Future Tense

Skype Won’t Say Whether It Can Eavesdrop on Your Conversations

Since Microsoft bought Skype, has the chat client started working more with law enforcement?

Photo by Justin Sullivan/Getty Images

New surveillance laws being proposed in countries from the United States to Australia would force makers of online chat software to build in backdoors for wiretapping. For years, the popular video chat service Skype has resisted taking part in online surveillance—but that may have changed. And if it has, Skype’s not telling.

Historically, Skype has been a major barrier to law enforcement agencies. Using strong encryption and complex peer-to-peer network connections, Skype was considered by most to be virtually impossible to intercept. Police forces in Germany complained in 2007 that they couldn’t spy on Skype calls and even hired a company to develop covert Trojans to record suspects’ chats. At around the same time, Skype happily went on record saying that it could not conduct wiretaps because of its “peer-to-peer architecture and encryption techniques.”

Recently, however, hackers alleged that Skype made a change to its architecture this spring that could possibly make it easier to enable “lawful interception” of calls. Skype rejected the charge in a comment issued to the website Extremetech, saying the restructure was an upgrade and had nothing to do with surveillance. But when I repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming. Citing “company policy,” Skype PR man Chaim Haas wouldn’t confirm or deny, telling me only that the chat service “co-operates with law enforcement agencies as much as is legally and technically possible.”

So what has changed? In May 2011, Microsoft bought over Skype for $8.5 billion. One month later, in June, Microsoft was granted a patent for “legal intercept” technology designed to be used with VOIP services like Skype to “silently copy communication transmitted via the communication session.” Whether this technology was subsequently integrated into the Skype architecture, it’s impossible to say for sure. Perhaps Skype’s reason for refusing to answer the interception question is because Microsoft has instituted a stricter media strategy than back in 2008. Either way, looking at Skype’s privacy policy today, it’s clear the company is certainly in a position to hand over at least some user communications to authorities if requested.

Under Section 3 of the privacy policy, it is stated that Skype or its partners “may provide personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority lawfully requesting such information.” It also notes that instant messages sent over Skype will be stored for a maximum 30 days “unless otherwise permitted or required by law.”

It is perhaps unsurprising that, with 663 million registered users reported last year, Skype has come under pressure to enable interception of calls.

The overarching concern, though, is not the interception requests per se—it’s that Skype isn’t being candid about the status of its relationship with law enforcement.

 The company could learn a great deal from Google’s transparency reports, detailing requests it receives from authorities on a semi-annual basis. Without openness Skype will lose trust, and without trust it will lose users. Some are already migrating elsewhere, turning to alternatives like Jitsi, which enables end-to-end encryption and a level of security that can no longer be taken for granted with Skype.