Run a Google search on “Skype encryption,” and chances are the first hit you’ll get is a link to Skype’s encryption assurance.
That’s the one that says this:
All Skype-to-Skype voice, video, and instant message conversations are encrypted. This protects you from potential eavesdropping by malicious users.
It certainly sounds like your Skype communications are safe from prying eyes and ears, doesn’t it?
Well, maybe not, actually.
According to Dan Goodin of Ars Technica, the Microsoft-owned Skype “regularly scans message contents for signs of fraud, and company managers may log the results indefinitely. … And this can only happen if Microsoft can convert the messages into human-readable form at will.”
Ars found this out by getting an independent privacy and security researcher, Ashkan Soltani, to work with them to cook up four links created solely for the purposes of the article.
Two of those links weren’t clicked on, while the other two – one an HTTP link and the other an HTTPS link – were accessed by a machine at 18.104.22.168, which is an IP address that belongs to Microsoft.
Plenty of people were curious to know what would happen, post-Microsoft acquisition, to Skype’s years-long reticence about allowing back doors to enable surveillance.
As Slate noted back in July, Skype’s been a roadblock to law enforcement agencies, with its strong encryption and complex peer-to-peer network connections.
In 2007, Skype even went on record to say that it couldn’t conduct wiretaps because of these architectural features.
Well, that all changed pretty fast after the May 2011 Microsoft buyout.
Hackers detected what they said was an architecture change last spring that they said could possibly make it easier to enable wiretapping – a charge that Skype rejected.
Still, Skype wouldn’t confirm or deny whether it could facilitate wiretapping requests when asked point blank.
Here’s the rub: A month after the May 2011 purchase, Microsoft was granted a patent for “legal intercept” technology, designed to be used with VOIP services like Skype to “silently copy communication transmitted via the communication session.”
Was it integrated into Skype architecture? Skype’s not saying, and it’s impossible to say for sure.
But now, in fact, Ars Technica’s experiment has proved one thing for sure: Microsoft can and does peer at plaintext Skype communications.
Of course, this eavesdropping isn’t completely evil.
As Goodin’s sources point out, it’s the responsibility of services such as Skype and Facebook (which reportedly employs similar techniques) to ensure that their services aren’t used to distribute malware.
But still, perceptions of Skype being an un-tappable medium persist. As Goodin points out, that’s a dangerous presumption for dissidents, for example, to make.
For those adverse to the possibility of having their communications intercepted, consider yourself warned.