Growing concern over what Microsoft may be doing with Skype

Is Microsoft providing governments with a Skype 'back door' to monitor communications?
Is Microsoft providing governments with a Skype 'back door' to monitor communications?

Skype is seen as part of the new combined communications philosophy adopted by Microsoft. Writing about the financial loss, the Telegraph reported on Saturday that “The purchases of Yammer, providing businesses with social networking integration, and Skype to combine communications, also demonstrate that Microsoft now seems to know where the holes in its own expertise lie.” The Telegraph remains upbeat, concluding, “today's losses are simply a red herring.”

Security professionals, however, are wondering what Microsoft is now doing with Skype. Historically, the availability of Skype communications to law enforcement has long been a bone of contention, even, allegedly, leading to the German government contracting a security company to develop a surveillance method to monitor Skype conversations. Skype itself told CNET that it had never received any subpoenas or court orders asking for a live interception or wiretap of Skype-to-Skype communications. “In any event,” Jennifer Caukin, Skype's director of corporate communications added, “because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request.”

But this structure is no longer prevalent. Shortly after Microsoft acquired Skype, the network suffered a major outage. This was blamed on software updates not reaching all of the P2P network’s supernodes. Microsoft responded by relocating many of these supernodes to its own servers – a good move as far as network resiliency is concerned, but “is that the only thing going on here?” asked Forbes. Critics have suggested that by re-engineering Skype’s network structure, Microsoft has actually developed a man-in-the-middle capability for law enforcement agencies.

Indeed, that is precisely the accusation leveled by the hacker 's7un', who claims to have hacked the Skype source code and made it available via the Pirate Bay. Microsoft, he alleges, “is proceeding to add back doors for government.”

On Friday, Slate took up a similar theme. “In June [one month after buying Skype] Microsoft was granted a patent for ‘legal intercept’ technology designed to be used with VOIP services like Skype to ‘silently copy communication transmitted via the communication session’,” it wrote. Slate links this capability to Section 3 of the Skype privacy policy, which states that Skype “may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information,” and that “you [the user] hereby consent to such disclosure.”

Nobody outside of Microsoft knows exactly what is going on. However, one thing that is clear is that the ‘privacy-by-design’ structure of Skype can no longer be taken for granted.

What’s hot on Infosecurity Magazine?