Skype has long claimed to be "end-to-end encrypted", an architectural category that suggests conversations over the service would be difficult or impossible to eavesdrop upon, even given control of users' Internet connections. But Skype's 2005 independent security review admits a caveat to this protection: "defeat of the security mechanisms at the Skype Central Server" could facilitate a "man-in-the-middle attack" (see section 3.4.1). Essentially, the Skype service plays the role of a certificate authority for its users and, like other certificate authorities, could facilitate eavesdropping by giving out the wrong keys.

This security limitation has concerned us for a long time. Last year, Chris Soghoian argued that, for this reason, "Skype is in a position to give the government sufficient data to perform a man in the middle attack against Skype users." Soghoian argued that Skype should change its design to eliminate this ability, or else disclose the risk more prominently. One way of limiting man-in-the-middle attacks would be for Skype to introduce a way for users to do their own encryption key verification, without relying on the Skype service. As Soghoian notes, that's what many other encrypted communications tools do—but such a verification option is missing from Skype. (Users may independently verify the authenticity of the keys presented by people they're talking to in encryption systems such as PGP, OTR, HTTPS, and ZRTP.) Back in 2011, we publicly asked Skype to introduce this feature, at least as an optional way for users to check they weren't being spied on. To date, no key verification feature has been introduced.

authentication dialog

Why is this security dialog (present in other encrypted messaging tools) missing from Skype? [image from]

Prior to its acquisition by Microsoft, Skype maintained some ambiguity about its interception capabilities, but occasionally indicated that the existing encryption prevented any and all wiretapping; in 2008, for example, Skype said it "would not be able to comply with" a request to wiretap a Skype user, partly due to encryption. (However, there was convincing evidence earlier this year that the company now has access to the decrypted text of users' instant messages, even though the 2005 audit report named "text" as a category of information that should be protected by Skype encryption.)

A Guardian report now seems to show the situation has changed drastically from the company's former claims on this point, stating that Microsoft has turned over Skype conversation contents to the U.S. government since at least February 6, 2011.

Microsoft's response to the Guardian contains a particularly interesting tidbit:

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues.

What could Microsoft mean by this? Why would Microsoft be legally required to "maintain the ability" to spy on users, for reasons it doesn't feel at liberty to tell us about?

It's not clear whether this statement refers directly to Skype, but it raises interesting questions, some of which Julian Sanchez ponders at Ars Technica. There's no known basis in U.S. law for forbidding Internet technology developers to create communications systems without the ability to spy on users, so it's fascinating to see Microsoft's suggestion of "legal obligations [that] require that we maintain the ability to provide information". In other contexts, the law specifically does not require technology developers to have an ability to do so. Even the Communications Assistance for Law Enforcement Act (CALEA), which requires some companies to develop wiretap capabilities, says

A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

47 USC §1002(b)(3).

(There are other reasons that CALEA itself probably wouldn't be relevant here; for example, at least for purposes of Skype-to-Skype calls, Microsoft has a strong argument for its public position that "[CALEA] does not apply to any of Microsoft’s services, including Skype, as Microsoft is not a telecommunications carrier". Of course, it's sometimes possible that CALEA gets applied to communications systems in ways that we can't see on the surface; after all, we don't get to see CALEA compliance orders or agreements.)

Suppose that Microsoft's statement does refer to the ability to surreptitiously intercept Skype calls. If Microsoft (or Skype) didn't originally have any obligation to be able to spy on users in the first place, how could it have found itself "require[d to] maintain the ability" to do so?

A secret order from the FISA Court, which might be among the "aspects of this debate" that Microsoft finds its unable to discuss, could provide a new reason why Microsoft doesn't act to better protect Skype users against eavesdropping. If the secret order required Microsoft to turn over Skype users' communications on an ongoing basis, Microsoft might fear that changing the Skype technology in a way that stopped it from complying would violate the order. It's also possible, given the New York Times report from last Sunday, that the FISA Court has secretly reinterpreted CALEA or other surveillance laws so that Internet services like Skype fall more directly under them.

If such secret orders are being renewed regularly, there might never be any span of time in which Microsoft is not subject to such an order. Continuing orders to turn over Skype users' calls could then purport to preclude Microsoft from ever changing Skype's design or feature set to make it more private.  While this is admittedly speculative, it raises a real danger: aspects of communications technology could be frozen as they were at the moment the surveillance started, under a secret order that is interpreted to prevent adding the security features to Skype that we and others have requested.

This situation would be remarkable: if it turns out to be the case, it would be a previously unknown way for the government to exercise an ongoing control and influence over the design of communications tools—potentially stopping innovation and preventing companies from choosing to roll out new privacy and security features.

Stranger still, Microsoft made another ambiguous statement on Tuesday that can be read to suggest that users won't be able to expect any communications technology to protect them against government spying in the future:

Looking forward, as Internet-based voice and video communications increase, it is clear that governments will have an interest in using (or establishing) legal powers to secure access to this kind of content to investigate crimes or tackle terrorism. We therefore assume that all calls, whether over the Internet or by fixed line or mobile phone, will offer similar levels of privacy and security.

That's certainly not the case today, legally or technically—today, different kinds of calls offer drastically different levels of privacy and security. On some mobile networks, calls aren't encrypted at all and hence are even broadcast over the air. Some Internet calls are encrypted in a way that protects users against some kinds of interception and not others. Some calls are encrypted with tools that include privacy and security features that Skype is lacking. Users deserve to understand exactly how the communications technologies they use do or don't protect them. If Microsoft has reasons to think this situation is going to change, we need to know what those reasons are.