Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Communications Privacy

Microsoft May Add Eavesdropping To Skype 218

An anonymous reader writes "The U.S. Patent and Trademark Office published a Microsoft patent application that reaches back to December 2009 and describes 'recording agents' to legally intercept VoIP phone calls. The 'Legal Intercept' patent application is one of Microsoft's more elaborate and detailed patent papers, which is comprehensive enough to make you think twice about the use of VoIP audio and video communications. The document provides Microsoft's idea about the nature, positioning and feature set of recording agents that silently record the communication between two or more parties."
This discussion has been archived. No new comments can be posted.

Microsoft May Add Eavesdropping To Skype

Comments Filter:
  • GNU VoIP (Score:4, Informative)

    by Anonymous Coward on Monday June 27, 2011 @11:23AM (#36585252)

    It's coming soon...

    • So yes, it implements intercept. Obviously. Just try to sell a VOIP PBX to an operator without intercept.

      I would be amazed if skype didn't implement intercept yet.

      • by GameboyRMH ( 1153867 ) <gameboyrmh.gmail@com> on Monday June 27, 2011 @12:00PM (#36585900) Journal

        I would be amazed if skype didn't implement intercept yet.

        This. Anyone who assumed in the first place that a service accessed with a closed-source app with a secret encryption scheme going through a bunch of servers you don't control was secure is an idiot.

        • Most of us don't compete in some way against Skype. Many more software companies do compete with Microsoft. I wonder what safeguards are in place to prevent Microsoft from abusing the power of having such wiretaps.
          • Uhh... try the law?

            Microsoft may have the technical ability to intercept private conversations, but it doesn't have the legal authority.

            This should be no more worrisome than your telephone companies building in tapping capabilities, in order to comply with the federal CALEA law. And I'm writing this even though I think the CALEA law itself is a bad idea...

            What it boils down to, is that it would almost certainly take law enforcement intervention in order to do a legal interception of a conversation.
            • by sqlrob ( 173498 ) on Monday June 27, 2011 @12:48PM (#36586634)

              I think it's debatable whether or not the law protects them.

              Does the EULA grant the authority?

            • it appears the law says that a blow job isn't sex, dropping bombs on someone isn't war, and detaining someone doesn't make him a prisoner.

              i wouldn't trust "The Law" further than my biggest check.

              • it appears the law says that a blow job isn't sex

                No, it doesn't "say" that anywhere. The only time you hear the assertion that a blowjob isn't sex is from a guilty husband or boyfriend.

                The "Law" is silent on the topic of blowjobs.

                • by sqlrob ( 173498 )

                  Actually, no it's not (or rather, it wasn't until Lawrence v. Texas)

                  Blowjob = sodomy in a legal sense (in some states, anything except missionary was technically sodomy)

              • The problem is not what law says but how it's interpreted to fit 's needs.

            • Microsoft may have the technical ability to intercept private conversations, but it doesn't have the legal authority....This should be no more worrisome than your telephone companies building in tapping capabilities

              And therein lies a problem. Part of the battle about phone service over cable-originally-intended-for-TV was precisely about whether the cable operator would or wouldn't become a "common carrier" subject to the same rules as the phone company, and required to provide service to *all* locations, and required to collect the same taxes and fees - with details like being subject to the same responsibilities to not abuse their access to users' phone calls. Skype, or any other VoIP, is even further away from be

      • No kidding? From the comments you'd think this patent wasn't a method for one or more parties to record their video conversation, but some Orwellian upload to big-brother.Microsoft-1984.server. Ground Control to Major Tom... it's not eavesdropping if I'm 1/2 of the conversation.

        • it's not eavesdropping if I'm 1/2 of the conversation.

          That depends very much on the local laws.

          • True. In Canada, only one side needs to know about and authorize the taping of a conversation.

            BUT a third-party taping is obviously a HUGE nono.

