by Robert Poe
February 24, 2009

from Voip-News Website

Skype Ltd. has long insisted that intercepting bad guys' conversations is not its concern. It's not a real phone company, because it doesn't own its own phone lines, cables or network.


That, Skype claims, makes it exempt from regulations like CALEA (Communications Assistance for Law Enforcement Act), which requires U.S. phone companies to provide law enforcement agencies with the ability to wiretap their users.


Now, however, Skype is under pressure in Europe to help authorities eavesdrop on calls criminals make using its service. One big question remains, though: whether the Internet VoIP company could do so even if it wanted to.

The latest pressure came in the form of an announcement by Eurojust, which coordinates efforts to fight cross-border and organized crime in the European Union. The announcement said the organization's Italian division was coordinating a Europe-wide investigation of the use of Internet VoIP systems such as Skype.


The impetus for the effort came from instances of Italian criminals, including arms and drug traffickers, organized crime and prostitution rings, using Skype to avoid detection. The goal of the investigation, which will include all 27 members of Eurojust, is to overcome legal and technical hurdles to interception of Internet telephony systems.

In fact, there is currently no legal basis for intercepting Internet VoIP calls. Law enforcement agencies can get court orders for tapping landline or cellular calls.


And Skype itself agrees that calls by its users that travel to and from the PSTN (public switched telephone network) are subject to wiretap laws, though it claims compliance is solely the responsibility of carriers on whose networks the calls originate or terminate. But there are no such laws covering calls that travel only over the Internet.

Even if efforts like that of Eurojust lead to the enactment of such laws, the technical obstacles to intercepting Skype calls would be considerable.


Difficulties in knowing where the Internet caller is physically located might or might not be a problem, depending on whether the laws limited the geographic scope of intercepts. A bigger problem would be Skype's encryption. According to what little is known about the system, it is difficult to break, and would be even if Skype were actively participating in the effort.

The main difficulty is that the encryption happens only between the two callers' Skype clients, which generate encryption keys and pass them to each other. Skype's servers have nothing to do with the actual encryption - their main function is confirm to each caller's client software that the other is a legitimate user. Likewise, the calls themselves don't pass through any Skype equipment or network, and Skype likely wouldn't be able to decrypt them if they did.

Failed attempts to break Skype's encryption in fact contributed to the pressure for action in Europe. In particular, an IT firm that Bavarian authorities hired to try to crack Skype was unable to do so. In its statement, Eurojust claimed that Skype won't share its encryption system with authorities.


Skype stated in response that it has,

"extensively debriefed Eurojust on our law enforcement program and capabilities." It added that it "cooperates with law enforcement where legally and technically possible."

Return to The Echelon Network

Return to The End of The Internet?