Microsoft May Add Eavesdropping To Skype

← Back to Stories (view on slashdot.org)

Microsoft May Add Eavesdropping To Skype

Posted by CmdrTaco on Monday June 27, 2011 @04:21AM from the i-heard-that dept.

An anonymous reader writes "The U.S. Patent and Trademark Office published a Microsoft patent application that reaches back to December 2009 and describes 'recording agents' to legally intercept VoIP phone calls. The 'Legal Intercept' patent application is one of Microsoft's more elaborate and detailed patent papers, which is comprehensive enough to make you think twice about the use of VoIP audio and video communications. The document provides Microsoft's idea about the nature, positioning and feature set of recording agents that silently record the communication between two or more parties."

36 of 218 comments (clear)

Min score:

Reason:

Sort:

GNU VoIP by Anonymous Coward · 2011-06-27 04:23 · Score: 4, Informative

It's coming soon...
1. Re:GNU VoIP by Hatta · 2011-06-27 04:38 · Score: 3, Insightful
  
  What ever happened to PGPfone? That's what we need a GNU equivalent for.
  
  --
  Give me Classic Slashdot or give me death!
2. Re:GNU VoIP by Nimey · 2011-06-27 05:13 · Score: 2
  
  Answered already below:
  http://zfoneproject.com/
  
  --
  Hail Eris, full of mischief...
  
  E pluribus sanguinem
3. Re:GNU VoIP by Kamiza+Ikioi · 2011-06-27 06:00 · Score: 4, Interesting
  
  Give RedPhone a try. Best of all, it's written for Android, aka encrypted calls via a real phone. For added security, route it via Orbot (Tor).
  This is why it matters that we can legally root our phones.
  
  --
  I8-D
4. Re:GNU VoIP by jgoshorn · 2011-06-27 06:01 · Score: 2
  
  I've been trying out Jitsi (formerly SIP Communicator) and it seems to be pretty good. I hope to be testing it more in the upcoming months. http://www.jitsi.org/
A market niche opens... by Freddybear · 2011-06-27 04:25 · Score: 2

Time to start working on an audio stream encryption front end.
Next step, eavesdropping in the audio path by Animats · 2011-06-27 04:26 · Score: 2, Insightful

Worse, they'll probably put eavesdropping in the audio path of the PC (where the DRM is now), so that no crypto software on the client end can bypass it.
1. Re:Next step, eavesdropping in the audio path by Dwedit · 2011-06-27 04:39 · Score: 5, Insightful
  
  Yes, let's encrypt some audio before running it through Lossy Compression, and hope that we can get some recognizable signal afterwards.
2. Re:Next step, eavesdropping in the audio path by Microlith · 2011-06-27 04:44 · Score: 2
  
  Microsoft requires all drivers for x64 versions of Vista and W7 pass WHQL and be signed by them. If they decide to enforce eavesdropping in the audio path, they can force hardware vendors to supply it or deny them a signature.
3. Re:Next step, eavesdropping in the audio path by mcavic · 2011-06-27 04:44 · Score: 2
  
  Sounds like a fun project for someone with much more skill than myself.
4. Re:Next step, eavesdropping in the audio path by BuckaBooBob · 2011-06-27 04:57 · Score: 2
  
  Nothing that a Linux install CD wont fix...
  
  --
  Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
Wow .... by gstoddart · 2011-06-27 04:31 · Score: 5, Insightful

So, when they install tools for our government to spy on us, it's supposed to be a good thing.
And when they do it to help other governments we don't agree with, it's an enemy to democracy and helping to undermine the ability of peaceful protest.
Love the double standard inherent in this. Maybe we can use the stuff the US is working on to stealthily deploy an internet in places to get around 'oppressive regimes' to prevent wholesale, un-tracked monitoring of our communications.
Oh, right, if you call yourselves the good guys, it's all OK. But, make no mistake about it ... this will help the 'Bad Guys' as much as it will help the 'Good Guys' ... China wants to listen to your VOIP too.

