voice communications. This is to allow Federal agencies to listen-in if required.
So this isn't a big shock; Microsoft buys a VOIP product, changes it to comply with policies it's already established for VOIP products.
Comment of the year
is if the government first passes.....
Hmm.. welcome to the 21st century. I think you will find we do things differently here.
http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
I thought Morgan was the Intercept.
As far as I can tell, Skype is not yet under the control of Microsoft, so we unfortunately can't blame them for all this evil.
In fact, it's really not like them. MS is a pretty evil company, yes, but mainly to their customers and society in general. I can't say I've ever heard of them screwing over their employees, and in fact everything I've heard is that it's a pretty good place to work, except for the stupid political battles between the divisions (but this doesn't really affect the rank-and-file coders and engineers much).
This kind of crap from Skype is evil beyond which even MS is known for.
Naw, too much money to loose.
Much more profitable to lower our standards to theirs.
Why allow privacy to just happen when you can sell privacy as a product?
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
SIP isn't an application, it's a protocol. Calling it "copyleft" is moronic.
Honestly, that is kind of one of the legitimate uses of this.
If you call up a number and they require your card number, you don't want a recording of that part of the transaction sitting on their servers somewhere waiting to get hacked or sold off or abused in some other way, but you will want a recording of the call for liability reasons. You also don't want the servers that are handling your connection doing this job, because that kill resources, to you hand that job off to another machine (many machines actually, it is a complex process when you have a bunch of concurrent calls at the same time).
MS is just covering their bases and cornering as much as they can (granted we have been doing this kind of stuff for years, so I'm not sure how valid the patent is).
This is really is one of those situations that if you aren't doing anything illegal don't worry about it and if you do worry about it find another tool.
You are arguing a false dichotomy and the third axiom is the expectation of privacy from government intrusion.
Consider this scenario: Your neighbor dies a horrible death at the hands of the most gruesome killer. The police are pressured by the community to bring his killer to justice. In their dragnet, they listen in on your phone call to your mother in which you state to her that:
"My neighbor is dead, died a gruesome death and the police were all over the place.... I never really liked the guy, but it's sad to see him go that way"
They haul you in for questioning and charge you with his murder. What do you think the testimony of the officers will be in court?
Prosecutor: "Officer Jones, was there anything funny about the conversation you heard between the defendant and his mother?"
Officer Jones: "Yes there was, He stated his neighbor died a gruesome death, but the newspaper had not reported that yet"
Prosecutor: "Was there anything else peculiar about the conversation?"
Officer Jones: "Ohh yea, he said he never liked the guy."
Open and shut, do not pass go, do not collect $200. Point being, even the most innocuous of conversations can be taken out of context and used against you and it doesn't even have to be due to malice on the part of the recollecting party.
So this records voip calls in the same way you can record pots calls ?
How is this patentable as not obvious ?
No. This is a problem.
The Police are supposed to get a warrant before they spy on you. It's a key element of the laws surrounding the situation. There are controls and accountability.
What controls and accountability are here?
This is a corporation abusing you in a way that you should never tolerate from a government.
How is it any different than with a telephone company who can listen in on any call for "quality assurance"? Or who can put a back room in to route all traffic thru the NSA?
This capability has existed on EVERY common carrier since the invention of the reel-to-reel recorder. Warrants allow police to listen. But the company always had the ability to do so warrant or no warrant.
Your protection from the carrier is that your call is buried in so much other traffic that there are not enough people and not enough interest to even bother.
You can make yourself interesting either to the company or the police. But you really have to go out of your way to do so.
Sig Battery depleted. Reverting to safe mode.
I have been looking for XMPP alternatives for Skype for a good while. Jingle using SRTP does look good. http://xmpp.org/extensions/xep-0167.html#srtp
I feel it should be pointed out that thanks to the Patriot act and other examples of Shredding the Constitution in the Name of Safety from Terrists, the government does not need a warrant to spy on you anymore. All they have to do is say they're spying on you to make sure you're not a terrorist, or talking to any terrorists.
"I disagree with you" does not equal "flamebait."
If you're gay and not out, having people listening in to communiques with a boyfriend or girlfriend could definitely ruin ones life.
Or perhaps improve it? Just sayin....
But even in a purely normal situation, such as searching for a new job, if you do such on your current employer's time and dime using your current employer's internet connection to skype potential jobs at (perhaps) competitors, you are likely to find yourself unemployed before you land the new job.
Do it at home, and you are probably safe. Even if Microsoft HAD the capability why would they care to tap you?
The fact that they can, and skype always could, and the phone company always could, and that your ISP can record every bit and byte out of your modem with or without a warrant seems never to have been an issue.
People understand that use of facilities owned by others always presented a risk.
