Skype denies making changes to its system to allow police surveillance
Skype, the Microsoft’s online message, phone and video chat service, has denied making changes to its system “in order to provide law officers greater access” to its members’ conversations.
It follows reports suggesting infrastructure upgrades had made it easier to hand on users’ chat data.
Skype has now posted a blog saying the changes were made solely to improve user experience and reliability.
But it added it would pass on messages to law enforcement when “appropriate”.
Concern about Microsoft’s intentions were first raised over a year ago after the Conceivablytech blog revealed the firm had filed a US patent for Legal Intercept – a technology “capable of silently copying the communication between at least two entities” on Voip (voice over internet protocol) calls.
It specifically made reference to “Skype and Skype-like applications” despite being filed in 2009, 17 months before Microsoft paid $8.5 billion to take over the service.
In May 2012 the issue was revived after security researcher Kostya Kortchinsky blogged that the firm had changed its “supernode” policy.
While in the past Skype had relied on users with high-spec systems to help its members’ computers locate each other when a call was made, the firm had now switched to a system in which all such connections were made using in-house servers.
This prompted posts on some blogs linking the move to the earlier surveillance patent which were then followed up by the news site Extreme Tech.
Reports in the mainstream media including articles by Forbes, and The Washington Post followed.
The latter said industry and government officials had told it that Skype “has expanded its co-operation with law enforcement authorities to make online chats and other user information available to police”.
It said its sources had spoken to it “on the condition of anonymity”.
Skype’s blog post said it was “false” to believe the changes it had made allowed it to monitor and record audio and video calls. It said that while its servers helped members locate each other and maintain quality, the actual call data usually bypassed its equipment going directly from one users’ equipment to another.
“Skype to Skype calls do not flow though our data centres and the <<supernodes>> are not involved in passing media (audio or video) between Skype clients,” wrote Mark Gillett, the firm’s chief development and operations officer.
But he added that group calls including more than two parties were an exception, “where a server aggregates the media streams (video) from multiple clients and routes this to clients that might not otherwise have enough bandwidth to establish connections to all our partners”.
The Washington Post article had focused on written instant messages, rather than video/audio calls.
Mark Gillett denied Skype’s moves had been designed to “facilitate law enforcement” but he did acknowledge the company would give the authorities access to messages if “a law enforcement entity follows the appropriate procedures” and the procedure was “technically feasible”.
His post suggested it would be possible to pass on messages in some instances.
“In order to provide for the delivery and synchronization of instant messages across multiple devices, and in order to manage the delivery of messages between clients situated behind some firewalls which prevent direct connections between clients, some messages are stored temporarily on our (Skype/Microsoft) servers for immediate or later delivery to a user,” he wrote.
Skype’s privacy policy acknowledges: “IM messages are currently stored for a maximum of 30 days unless otherwise permitted or required by law.”