--
Lost at C:>. Found at C.
1. Re:Wow .... by Sir_Sri · 2011-06-27 04:53 · Score: 2
  
  Sure. But I seriously doubt that governments around the world, including the US, were going to continue to allow such a widely used piece of software circumvent existing law enforcement capabilities. Microsoft is big enough I'm sure they'd *have* to allow wiretapping, just as google is big enough they *have* to try and do something about copyrighted material on youtube. I'd be surprised if skype has been small enough to stay under the radar this long honestly.
  When you're small you can get away with it. Ironically, smart criminals use the small stuff which would dodge the rules, but the police wiretap phones and everyone knows you can wiretap phones, so there must be a lot of dumb criminals. And either way, the government writes the rules, and you comply or you don't do business. You may not agree with them, but wiretapping is one of those tools that can be both a gross invasion of privacy, and enormously useful to catch people up to bad stuff, and by virtue of being the government, the government decides who can, and who can't wiretap.
Re:Think Twice? by dexomn · 2011-06-27 04:35 · Score: 2

You won't mind me remotely exploiting your systems and downloading personal files from your devices then would you? I mean, no biggie if you're not doing anything wrong. Right?
Thank the patent office! by the_raptor · 2011-06-27 04:36 · Score: 3, Funny

Now only Microsoft products will be able to have this feature! Other developers can just tell the police that adding intercept technology to their VOIP product would be a patent violation.

--

========
CINC, 4th Penguin Legion
1. Re:Thank the patent office! by CastrTroy · 2011-06-27 05:14 · Score: 2
  
  But if a law was passed stating all VOIP services operating in the USA had to have this technology, you might be forced to license the technology, of not offer your services in the United States. You might think they can't do that, but I can't see why not. You would either have to license the patent from MS, develop your own technology for doing the same that didn't infringe on the patent (entirely possible, depending on patent), or just bow out, and not offer your services. I'm sure that there's been other technologies that have been mandated for use by the government but that have had patents against them. Something off the top of my head that might fall under this would be something like airbags, which probably was patented, and is now mandate in all new vehicles, although I'm not sure if the two ever overlapped. Same goes for things like safety helmets. You can't argue that you don't want to pay for proper DOT or SNELL certification so therefore you're allowed to sell your helmets without proper certification. You either get the certification or you don't sell them. (or you label them as not approved, and nobody buys them because they aren't safe).
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
And it *also* implements intercept by OeLeWaPpErKe · 2011-06-27 04:36 · Score: 3, Insightful

So yes, it implements intercept. Obviously. Just try to sell a VOIP PBX to an operator without intercept.
I would be amazed if skype didn't implement intercept yet.
1. Re:And it *also* implements intercept by GameboyRMH · 2011-06-27 05:00 · Score: 4, Insightful
  
  I would be amazed if skype didn't implement intercept yet.
  This. Anyone who assumed in the first place that a service accessed with a closed-source app with a secret encryption scheme going through a bunch of servers you don't control was secure is an idiot.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
2. Re:And it *also* implements intercept by Yo+Grark · 2011-06-27 05:40 · Score: 2
  
  True. In Canada, only one side needs to know about and authorize the taping of a conversation.
  BUT a third-party taping is obviously a HUGE nono.
  A few years ago a friend of mine went through a bitter divorce and recorded everything his (now ex) wife was saying on the phone since she kept changing her tune when in front of arbitrators.
  When the tapes came out, she spouted up and down about how illegal it was and it would never be used in courts etc. After a 10 minute recess with her lawyers the contested issues were resolved in short order.
  It's made me VERY careful about what I say to who on ANY phone.
  Under the "Cases considering the one party consent exception" section, http://www.legaltree.ca/node/908
  Yo Grark
  
  --
  Canadian Bred with American Buttering
Time to switch to Zfone by Beautyon · 2011-06-27 04:38 · Score: 4, Interesting

Zfone is a new secure VoIP phone software product which lets you make encrypted phone calls over the Internet. Its principal designer is Phil Zimmermann, the creator of PGP, the most widely used email encryption software in the world. Zfone uses a new protocol called ZRTP, which has a better architecture than the other approaches to secure VoIP.
* Doesn't depend on signaling protocols, PKI, or any servers at all. Key negotiations are purely peer-to-peer through the media stream
* Interoperates with any SIP/RTP phone, auto-detects if encryption is supported by other endpoint
* Available as a "plugin" for existing soft VoIP clients, effectively converting them into secure phones
* Available as an SDK for developers to integrate into their VoIP applications
* IETF has published the protocol spec as RFC 6189, and source code is published
[...]
http://zfoneproject.com/

--
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
Re:Think Twice? by hedwards · 2011-06-27 04:38 · Score: 2

