Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

European Crackdown On Skype "Loophole"

timothy posted more than 4 years ago | from the only-the-suspicious-ones-of-course dept.

Privacy 230

angry tapir writes "Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown on what law authorities believe is a massive technical loophole in current wiretapping laws, allowing criminals to communicate without fear of being overheard by the police. Eurojust, a European Union agency responsible for coordinating judicial investigations across different jurisdictions, has announced the opening of an investigation involving all 27 countries of the European Union."

cancel ×

230 comments

Sorry! There are no comments related to the filter you selected.

"Allowing Criminals" (4, Insightful)

Spazztastic (814296) | more than 4 years ago | (#26956173)

Or allowing law abiding citizens to speak with their relatives in hostile countries without worry of big brother listening.

Re:"Allowing Criminals" (5, Insightful)

TheRaven64 (641858) | more than 4 years ago | (#26956211)

And what sensible criminal would use Skype anyway? If you care about potential eavesdroppers, you don't use proprietary encryption, and especially not proprietary encryption over a proprietary protocol that has been shown to be insecure (see the Black Hat paper).

If you want security, run SIP over SRTP, with clients that have undergone third-party security audits.

Re:"Allowing Criminals" (4, Interesting)

orzetto (545509) | more than 4 years ago | (#26956725)

If criminals knew that much about IT, they would have an IT career, not a criminal one.

Most criminals are at best casual users of computers. While they might hire a whiz kid to encrypt their calls, that is quite rare: hiring someone from outside the criminal environment to encrypt communications opens a much larger security hole than Skype ever could.

You are assuming that the knowledge level common here on Slashdot is common in the real world. It isn't. I remember that Bernardo Provenzano, head of the Sicilian Mafia, used a Caesar cipher using a bible as key to send its orders around, and someone here on Slashdot commenting "what, he does not know of PGP?!?".

Re:"Allowing Criminals" (3, Interesting)

mdwh2 (535323) | more than 4 years ago | (#26956771)

If criminals knew that much about IT, they would have an IT career, not a criminal one.

Unlikely - that argument might work for petty thieves, but not major criminals, especially terrorists whose motivation is often not money in the first place.

Re:"Allowing Criminals" (4, Insightful)

morgan_greywolf (835522) | more than 4 years ago | (#26956827)

You're kidding right? IF terrorists can learn to fly a jumbo jet, which, mind you, is a very complex beast that requires a lot of training, simulator, and real-world flying time to be able to fly one, or if they can become munitions experts, what's to stop terrorists from becoming IT experts?

Nothing. Nothing at all. Terrorists can take the same classes you took, take the same training you took, and learn as much about IT as you did.

Anyone determined enough to kill a bunch of people in order to achieve notoriety for their cause can learn just about anything if they think it will help them achieve their gol.

Errata (1)

morgan_greywolf (835522) | more than 4 years ago | (#26956849)

s/gol/goal

Re:"Allowing Criminals" (2, Funny)

N Monkey (313423) | more than 4 years ago | (#26956879)

You're kidding right? IF terrorists can learn to fly a jumbo jet, which, mind you, is a very complex beast that requires a lot of training, simulator, and real-world flying time to be able to fly one,

Surely, "the flying" of a modern jet is not the difficult part - it's "the landing".

Re:"Allowing Criminals" (1)

thethibs (882667) | more than 4 years ago | (#26956873)

Bernardo Provenzano, head of the Sicilian Mafia, used a Caesar cipher using a bible as key

Huh? The key to a Caesar cipher is an integer between 1 and 25. Where does the bible fit in?

Re:"Allowing Criminals" (1, Funny)

Anonymous Coward | more than 4 years ago | (#26957109)

GOD created the universe! Don't laugh, I've heard this used as an argument before.

Re:"Allowing Criminals" (0)

Anonymous Coward | more than 4 years ago | (#26957183)

A key of 26 is the most secure, obviously.

Re:"Allowing Criminals" (2, Interesting)

morgan_greywolf (835522) | more than 4 years ago | (#26956747)

Not to mention that just about anything can be tunneled through SSH. And exactly what exists to stop terrorists or other criminals from simply creating their own protocols? Do they think that law-abiding citizens have some sort of monopoly on computer geeks? I think almost any decent network programmer with some sort of communications security background should be able to come up with an entirely new, secure protocol from scratch.

