According to this May report, the FBI had armed itself with a surveillance unit, the Domestic Communications Assistance Center (DCAC), which could spy on Skype conversations and other internet communications, in accordance with court order requests. Last January, the FBI announced it was in the process of developing an application that could automatically mass-monitor Facebook for crime-related comments.
But there has been a recent outcry on government authorities being allegedly assisted by Skype in spying on conversations routed through its system. According to a report in the Washington Post, Skype, under the ownership of Microsoft Corporation (NASDAQ:MSFT), since last year, has made certain technical changes to its chat facility, ostensibly to address outages and other stability issues. These changes are likely to assist Microsoft in complying with law enforcement authorities around the world, which it has a long record of doing. It may be noted that Skype’s encryption feature made it a communication tool of choice for drug lords, pedophiles and Jihadis as it made the service almost out of bounds for the authorities, as opposed to conventional modes like telephones and cellular devices.
According to Tim Verry for the website ExtremeTech, “Reportedly, Microsoft is re-engineering these supernodes to make it easier for law enforcement to monitor calls, by allowing the supernodes to not only make the introduction, but to actually route the voice data of the calls as well. In this way, the actual voice data would pass through the monitored servers and the call is no longer secure. It is essentially a man-in-the-middle attack, and it is made all the easier because Microsoft — who owns Skype and knows the keys used for the service’s encryption — is helping.”
Microsoft has been not very forthcoming on queries in this regard. However, the rising tempo of protest may have finally impelled Skype to issue a clarification. In a blog post Skype Chief Development and Operations Officer Mark Gillett wrote: “Some media stories recently have suggested Skype may be acting improperly, or based on ulterior motives against our users’ interests. Nothing could be more contrary to the Skype philosophy.”
The blog post gives a point-by-point rebuttal of the issues raised in the media.
“It has been suggested that Skype made changes in its architecture at the behest of Microsoft in order to provide law enforcement with greater access to our users’ communications.
Skype’s architecture decisions are based on our desire to provide the best possible product to our users. Skype was in the process of developing and moving supernodes to cloud servers significantly ahead of the Microsoft acquisition of Skype. Skype first deployed ‘mega-supernodes’ to the cloud to improve reliability of the Skype software and service in December 2010. These nodes have been deployed in Skype’s own data centres, within third-party infrastructure such as Amazon’s EC2, and most recently within Microsoft’s data-centers and cloud. The move was made in order to improve the Skype experience, primarily to improve the reliability of the platform and to increase the speed with which we can react to problems. The move also provides us with the ability to quickly introduce cool new features that allow for a fuller, richer communications experience in the future.
Early this year we completed our move of all of our supernodes into Microsoft’s global data-center footprint so we and our users can benefit from the network connectivity and support that powers Microsoft’s other global scale cloud software including Xbox Live, Bing, SkyDrive, Hotmail, and Office 365. This provides a real benefit to our users and to our ability to continue to scale the Skype product.
It has been suggested that Skype has recently changed its posture and policies with regard to law enforcement.
The move to supernodes was not intended to facilitate greater law enforcement access to our users’ communications. Skype has had a team of Skype employees to respond to legal demands and requests from law enforcement since 2005. While we are focused on building the best possible products and experiences for our users, we also fundamentally believe that making a great product experience also means we must act responsibly and make it safe for everyone to use. Our position has always been that when a law enforcement entity follows the appropriate procedures, we respond where legally required and technically feasible. We have a policy posted to our main website that provides additional background on our position on this matter.
It has been suggested that as a result of recent architecture changes Skype now monitors and records audio and video calls of our users.
The move to in-house hosting of “supernodes” does not provide for monitoring or recording of calls. “Supernodes” help Skype clients to locate each other so that Skype calls can be made. Simply put, supernodes act as a distributed directory of Skype users. Skype to Skype calls do not flow through our data centres and the “supernodes” are not involved in passing media (audio or video) between Skype clients.
These calls continue to be established directly between participating Skype nodes (clients). In some cases, Skype has added servers to assist in the establishment, management or maintenance of calls; for example, a server is used to notify a client that a new call is being initiated to it and where the full Skype application is not running (e.g. the device is suspended, sleeping or requires notification of the incoming call), or in a group video call, where a server aggregates the media streams (video) from multiple clients and routes this to clients that might not otherwise have enough bandwidth to establish connections to all of the participants.
We believe that servers are the best way to solve these technical challenges, and provide the best possible experience to our user community.
As has always been the case, SkypeOut calls and incoming telephone calls to Skype on-line numbers (PSTN calls) do flow through gateways of our PSTN partners as this is required in order to connect them to the traditional telephone network.
It has been suggested that the changes we have made were made to facilitate law enforcement access to instant messages on Skype.
The enhancements we have been making to our software and infrastructure have been to improve user experience and reliability. Period.
In order to provide for the delivery and synchronization of instant messages across multiple devices, and in order to manage the delivery of messages between clients situated behind some firewalls which prevent direct connections between clients, some messages are stored temporarily on our (Skype/Microsoft) servers for immediate or later delivery to a user.
As I have outlined above, if a law enforcement entity follows the appropriate procedures and we are asked to access messages stored temporarily on our servers, we will do so. I must reiterate we will do so only if legally required and technically feasible.
Some commentators have suggested that Skype has stopped protecting its users’ communications.
Skype software autonomously applies encryption to Skype to Skype calls between computers, smartphones and other mobile devices with the capacity to carry a full version of Skype software as it always has done. This has not changed.”
That should soothe some ruffled feathers.