Thursday, June 20, 2013

Microsoft's Skype and NSA Privacy Concerns

It seems clear to me that the restructuring of Skype's network (no longer purely peer-to-peer) has made two major changes in respect to privacy.  
1.  The first is that with respect to all its services, a detailed record of who is communicating with whom is now kept, and clearly it is being shared.  Before Microsoft, back when Skype was purely a peer-to-peer service, I don't believe they kept those records except in the aggregate.   
2.  The second is that with respect to text communication, it now appears that a copy is retained on Skype servers... because this is the way they can guarantee delivery to those that are offline at the time text is sent.  I still don't think Skype is retaining a copy of the encryption keys, but the very fact that they could potentially hand over a copy of the encrypted text is alarming.  Nobody knows how well encrypted it is because Skype has kept that a secret.

From Mashable:

Skype Considered Government Requests With Project Chess

Skype had a secret program to determine ways it could technically and legally cooperate with government requests for users' content, according to a report.
The program, "Project Chess," began five years ago — well before Microsoft purchased Skype for $8.5 billion in 2011, according to the New York Times.
SEE ALSO: Can Skype Eavesdrop on Your Calls?
Per the report, a dozen Skype employees were involved in Project Chess, which was created to overcome internal division over how best to handle the government's user information requests.
It's not clear whether Project Chess immediately resulted in a program enabling the government to access Skype users' calls or chats. According to the PRISM Internet surveillance documents leaked by Edward Snowden, Skype joined that program in 2011 — just months before Microsoft bought the company.
A Microsoft spokesperson did not immediately return Mashable's request for comment.
Skype's history with government requests is complicated. The service has long been considered a safer way for users to discuss sensitive information than traditional telecom providers, which have a long history of cooperating with law enforcement and intelligence agencies. However,
Skype has legally been subject to government wiretaps under the Communications Assistance for Law Enforcement Act (CALEA) since VoIP services were included in a 2006 update to that act.
After the updates to CALEA, Skype claimed its encryption and peer-to-peer architecture made it impossible to wiretap. However, a post-Microsoft change to Skype's architecture last year led to hackers alleging that 
Microsoft was opening a door for legal government interception of users' calls. While Microsoft was mum at first, it was eventually forced topublicly deny those accusations.
Should Skype be trusted for calls that users want kept confidential? Share your thoughts in the comments.