Probably they should just outlaw the whole Internet and all forms of encryption if their goal is to prevent criminals and terrorists from communicating in ways that can't be monitored.

Re:"Allowing Criminals" (2, Informative)

Hal_Porter (817932) | more than 4 years ago | (#26957111)

I think you're overestimating the terrorists. At least in the UK they try to make explosives and mess it up [wikipedia.org] , try to ram a building with a car without checking the bollard spacing [wikipedia.org] , and so on.

I read that in Operation Crevice they thought that web based emails could not be intercepted if they were saved in Drafts rather than sent. Needless to say this isn't the case.

Actually I sort of wonder about jihaadi websites recruiting people to fight in Iraq/Afghanistan too. Soon after 9/11 a lot of websites were shutdown. It's not impossible that all the ones left are either working for the intelligence services or bugged by them. Certainly lots of people going to fight abroad seem to get picked up by allied intelligence services.

In an odd sort of way, being able to intercept people who actually want to use force against the liberal system allows you to let them keep walking around. It's a bit like virtualisation - if you know you can catch all the attempts to bring down the system, you can leave people free to everyone try, which is sort of the point of a free society. And it's not like there aren't checks and balances - Parliament has to approve the laws and juries have to approve the convictions. And the media is free to point out if the convictions are unjust.

Of course, having non virtualisable things like Skype messes this scheme up. But look at the big picture here - historically free societies that don't protect themselves against their internal enemies got replaced with much less liberal societies. It seems like you have a choice between stable tyranny, and or a democracy that protects itself. Anarchy is just a gateway state to tyranny, it is not a model for a stable society.

Re:"Allowing Criminals" (2, Insightful)

linhux (104645) | more than 4 years ago | (#26956823)

You mean the paper [blackhat.com] that explicitly concluded that "Skype was made by clever people" and "Good use of cryptography"?

Yes, it has weaknesses, but unless you get your victim to run a trojanized Skype (at which point they'd be screwed either way), it still seems reasonably secure. Oh, and of course you trust Skype Inc anyway, if you're running their binary.

That said, Skype is inherently scary, and I'd naturally advocate an open source, peer-reviewed system. I just get the feeling that many people misinterpreted that paper.

Re:"Allowing Criminals" (0)

Anonymous Coward | more than 4 years ago | (#26957125)

That said, Skype is inherently scary, and I'd naturally advocate an open source, peer-reviewed system. I just get the feeling that many people misinterpreted that paper.

Well there is a lot of open-source stuff out there (Asterisk, etc). Even open-source commercial stuff like Gizmo. However, none of them can compete with Skype as far as cheap POTS access goes. The Skype software is buggy and sometimes I don't get incoming calls but damn if it isn't cheap. I have been using Skype as my primary phone for about a year now. I hate the fact that it's closed and I hate the bugginess but there is nothing else even close price-wise.

I pay about $50 per year for unlimited long distance, cheap international and an incoming phone number. If there is an alternative in that price range that I could use with say Asterisk or something then please let me know because I haven't seen it.

Re:"Allowing Criminals" (1)

jambox (1015589) | more than 4 years ago | (#26956891)

What sensible criminal would try to blow up a plane with a mixture of Tang and hair bleach, while carrying a USB stick with an unsecured .xls of potential bomb targets on it?

http://news.bbc.co.uk/1/hi/uk/7894755.stm [bbc.co.uk]

Sensible criminals like the Russian mafia and the Coumbian drug cartels have gotten western intelligence services beaten all ends up. Being able to spy on loonies who just might cause some serious damage is understandable enough, isn't it?

Re:"Allowing Criminals" (0)

Anonymous Coward | more than 4 years ago | (#26957175)

one trying his best to get caught? half of terrorism seems to exist for the sole reason of creating reason to take political action. start wars etc. if you want to do something but have no good excuse(eg start war in afgan) you just fabricate a terror attack, very convenient

Re:"Allowing Criminals" (2, Insightful)

fastest fascist (1086001) | more than 4 years ago | (#26956225)

Yes yes, but obviously governments will rarely, if ever, welcome technology that increases the power of the citizen. They are there to *govern*. In other words, no government will much give a damn if a hostile country listens in on calls made into their territory if preventing that means any decrease in their own ability to conduct surveillance. They were fine with it before Skype, why would they care now?

