Krassimir Tzvetanov: > To the best of my knowledge in Russia (no, I'm not Russian nor have lived > there so I'm not 100% sure) you need to submit a copy of the private key if > you are operating a website providing encryption on their territory to > allow for legal intercept. > > They also have other provisions about wiretapping and monitoring which > would mean that Skype really has not options if they want to _legally_ > operate there... It's just the way the local legislation is rather than a > function of how Skype is. They are just following the law. Now if somebody > does not like the law there are other ways to approach this but > breaking/violating it is usually one that is not effective. > > I think this discussion is focusing too much into the technical details and > forgets a simple detail - doing some of those things to increase privacy > may itself be _illegal_ in certain jurisdictions which make this even more > fun. > > It's not impossible but it is usually very difficult to provide technical > solutions to political/politics problems. That's of course just my > experience :) > > Cheers, > Krassimir
Hi, I'm late to the party on this list but I've been worried about these kinds of backdoors in Skype for quite some time. My worry partially comes from the common rumors, of which there are many, though it is largely the existential proof, the economic, the political and the social contextual issues that raise the largest concerns in my mind. As we've seen with Cisco, we know how some of these so-called lawful interception systems are implemented: http://www.cisco.com/web/about/security/intelligence/LI-3GPP.html This patent by Microsoft may be of interest to those looking into Skype, automated interception and probably many other kinds of interception - note that this is not just a matter of recording, it in fact *tampers* with the data: "Aspects of the subject matter described herein relate to silently recording communications. In aspects, data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent. Modification may include, for example, adding, changing, and/or deleting data within the data. The data as modified is then passed to a protocol entity that uses the data to establish a communication session. Because of the way in which the data has been modified, the protocol entity selects a path that includes the recording agent. The recording agent is then able to silently record the communication." http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=1&f=G&l=50&d=PG01&p=1&S1=20110153809&OS=20110153809&RS=20110153809 Note that this is from 2009 and the Skype purchase was not finalized until 2011. Perhaps the authors (Ghanem; George; (Redmond, WA) ; Bizga; Lawrence Felix; (Monroe, WA) ; Khanchandani; Niraj K.; (Redmond, WA)) of that patent are open to discussing how they might improve on their patent for a peer to peer system as deployed today? :) Skype is clearly inspecting the entire message and right now, we have an existential proof that they extract at least HTTP and HTTPS urls and process them in some fashion. I suspect that it would be a useful idea to insert many different kinds of protocols to see the depth of the rabbit hole probing, so to speak. http://user@password:www.example.com/secret-area magnet://[hash] ftp://ftp.example.com https://user@password:www.example.com/secret-area telnet//user@password:telnet.example.com I would also suggest that we might try a few hacks to determine where the parsing, inspection and extraction of interesting data is or isn't taking place. As an example - run Skype in a virtual machine, type a message - delay the message sending to the network, freeze the virtual machine and flip a single bit in the url already in the outbound message queue. This isn't trivial to do with Skype by any means but it most certainly isn't impossible for someone with the inclination. We know that Skype clients sync up the social graph of a given user; they call this a buddy list. This suggests that information in the directory of clients and the linked list for relationships is stored on their servers - is it encrypted in a way that may not be recovered by anyone other than the user? Skype dynamically routes calls to devices, does this imply that the location of the user is disclosed to the network or stored in some kind of time series data structure? Chat message history is in sync across clients, how is this data stored? Messages may be queued for a given user - how are these messages encrypted, authenticated and retained to ensure integrity during the queuing? We also know that Skype is able to call out with the feature SkypeOut - so we know that someone has to comply with CALEA - even if it isn't Microsoft, the calls/sms hit a VoIP gateway or the SS7 network somewhere. Who peers with them? Have any telecom switch operators attempted to trace these calls and openly published the metadata that is normally not available to end user telephone systems? This is among many other "features" that deserve a discussion and by no means an exhaustive list. We see that there is a great deal of pressure around the world to allow for interception: http://www.rudebaguette.com/2013/03/12/skype-may-face-criminal-charges-if-it-doesnt-let-french-police-listen-in-on-skype-calls/ We also see that there are variants of Skype that *do* inspect text that is on censorship lists: http://www.businessweek.com/articles/2013-03-08/skypes-been-hijacked-in-china-and-microsoft-is-o-dot-k-dot-with-it http://cs.unm.edu/~jeffk/tom-skype/ The above of course says nothing of the Tom Skype fiasco that included untold numbers of unecrypted chat messages being logged on open web-servers as exposed by Citizen Lab as well as others. We see that location privacy is clearly not a priority and if it is, they've failed at the goal: http://community.skype.com/t5/Security-Privacy-Trust-and/Easy-way-to-lookup-IP-address-of-a-skype-username/td-p/689903 http://bits.blogs.nytimes.com/2011/11/29/skype-can-expose-your-location-researchers-say/ To distinguish how this failure happens, I propose a simple experiment. It should be possible to give a Skype client a public IP and then transparently route all traffic it over Tor - if the Skype client reports on its IP to the network, it will give the public IP bound to the interface, if it does it through some network activity or if the network service discovers the IP, the Tor exit node IP will be disclosed. I suspect there are a few other variants and different internal Skype systems likely have access to different IP addressing information. Chat syncing supposedly happens between clients that are online, though one wonders how this connection is internally authenticated, as well as if anyone may simply remotely pull the chat logs from a given client: http://community.skype.com/t5/Windows-desktop-client/Chat-History-on-Multiple-Computers-Retaining-one-deleting-other/td-p/159190 http://community.skype.com/t5/Security-Privacy-Trust-and/Is-chat-history-stored-on-Skype-servers/td-p/472379 Note that Skype claims that they do store this for ~30 days: http://www.skype.com/en/legal/privacy/#12 Really though, I don't know how clear cut their backdoor needs to be disclaimed than the following text from the above link: "Skype will retain your information for as long as is necessary to: (1) fulfill any of the Purposes (as defined in article 2 of this Privacy Policy) or (2) comply with applicable legislation, regulatory requests and relevant orders from competent courts. "Retention of Instant Messages, Voicemail Messages, and Video Messages (Skype internet communications software application only) "Your instant messaging (IM), voicemail, and video message content (collectively “messages”) may be stored by Skype (a) to convey and synchronize your messages and (b) to enable you to retrieve the messages and history where possible. Depending on the message type, messages are generally stored by Skype for a maximum of between 30 and 90 days unless otherwise permitted or required by law. This storage facilitates delivery of messages when a user is offline and to help sync messages between user devices. For IM, if you have linked your Skype and Microsoft accounts, you may have the option to choose to store your full IM history for a longer period. In that case, your IMs may be stored in your Outlook.com Messaging folder until you manually delete them. For Video messages, you may also choose to store messages for an extended period if the sender is a Premium Member. "Skype will take appropriate technical and security measures to protect your information. By using this product, you consent to the storage of your IM, voicemail, and video message communications as described above. Yowza! There are specific properties that many desire from a communication system. It seems that we have seen reports of some of these things working in a way that suggests most of it is done in the simplest manner possible: without strong cryptography, if any cryptography, and without strong technical privacy of any sort. Often technically illiterate journalists, especially Microsoft apologists, will suggest that Skype is encrypted - this is of course hand waving bordering on masturbation - of course there is encryption of sorts. The questions are about what data is stored, who has access to that data and how that data is protected - these issues are absolutely not disclosed in any meaningful sense - not the least of which is with the source code of an end user client that we are welcome to analyze openly. I might add that some tactical hacking shops have a collection of 0day for Skype that is used to break into "suspects" computers for insertion of malware. My guess is that this is so common that it is commercially supported by backdoors. This likely includes Remote Control System's Hacking Team tools, a.k.a. DaVinci and FinFisher, which we know uses Skype's API directly: https://twitter.com/botherder/status/334775398904758273 I should also add that I had the chance to meet one of the founders of Skype last week. I encourage people to reach out to the founders and to directly and politely, ask about interception capabilities, legal requirements as well as architectural designs; most of this is pre-Microsoft, of course. Still we'll begin to understand the historical context for the current behaviors, we may even find historical behaviors that match present behaviors. I would also suggest looking at the court dockets and cases filed in Luxembourg. I suspect that the number of lawful orders is not zero and that the number of times data has been returned is also not zero. So to summarize, we have strong evidence or admission from Skype and/or Microsoft for the following: Skype logs chat, buddy list, audio, video, email address and more. Data is stored/disclosed to third parties in various circumstances. Data is unencrypted and data-mined by machines. Data is used by Skype/Microsoft for various reasons. Skype API is used by malware used by thug pigs in dictatorships. Skype API is used by malware used by Honest Cops in the Free World. Skype's binary is obfuscated to prevent analysis by reverse engineers. SkypeOut touches networks that must be CALEA compliant. I wouldn't use this for activism anywhere in the world. I can't imagine that it would be reasonable for victims of domestic violence, amongst other likely users, to use it either. Perhaps Microsoft will fix all of these things? And if they're not interested in fixing it, perhaps they might comment on it and line by line confirm, deny or explain these issues? The Microsoft Law Enforcement Requests Report seems to suggest that they're open to hearing from the wider community: http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency I've cc'ed the email mention on their transparency report - I did this previously and never received a substantial reply; perhaps this time? All the best, Jacob _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
