Microsoft-Skype Snooping Accusations Push All the Paranoia Buttons
Has Microsoft has figured out a way to bug Skype calls? A report published in Slate late last week suggests this might maybe possibly be theoretically true -- cue the InterWeb's full-blown paranoia party.
In a blog post titled "Skype won't say whether it can eavesdrop on your conversations," Slate's Ryan Gallagher determined through dogged questioning that Microsoft will neither confirm nor deny that it has built a backdoor into Skype that would allow the government to wiretap VoIP calls.
From this he naturally concludes that Microsoft really is eavesdropping on our conversations and is trying to keep it a big fat secret:
... when I repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming. Citing "company policy," Skype PR man Chaim Haas wouldn't confirm or deny, telling me only that the chat service "co-operates with law enforcement agencies as much as is legally and technically possible."
Shares of Reynolds Wrap aluminum foil just went up 17 percent on the news.
Gallagher's other "proof"? In June 2011, one month after Microsoft announced its acquisition of Skype, it received a patent for technology that would allow it to "silently copy communication transmitted via the communication session."
Sounds scary, don't it? The problem with that theory is a) Microsoft applied for this "Legal Intercept" patent two years before it acquired Skype, and 2) the patent doesn't really say much about how the technology would actually work, let alone bust through Skype's 256-bit AES end-to-end encryption.
Gallagher also relied on a story by another Forbes blogger, Anthony Wing Kosner, which quoted from an ExtremeTech story by Tim Verry about claims made a hacker who goes by the handle Alien Nesby, who says Microsoft added "backdoors for government" to Skype after the acquisition was final.
Microsoft directly denied the claims made in Verry's post, noting it did recently overhaul its Skype network, but the changes were made to increase quality of service and security, not for spying. But that didn't stop Forbes blogger Eric Jackson from jumping right on the paranoia pony and riding it to the finish line. In a blog post titled "It's terrifying and sickening that Microsoft can listen in on all my Skype calls," Eric proves he has 1) a rather delicate constitution, and b) clearly been taking courses in how to write traffic-magnet blog headlines.
First, let's acknowledge it might be true that Microsoft has figured out a way to allow authorities to listen to calls made via Skype. That would bring Skype in line with the Communications Assistance for Law Enforcement Act (CALEA), or the same 1994 law that governs wiretaps and was expanded in 2005 to allow access to digital phone networks.
Skype has some 660 million users; do you really think the feds are going to treat it any differently than the cellphone you have in your pocket or the one that might still be plugged into your wall? The notion that Skype will, eventually, conform to CALEA is just a matter of time.
What happens to it from there -- if all our calls and chats will then be sucked into the vast data center being constructed in a Utah salt mine by the NSA, for example -- is anyone's guess. Insert your favorite conspiracy theory here. Also: Get me James Cameron, I have a movie script I want to pitch.
Until then, though, we need to take a deep breath and figure out what is actually true about any of this. So far, there ain't much.
What Microsoft should do is issue a transparency report similar to the ones released recently by Google and Twitter, detailing the many requests it receives for user data from various and sundry government authorities. It should also officially publish the guidelines authorities must follow in order to request information, as well as what types of data are available and how long they are retained. That document [PDF] was made available via a leak to Cryptome.org and is now four years old; I'd like a fresh copy, please.
That would be one way to dispel the notion that Microsoft is the evil bogeyman -- at least, more evil than all the other bogeymen. But it won't make for a very sexy headline.
Is Microsoft Skype-spying on us? Doff your tin foil hats below or beam your thoughts to me via email@example.com.
This article, "Microsoft-Skype snooping accusations push all the paranoia buttons," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.