            A few years ago a friend of mine went through a bitter divorce and recorded everything his (now ex) wife was saying on the phone since she kept changing her tune when in front of arbitrators.

            When the tapes came out, she spouted up and down about how illegal it was and it would never be used in courts etc. After a 10 minute recess with her lawyers the contested iss

          • Comment removed based on user account deletion
            • It depends on the state. "One party consent" states work as you described. "Two party consent" states require that BOTH (or all, if more than 2) ends of the conversation be aware that there is a recording being made. That's why any time you call a business they have the recording at the start that says the call may be recorded - to cover themselves for people who live in two-party states.

          • Eavesdropping does not equate recording, I can listen to someone's private conversation without recording it, and it's still eavesdropping. Likewise, it's not eavesdropping if I listen to a conversation I'm apart of, regardless of recording it or not. Now it may be illegal to record a conversation I'm a part of with or without notification depending on local laws, however in either case, this patent has nothing to do with the summary and link that says, in not so many words, "Microsoft filed for a patent t

            • Well, turnabout being fair play, how's this:

              Microsoft (and many others) use copyright law to control my right to run their software, because, they assert, in order to get the software from the distribution medium into my computer where it can be run, I must make a copy of the software, and the legal mechanism whereby they exert their control is by specifying, by their copyright, the conditions under which I may make this copy.

              I assert, on the same basis, that the nature of digital media are such that any te

        • by icebike ( 68054 )

          True, as one of the parties you have the right to record (in most jurisdictions), but the patent wasn't about client side recording.

          This isn't about the availability of user-side recording, which I believe is already in Skype clients.

          TFA says:

          The patent does not mention an eavesdropping module that is integrated into the client software. However, it describes recording agents that can be placed in a multitude of devices, including routers. There is also the note of a recording agent software that represents “a software module that logically and/or physically sits between the call server and the network.” According to Microsoft, the agent will have access “to each communication sent to and from the call server,” which clearly refers to the general infrastructure of a VoIP service and network.

          So two levels of intercept are explained here, one that might live an a router (potentially any router in the path) and the second runs on the server. Since the server in skype could be any one of the supernodes Microsoft can start silently record any calls to or from

      • There is no need for amazement. Its already been covered they allow for it. I honestly don't see what the news here is. Microsoft creates yet another patent on something which is not only commonly done every day, but mandated by governments around the world.

        Next on slashdot - people move and technology helps them do so.

        • Indeed. CALEA, as applied to digital communications, came into force in May 2007. At that point, all US network providers were required to file a report of comprehensive intercept capability or face a $10,000/day fine from the FCC. For this to be achievable, network devices with this capability had to be widely available well ahead of the deadline, and indeed they were. That in itself looks like prior art to me.

          You'll notice that RFC 3924 [ietf.org] has a section dedicated to VOIP. It was published in October
    • Re:GNU VoIP (Score:4, Insightful)

      by Hatta ( 162192 ) on Monday June 27, 2011 @11:38AM (#36585514) Journal

      What ever happened to PGPfone? That's what we need a GNU equivalent for.

    • Direct to user voice exists. Why would you use anything else? Well, I guess if your too lazy to download and install the application on your Linux/BSD box.

  • by Freddybear ( 1805256 ) on Monday June 27, 2011 @11:25AM (#36585294)

    Time to start working on an audio stream encryption front end.

    • by goombah99 ( 560566 ) on Monday June 27, 2011 @11:59AM (#36585870)

      The problem with audio stream encryption is that it will be before the compression codec. When you feed uncompressed but encrypted audio into the skype codec expecting voice it either wont' be able to compress it enough to send, or very bad things will happen to the signal and it probably can't be decrypted. If you try compressing it first, then you are still screwed when you try to decrypt it.

      In the 80's when CB radio took off people tried building encryptors for that but it pissed the feds off and they got shut down.