Nothing new to see here folks. Move along please...
Sig Battery depleted. Reverting to safe mode.
This is the most damaging and poorly thought out sentiments that I hear of late ...
If you're not doing anything wrong, don't worry, citizen. Only the guilty need privacy. Only criminals use encryption. Upstanding people don't have secrets. We have to know everything to prevent thought crimes. We know what's best. Fuck that
Fix that with your VOTE.
Don't expect a private company like Microsoft to stonewall a warrant for you.
This is entirely YOUR fault. You elected these bastards. Year after year you voted your self interest. The bill has come due.
Sig Battery depleted. Reverting to safe mode.
Yes, this is what allowed other governments to attain police state status.
We are heading in that direction.
We've long since arrived.
In the face of an outright revolt as is happening in Syria today, is there anyone here who does not believe any western government wouldn't do the exact same thing as Syria is doing?
Sig Battery depleted. Reverting to safe mode.
Any company offering a VoIP service is, I would think, legally *required* to provide law enforcement with a means to do a wiretap.
If the Law gets a Warrant, that's quite appropriate according to the Constitution.
If you want untappable VoIP, you'll need to use a direct, encrypted connection, and better hope the NSA hasn't figured out how to crack the cipher you pick.
Going through any third-party service (Skype, Google Talk, etc), is just asking to be tapped.
No, he said "The Police".
Not to mention, Skype already has interception in China, and probably in other countries with governments that require it.
You maybe able to get around this by getting the full ( not the stub ) international installer and using that. But the Chinese Skype definitely has censoring and interception built-in.
Here's an article, but there are lots of references to this on the web...
http://www.wired.com/threatlevel/2008/10/chinese-skype-s/
No no no, everybody knows you can't be sexist against men.
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
While I agree that we need protection from government intrusion, your example doesn't make sense. At most it partially explains motive while ignoring means and opportunity.
1) As the victim's neighbor you would have already been questioned by police if you saw anything, etc. and would already be on their 'people of interest' list if anything seemed weird or you didn't have an alibi.
2) The call to your mom states a widely-known fact along with a personal opinion of the neighbor. No real insider knowledge of the crime.
3) The other neighbors and the victim's family and friends would be questioned as well and if there were any issues between you and the victim they would most likely know.
Again, I agree with your statement, but the example doesn't work. Frankly if you're in court it's for far more than your phone call.
I call it 'The Aristocrats'
How can this be legal worldwide? In my country ( a non-american, western democracy ) it can only be legal to record a private conversation if both parties have been notified that they are being recorded.
The only other way to legally record, is by law enforcement after they have received a warrant from a court judge, which is fine by me if due process has been followed.
So in many countries, the eavesdropping 'features' MS are adding may be illegal to use without a court granted warrant.
At most it partially explains motive while ignoring means and opportunity.
Perhaps not. But the example is to highlight that any conversation, even those which are considered to be the most innocent, will never ever be exculpatory.
Actually, I do think twice, but I've decided that the alternatives are too troublesome and don't justify the small risk.
Because, quite honestly, the "if you don't do anything illegal" line makes a faulty assumption: Namely that the police and justice system are perfect. They aren't. There are police officers who will make a copy of your porn collection or your intimate conversation with your girlfriend. There are prosecutors who will make your life difficult even though you didn't do anything illegal - because sometimes it takes several courts and many years to figure out if this borderline case was, or wasn't.
Maybe instead of the "evil bit" we should propose a "good guy flag" that you and I can use so the police doesn't waste time and precious resources on going after us. ,-)
Assorted stuff I do sometimes: Lemuria.org
Diné Bizaad yee Nidaazbaa'ígíí éí doo t'áá diné bizaad chodayoos'iid da ndi, naabeehó bisiláotsooí bizaad chodayoos'iid.
The Navajo Code Talkers didn't use just Navajo, they used military Navajo.
I.e., the Navajo they used was itself encoded, albeit not very strongly, so things like "abreast" in the plaintext English worked out to "ant breast" (pure gibberish) in the Navajo.
Hágoónee / Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
The relatively new QuteCom (aka Gizmo5), available in debian/ubuntu, supports SRTP (which is basically the same thing as zfone, as far as I understand things). It's very usable (more than zfone), and also happens to be the best linux VOIP client I've ever used.
It's not at ms could yap for the government, but that no one else could, withoutht violating the patent?
FBI: "here is our warrant. Intercept that call."
Non-ms skype competitor: I'm sorry, but I'm prohibited from doing that. Perhaps you could get the target to use skype?
You are thinking in terms of exit nodes. If setup correctly as a hidden service, Tor maintains the pathway, and you never hit an exit node.
I8-D
Step 3b : Other VOIP systems rise to fill the place left vacant by Skype.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"