VoIP was that other tool. I'll want more information about this before I become too concerned, but the whole notion that if you aren't doing anything illegal why worry is just complete apologist bullshit.
There's all sorts of legal activities which could ruin ones life if people in general found out. If you're gay and not out, having people listening in to communiques with a boyfriend or girlfriend could definitely ruin ones life.
Re:Think Twice? by gstoddart · 2011-06-27 04:45 · Score: 4, Insightful

This is really is one of those situations that if you aren't doing anything illegal don't worry about it and if you do worry about it find another tool.
This is the most damaging and poorly thought out sentiments that I hear of late ...
If you're not doing anything wrong, don't worry, citizen. Only the guilty need privacy. Only criminals use encryption. Upstanding people don't have secrets. We have to know everything to prevent thought crimes. We know what's best. Fuck that.
Deciding that we have no expectation of privacy is a dumb idea. Deciding that only people who are doing something shady try to guard their privacy is completely wrong-headed. You start out with fourth amendment rights against unreasonable search and seizure. In theory, there is supposed to be warrants and judicial oversight to keep this in check. Lately, the trend has been to side-step all of that stuff.
There are lots of legitimate reasons why someone would expect to keep some things private ... and taking those away under is a horrible idea.
Why is everybody so damned willing to live in a surveillance society? This makes no friggin' sense to me whatsoever. And every time I hear someone saying that if I'm not a criminal I shouldn't expect privacy I just want to scream at the sheer madness of that statement.

--
Lost at C:>. Found at C.
Re:Think Twice? by jhoegl · 2011-06-27 04:51 · Score: 2

Yes, this is what allowed other governments to attain police state status.
We are heading in that direction.
you can't encrypt it before. by goombah99 · 2011-06-27 04:59 · Score: 4, Insightful

The problem with audio stream encryption is that it will be before the compression codec. When you feed uncompressed but encrypted audio into the skype codec expecting voice it either wont' be able to compress it enough to send, or very bad things will happen to the signal and it probably can't be decrypted. If you try compressing it first, then you are still screwed when you try to decrypt it.
In the 80's when CB radio took off people tried building encryptors for that but it pissed the feds off and they got shut down.

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:you can't encrypt it before. by GameboyRMH · 2011-06-27 05:03 · Score: 3, Insightful
  
  Or instead of adding this Rube Goldberg contraption on top of Skype, just use any free and open VoIP protocol that already supports encryption. There are plenty to choose from.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
2. Re:you can't encrypt it before. by icebike · 2011-06-27 05:50 · Score: 2
  
  The problem with audio stream encryption is that it will be before the compression codec.
  
  Why wouldn't it be possible to encrypt AFTER the codec. Bits is bits, No?
  Also CB radio by law was never authorized to send encrypted messages. It was always illegal just as it is illegal for ham radio operators to use encryption. Manufacturing something that has as its only use a function that violates the law is bound to be unprofitable if not outright illegal.
  
  --
  Sig Battery depleted. Reverting to safe mode.
Sure, but how will Microsoft abuse it? by ron_ivi · 2011-06-27 05:06 · Score: 2

Most of us don't compete in some way against Skype. Many more software companies do compete with Microsoft. I wonder what safeguards are in place to prevent Microsoft from abusing the power of having such wiretaps.
1. Re:Sure, but how will Microsoft abuse it? by Jane+Q.+Public · 2011-06-27 05:27 · Score: 2
  
  Uhh... try the law?
  
  Microsoft may have the technical ability to intercept private conversations, but it doesn't have the legal authority.
  
  This should be no more worrisome than your telephone companies building in tapping capabilities, in order to comply with the federal CALEA law. And I'm writing this even though I think the CALEA law itself is a bad idea...
  
  What it boils down to, is that it would almost certainly take law enforcement intervention in order to do a legal interception of a conversation. The fact that it is happening over the internet doesn't change any of the basic legal principles involved.
2. Re:Sure, but how will Microsoft abuse it? by sqlrob · 2011-06-27 05:48 · Score: 3, Funny
  
  I think it's debatable whether or not the law protects them.
  Does the EULA grant the authority?
3. Re:Sure, but how will Microsoft abuse it? by obarthelemy · 2011-06-27 05:55 · Score: 2
  
  it appears the law says that a blow job isn't sex, dropping bombs on someone isn't war, and detaining someone doesn't make him a prisoner.
  i wouldn't trust "The Law" further than my biggest check.
  