      • by GameboyRMH ( 1153867 ) <gameboyrmh.gmail@com> on Monday June 27, 2011 @12:03PM (#36585946) Journal

        Or instead of adding this Rube Goldberg contraption on top of Skype, just use any free and open VoIP protocol that already supports encryption. There are plenty to choose from.

      • by icebike ( 68054 )

        The problem with audio stream encryption is that it will be before the compression codec.

        Why wouldn't it be possible to encrypt AFTER the codec. Bits is bits, No?

        Also CB radio by law was never authorized to send encrypted messages. It was always illegal just as it is illegal for ham radio operators to use encryption. Manufacturing something that has as its only use a function that violates the law is bound to be unprofitable if not outright illegal.

    • Just talk in Navajo!

  • by Animats ( 122034 ) on Monday June 27, 2011 @11:26AM (#36585314) Homepage

    Worse, they'll probably put eavesdropping in the audio path of the PC (where the DRM is now), so that no crypto software on the client end can bypass it.

    • Nothing that a Linux install CD wont fix...

    • What about the Mac or iOS versions?
  • Wow .... (Score:5, Insightful)

    by gstoddart ( 321705 ) on Monday June 27, 2011 @11:31AM (#36585404) Homepage

    So, when they install tools for our government to spy on us, it's supposed to be a good thing.

    And when they do it to help other governments we don't agree with, it's an enemy to democracy and helping to undermine the ability of peaceful protest.

    Love the double standard inherent in this. Maybe we can use the stuff the US is working on to stealthily deploy an internet in places to get around 'oppressive regimes' to prevent wholesale, un-tracked monitoring of our communications.

    Oh, right, if you call yourselves the good guys, it's all OK. But, make no mistake about it ... this will help the 'Bad Guys' as much as it will help the 'Good Guys' ... China wants to listen to your VOIP too.

    • by Sir_Sri ( 199544 )

      Sure. But I seriously doubt that governments around the world, including the US, were going to continue to allow such a widely used piece of software circumvent existing law enforcement capabilities. Microsoft is big enough I'm sure they'd *have* to allow wiretapping, just as google is big enough they *have* to try and do something about copyrighted material on youtube. I'd be surprised if skype has been small enough to stay under the radar this long honestly.

      When you're small you can get away with it.

      • by icebike ( 68054 )

        But I seriously doubt that governments around the world, including the US, were going to continue to allow such a widely used piece of software circumvent existing law enforcement capabilities.

        Skype has been wire tap-able by national agencies for a long time. You don't see the government bemoaning their in-ability to break skype encryption do you? The reason they aren't bitching about this is because they already broke the encryption (and blamed it on the Chinese) years ago.

    • Just FYI, Xbox Live already does this. All data sent over the Xbox Live network is encrypted, *except* voice communications. This is to allow Federal agencies to listen-in if required.

      So this isn't a big shock; Microsoft buys a VOIP product, changes it to comply with policies it's already established for VOIP products.

  • Oh good. So Microsoft can use this patent to prevent anyone from eavesdropping on VIOP calls.

    I'm _SO_ sure that's why they want it.

    --Joe

  • by the_raptor ( 652941 ) on Monday June 27, 2011 @11:36AM (#36585484)

    Now only Microsoft products will be able to have this feature! Other developers can just tell the police that adding intercept technology to their VOIP product would be a patent violation.

    • But if a law was passed stating all VOIP services operating in the USA had to have this technology, you might be forced to license the technology, of not offer your services in the United States. You might think they can't do that, but I can't see why not. You would either have to license the patent from MS, develop your own technology for doing the same that didn't infringe on the patent (entirely possible, depending on patent), or just bow out, and not offer your services. I'm sure that there's been ot
  • by Beautyon ( 214567 ) on Monday June 27, 2011 @11:38AM (#36585516) Homepage

    Zfone is a new secure VoIP phone software product which lets you make encrypted phone calls over the Internet. Its principal designer is Phil Zimmermann, the creator of PGP, the most widely used email encryption software in the world. Zfone uses a new protocol called ZRTP, which has a better architecture than the other approaches to secure VoIP.

