Government agencies have long considered Skype to be a tough nut to crack — or more importantly, eavesdrop on — thanks to its peer-to-peer architecture and built-in encryption. In 2008, the company even flat-out said it can’t conduct wiretaps due to that potent (and privacy-friendly) one-two punch.
However, Skype recently re-engineered the so-called “supernodes” that form the backbone of the service, placing them on company servers in secure data centers, replacing the former decentralized P2P model that turned Skype users with powerful PCs into supernodes. The Internet instantly began filling with rumors that the update was designed to give law enforcement the ability to monitor Skype calls. Were the rumors true? Can Skype and government agencies now wiretap your VOIP calls?
Skype’s response has been a bit… hazy.
After ExtremeTech posted an article about the theoretically wiretap-friendly nature of the supernode update, Mark Gillett, Skype’s Corporate VP of Product Engineering & Operations, contacted the website and said the following:
As part of our ongoing commitment to continually improve the Skype user experience, we developed supernodes which can be located on dedicated servers within secure datacenters. This has not changed the underlying nature of Skype’s peer-to-peer (P2P) architecture, in which supernodes simply allow users to find one another (calls do not pass through supernodes).
Pretty straightforward, right? Maybe not. After reading Gillett’s explanation, Slate’s Ryan Gallagher contacted Skype and asked a much more pointed question: Can Skype now facilitate wiretap requests? The company would only say that Skype “co-operates with law enforcement agencies as much as is legally and technically possible.”
Gallagher then notes that Microsoft, Skype’s parent company, was recently awarded a patent designed to make it easier to wiretap VOIP communication.
So is Skype now able to spy on its customers? Not by using the supernode servers, judging by Gillett’s explanation, but Skype’s reputation for rock-solid wiretap-free reliability has definitely been cast in question. That may not be a disaster in the U.S., where most wiretaps require a court order, but it could make users in countries with lax surveillance laws think twice before clicking on that telephone icon.