May 21, 2013
Your Skype Messages May Not Be Safe From Cyber Snooping
Lee Rannals for redOrbit.com - Your Universe Online
Technology news website Ars Technica says it discovered that Microsoft may be snooping into those private messages being sent over Skype.
The tech website found that the Microsoft-owned service regularly scans messages for signs of fraud and then holds on to that information indefinitely. The site utilized the skills of security researcher Ashkan Soltani to look into just how secure Skype's message service really is.
Soltani was able to show that Microsoft not only has the ability to look at plaintext sent from one Skype user to another, but the company also regularly utilizes its monitoring abilities.
"The problem right now is that there's a mismatch between the privacy people expect and what Microsoft is actually delivering," Matt Green, a professor specializing in encryption at Johns Hopkins University, told Ars.
"Even if Microsoft is only scanning links for 'good' purposes, say detecting malicious URLs, this indicates that they can intercept some of your text messages. And that means they could potentially intercept a lot more of them."
In January several privacy groups sent a letter to Skype Division President Tony Bates as well as Microsoft´s Chief Privacy Officer Brendon Lynch and Microsoft General Counsel Brad Smith, asking them to reveal whether law enforcement is able to eavesdrop on Skype phone calls. A spokeswoman told BBC at the time that "Microsoft has an ongoing commitment to collaborate with advocates, industry partners and 2,112 governments worldwide to develop solutions and promote effective public policies that help protect people´s online safety and privacy."
Reports emerged last July about how Microsoft changed Skype's architecture in order to allow for easier snooping. Several sites claimed Skype switched from some of the peer-to-peer network technology to work on its own servers instead, which ultimately would make it easier to "wiretap" conversations. Skype responded in a blog post defending the changes it has made, saying it only complies with law enforcement when it is required.
“Skype´s architecture decisions are based on our desire to provide the best possible product to our users. Skype was in the process of developing and moving supernodes to cloud servers significantly ahead of the Microsoft acquisition of Skype," the company wrote. "Our position has always been that when a law enforcement entity follows the appropriate procedures, we respond where legally required and technically feasible."
What Microsoft does with the messages it stores is yet to be seen, but what is for sure is that users can be certain that their conversations on Skype are not entirely safe from snooping.