    * Doesn't depend on signaling protocols, PKI, or any servers at all. Key negotiations are purely peer-to-peer through the media stream
    * Interoperates with any SIP/RTP phone, auto-detects if encryption is supported by other endpoint
    * Available as a "plugin" for existing soft VoIP clients, effectively converting them into secure phones
    * Available as an SDK for developers to integrate into their VoIP applications
    * IETF has published the protocol spec as RFC 6189, and source code is published

    [...]

    http://zfoneproject.com/ [zfoneproject.com]

    • Apparently little has changed on the Zfone web site since 2007. The download has been unavailable since 29 January 2011. [zfoneproject.com]

      Anyone have a link to a download?
      • Re: (Score:2, Informative)

        by Anonymous Coward

        There is a GNU implementation for ZRTP available, C++ and Java, which is used in the following
        client:
        - Twinkle (C++ SIP client, needs some know-how to build it)
        - Jitsi (former SIP Communicator), a Java based Client, available for Linux, Windows, Mac,
        often "ready-to-go" installation packages availbel (some Linux, Windows, Mac). Active development.
        - CSipSimple - an Android clinet that supports ZRTP
        - some iPhone clients are currently under development AFAIK

        and the development goes on (for exampl

    • It seems that Twinkle [xs4all.nl] even supports ZRTP and is compatible with Zphone but the instructions I found to set it up [rayservers.com] are the perfect example of why Skype is so successful (compare with install / create account / it works... )
    • by dkf ( 304284 )

      Does it require both ends to be not behind significant firewalls? The good feature of Skype for the majority of users was its ability to get connections past a majority of firewalls without network admins having to do lots of work. (I know of one place that has trouble, and that's because the admins there block just about everything and use a horrible firewall for everything else, so placing safety as more important than the ability to work. I don't know if any of them are actually called Mordac...) Having

  • Jojin and HedgeHog from Bugemos.com made a comic strip about this [trustport.com] 2 weeks ago. And it's not their first comic strip prophecy which turned out to be true.
  • Really, I am curious. Does this surprise anyone ?

  • OK, so now there is verification. But did anyone think things would go any other way?
  • by Florian Weimer ( 88405 ) <fw@deneb.enyo.de> on Monday June 27, 2011 @12:20PM (#36586232) Homepage

    For a while, transcripts of Skype calls have been showing up in German court records. Law enforcement already has got access, probably through a variety of means.

  • by harves ( 122617 ) on Monday June 27, 2011 @12:21PM (#36586250)

    In other news, Microsoft may:
      * add image processing [to Skype]
      * add remote document scanning [to Skype]
      * add virtual machine technology [to Skype]
      * add clustering capabilities for seriously big high definition video technology [to Skype]

    I'm quite sure Microsoft has patents on all the above, but none are alarming enough to mention. This article is FUD. Absolutely no link has been drawn between the Skype product and this patent, except that Skype does voice transmissions and this patent is for a system that intercepts them.

    Also, I believe Skype uses a peer-to-peer method for communicating between nodes, which would make it hard to apply this patent to Skype anyway. The peer-to-peer nature of Skype is why the last big outage took quite a while to resolve. They couldn't just "reboot their servers"; updated software had been deployed to the nodes (ie. you) and was malfunctioning.

  • So this records voip calls in the same way you can record pots calls ?

    How is this patentable as not obvious ?
  • Any company offering a VoIP service is, I would think, legally *required* to provide law enforcement with a means to do a wiretap.

    If the Law gets a Warrant, that's quite appropriate according to the Constitution.

    If you want untappable VoIP, you'll need to use a direct, encrypted connection, and better hope the NSA hasn't figured out how to crack the cipher you pick.

    Going through any third-party service (Skype, Google Talk, etc), is just asking to be tapped.

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis

Working...