Also adding to the evidence there was this story in which minutes were leaked from an Austrian counter terrorism meeting that stated that skype has a backdoor that helps the Austrian government listen to communications:
"At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations. This has been confirmed to heise online by a number of the parties present at the meeting. Skype declined to give a detailed response to specific enquiries from heise online as to whether Skype contains a back door and whether specific clients allowing access to a system or a specific key for decrypting data streams exist. " http://www.h-online.com/security/news/item/Speculation-over-back-door-in-Skype-736607.html On Sat, May 25, 2013 at 10:20 AM, Ethan Heilman <[email protected]> wrote: > >I missed that one--do you have a URL? (I don't know German.) > > Sure, here is the translated quote from Kurt Sauer, head of the security > division of Skype: > > ZDNet: What is the answer to my question, even if you can not listen to >> Skype calls? >> Sauer: We answer to this question: We provide a safe communication option >> available. I will not tell you whether we can listen to it or not. > > > or in original German > > ZDNet: Was ist dann die Antwort auf meine Frage, ob selbst Sie >> Skype-Telefonate nicht abhören können? Sauer: Wir antworten auf diese >> Frage: Wir stellen eine sichere Kommunikationsmöglichkeit zur Verfügung. >> Ich werden Ihnen nicht sagen, ob wir dabei zuhören können oder nicht. > > > found here > http://www.zdnet.de/39151472/telefonieren-uebers-internet-wie-sicher-ist-skype-wirklich/ > > > >Again--not a religious/ideological question; merely, "is there any > evidence > of Skype ever having been in-line-intercepted"? I can't find it. > > I would agree there is no smoking gun, but there is not likely to be > smoking gun. The question is can skype if it wanted to, could it allow a > third party to intercept your communications and the answer is yes. The > second question is would it do so, if you believe their privacy policy > which might be there to just cover their ass, then the answer is yes. > Finally what have companies in similar situations done in the past, and the > answer is that they have always cooperated. This shouldn't be shocking, > skype helps with Chinese government censorship. > > The central issue for me is that skype can force update itself ( > http://community.skype.com/t5/Windows-desktop-client/Forced-update-done-with-Skype/td-p/108692). > Such a capability is a backdoor, the question is if they will feel > compelled to use it. > > This is a much larger issue than skype, any software that can force update > itself, like most modern software, has a defacto backdoor. How can we > design systems that can be remotely updated by third parties without having > to completely trust those third parties? > > > > On Fri, May 24, 2013 at 11:33 PM, Eric S Johnson > <[email protected]>wrote: > >> > The evidence as I understand is this: >> > 1. Skype has said in the german press that they can >> > listen to communications >> >> I missed that one--do you have a URL? (I don't know German.) >> >> > 2. Russian intelligence has said in the Russian press that Skype >> > allows them to listen to communications >> >> Well ... "the Russian press has reported ..." ... but do we consider the >> Russian press a reliable source of information? Having lived in Russia for >> many years (and reading the articles in the original), I'd say "not >> particularly, no." (That Vedomosti report has been the subject of much >> skepticism in the Russian blogosphere.) >> >> > 3. The Skype privacy policy explicitly states that they will allow LE >> > access to all communication when feasable >> >> Right--but that's not evidence that "it's feasible," only that "if it were >> feasible, Skype would do it when LEAs make a proper request." >> >> > 4. Skype appears to be able to read URLs sent >> > which sparked this email thread >> >> Oh, it's been true for nearly 2 yrs that newer versions of Skype upload >> copies of all IM sessions to MS's servers, and that's clearly stated in >> Skype's Terms of Service. Sure. But that's not at all the same thing as >> "intelligence agencies are intercepting and reading Skype." (I do think >> it's >> strange MS's transparency report a couple months ago says they've not >> provided to LEAs any actual Skype content--only metadata; the existence of >> those IM logs, even if only kept for 30 days, would be (you'd think) of >> interest to LEAs.) >> >> Again--not a religious/ideological question; merely, "is there any >> evidence >> of Skype ever having been in-line-intercepted"? I can't find it. (Am not >> asserting it's the safest communications method in the world, just asking >> this particular question.) >> >> As an aside, I bet we could easily identify older versions of Skype (which >> still work fine) which don't upload IM session history to MS servers--in >> case someone wants to effectively "turn off" that "feature." >> >> >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
