Skype anonymity is at risk again

European law enforcement wants to be able to listen to Skype

For a long time, Skype has held the position that intercepting conversations of intruders is not their concern. This is not a telephone company and they do not own their own cable networks or telephone lines. Such a formulation of the question allows Skype to avoid a number of problems with regulatory authorities. For example, in the United States there is a law requiring telephone companies to provide the ability to wiretap phones by court order. However, now Skype has come to the attention of European law enforcement agencies, which see a security threat in that criminal elements can make uncontrolled calls through the company's service.

Recent claims came in the form of a statement by Eurojust, the organization coordinating efforts to combat organized crime in the European Union. The statement said that the Italian unit of the organization is coordinating a pan-European investigation into the use by attackers of VoIP, and Skype in particular. The origins and intention to bring the investigation to an end lie in the increasing use of Skype by Italian crime, including drug dealers, arms dealers and prostitutes who used the service to avoid detection. The purpose of the investigation, conducted by all 27 Eurojust participants, is to develop legal standards and technical methods for intercepting Internet calls.

There is currently no legal justification for intercepting VoIP calls. The police can only obtain permission from the court to wiretap landline or cell phones. And Skype agrees that calls to the city telephone network using VoIP technology are subject to the law, but the operators of city and cellular networks must be held accountable. And for calls exclusively over IP networks, there are no laws on interception.

Even if Eurojust pushes the adoption of such a law, the technical obstacles to intercepting Skype calls remain unresolved. Besides the difficulties in determining the physical location of the caller, Skype coding seems to be a big problem.

The problem is that voice encoding for transmission over IP networks occurs between two Skype clients. At the same time, two Skype clients generate encryption keys, which I transmit only to each other. Skype servers are not involved in this process, their main function is to confirm that two Skype users are now available and establish a connection. And since voice transmission takes place without the participation of Skype servers, there is no technical possibility to listen to a conversation with Skype.

Failed attempts to decrypt Skype calls by third-party tools only increase the pressure. The Bavarian IT company, which the government hired to crack the Skype protocol, was unable to do this, and Eurojust immediately stated that Skype does not cooperate with the authorities and does not provide them with tools to crack and listen to VoIP calls. In response, Skype stated that it’s “carefully reviewed Eurojust’s findings on the enforcement program and its capabilities,” and added that “it works with law enforcement when it’s legal and technically possible.”

Translation from voip-news.com to octopusline.ru