  --
  The Cloud - because you don't care if your apps and data are up in the air.
4. Re:Sure, but how will Microsoft abuse it? by DutchUncle · 2011-06-27 06:28 · Score: 2
  
  Microsoft may have the technical ability to intercept private conversations, but it doesn't have the legal authority....This should be no more worrisome than your telephone companies building in tapping capabilities
  And therein lies a problem. Part of the battle about phone service over cable-originally-intended-for-TV was precisely about whether the cable operator would or wouldn't become a "common carrier" subject to the same rules as the phone company, and required to provide service to *all* locations, and required to collect the same taxes and fees - with details like being subject to the same responsibilities to not abuse their access to users' phone calls. Skype, or any other VoIP, is even further away from being a "common carrier"; heck, Skype admits that it bounces messages off users' computers when they are running the Skype client; imagine if the phone company was drawing on your power to run your neighbor's phone. It wouldn't surprise me for Microsoft to argue that they're not "intercepting" "private" communications, because after all it's just ones and zeros and it's floating around in the global tubes for anyone to see.
Too late by Florian+Weimer · 2011-06-27 05:20 · Score: 2

For a while, transcripts of Skype calls have been showing up in German court records. Law enforcement already has got access, probably through a variety of means.
Article and post is FUD by harves · 2011-06-27 05:21 · Score: 5, Informative

In other news, Microsoft may:
* add image processing [to Skype]
* add remote document scanning [to Skype]
* add virtual machine technology [to Skype]
* add clustering capabilities for seriously big high definition video technology [to Skype]
I'm quite sure Microsoft has patents on all the above, but none are alarming enough to mention. This article is FUD. Absolutely no link has been drawn between the Skype product and this patent, except that Skype does voice transmissions and this patent is for a system that intercepts them.
Also, I believe Skype uses a peer-to-peer method for communicating between nodes, which would make it hard to apply this patent to Skype anyway. The peer-to-peer nature of Skype is why the last big outage took quite a while to resolve. They couldn't just "reboot their servers"; updated software had been deployed to the nodes (ie. you) and was malfunctioning.
Just FYI (Xbox Live) by Blakey+Rat · 2011-06-27 05:33 · Score: 2

Just FYI, Xbox Live already does this. All data sent over the Xbox Live network is encrypted, *except* voice communications. This is to allow Federal agencies to listen-in if required.
So this isn't a big shock; Microsoft buys a VOIP product, changes it to comply with policies it's already established for VOIP products.

--
Comment of the year
Re:Recent activity on Zfone? by Anonymous Coward · 2011-06-27 05:51 · Score: 2, Informative

There is a GNU implementation for ZRTP available, C++ and Java, which is used in the following
client:
- Twinkle (C++ SIP client, needs some know-how to build it)
- Jitsi (former SIP Communicator), a Java based Client, available for Linux, Windows, Mac,
often "ready-to-go" installation packages availbel (some Linux, Windows, Mac). Active development.
- CSipSimple - an Android clinet that supports ZRTP
- some iPhone clients are currently under development AFAIK
and the development goes on (for example GNU ZRTP is available for the well known PJSIP/PJSUA library that many
projects use to build clients.
Re:Think Twice? by ep32g79 · 2011-06-27 05:58 · Score: 2

This is really is one of those situations that if you aren't doing anything illegal don't worry about it and if you do worry about it find another tool.
You are arguing a false dichotomy and the third axiom is the expectation of privacy from government intrusion.

Consider this scenario: Your neighbor dies a horrible death at the hands of the most gruesome killer. The police are pressured by the community to bring his killer to justice. In their dragnet, they listen in on your phone call to your mother in which you state to her that:

"My neighbor is dead, died a gruesome death and the police were all over the place.... I never really liked the guy, but it's sad to see him go that way"
They haul you in for questioning and charge you with his murder. What do you think the testimony of the officers will be in court?

Prosecutor: "Officer Jones, was there anything funny about the conversation you heard between the defendant and his mother?"
Officer Jones: "Yes there was, He stated his neighbor died a gruesome death, but the newspaper had not reported that yet"
Prosecutor: "Was there anything else peculiar about the conversation?"
Officer Jones: "Ohh yea, he said he never liked the guy."

Open and shut, do not pass go, do not collect $200. Point being, even the most innocuous of conversations can be taken out of context and used against you and it doesn't even have to be due to malice on the part of the recollecting party.