Re:"Allowing Criminals" (1)

MindKata (957167) | more than 4 years ago | (#26956369)

"In other words, no government will much give a damn if a hostile country listens in on calls made into their territory if preventing that means any decrease in their own ability to conduct surveillance. "

Thats not entirely true. They do care if hostile country listens in on calls, but they only care if they are going to loose out from it.

There was a documentary on sky science a few days ago about hacking. What stood out for me was a comment by some government ex-director of security saying that at least 127 countries have government sponsored groups setup to hack other countries to spy on each other. They actually aim to hack other countries to spy on each other.

So with governments so willing to play this game between each other, I guess its nothing to them, to want to also do this on everyone they have power over in their own country. The people at the top are just eternally paranoid and terrified at loosing power, so they want to always watch everyone else to prevent anyone taking any of their power from them ... while we all suffer being swept along in their paranoia and power games. We are suppose to choose and vote them in, but once they get into power, they want to keep ever tighter controls on all of us. We are suppose to be controlling them, not them controlling us. ie. "Democracy is a form of government in which power is held directly or indirectly by citizens under a free electoral system." ... So what is it, if they no longer want us to have a Democracy?

Re:"Allowing Criminals" (1)

MindKata (957167) | more than 4 years ago | (#26956431)

doh... "sky science" I should have said, "discovery science" ... need food, brain not working so good. :)

Re:"Allowing Criminals" (1, Offtopic)

Joce640k (829181) | more than 4 years ago | (#26956899)

While you're at it, look up the difference between "lose" and "loose"...

Re:"Allowing Criminals" (4, Interesting)

MoellerPlesset2 (1419023) | more than 4 years ago | (#26956283)

Who's 'big brother' here?
The European governments who want to eavesdrop on suspected criminals after obtaining a court order, or the US and UK governments who are presently listening to everybody in Europe, and have been for quite some time, through ECHELON?

Re:"Allowing Criminals" (5, Insightful)

Anonymous Coward | more than 4 years ago | (#26956697)

All of them. If I have multiple older male siblings, I can address them all as "Big brother." The existence of one does not preclude the existence of others.

Everyone is doing it (0)

Anonymous Coward | more than 4 years ago | (#26956751)

According to fairly recent reports pretty much everyone in Europe is doing it. Internet (or at least http traffic) is habitually snooped, phone conversations (usually) only after a court order. Information gathered is usually shared with foreign agencies. According to a former employee of the AIVD "we could decide not to share our intel with the CIA, but then they don't give us the information we want".

Re:"Allowing Criminals" (1, Interesting)

Anonymous Coward | more than 4 years ago | (#26956917)

All governments work in self interest. Therefore no government can be trusted. Spying on innocents accomplishes several things: (1) revenue, (2) control, (3) precedent for the next expansion of power and revenue. For the people at the top of the power pyramid, this is simply good business. For the rest of us, it's called oppression (let's not beat around the bush by calling it "big brother").

Re:"Allowing Criminals" (1)

tjstork (137384) | more than 4 years ago | (#26956331)

Or allowing law abiding citizens to speak with their relatives in hostile countries without worry of big brother listening.

Well, they are hostile countries, you know.

Re:"Allowing Criminals" (1)

Spazztastic (814296) | more than 4 years ago | (#26956571)

Or allowing law abiding citizens to speak with their relatives in hostile countries without worry of big brother listening.

Well, they are hostile countries, you know.

I have a good friend in Lebanon who I keep in touch with on MSN and used to talk to on Skype (before his connection became too volatile). If the government really wants to listen in to us discussing (Well, at the time) World of Warcraft strategies and how the raid the night before went they can be my guest, but if I am discussing family matters with relatives who travel regularly, it's nobody's business.

Re:"Allowing Criminals" (1)

emocomputerjock (1099941) | more than 4 years ago | (#26956591)

It's worse than that, they're hostile countries looking to harm our childrens.

Re:"Allowing Criminals" (1)

UbuntuLinux (1242150) | more than 4 years ago | (#26956403)

Forget about Big Brother listening, it would be far worse if the ghosts that haunt the moon where to be able to listen to your Skype conversations. Luckily moon ghosts are not tecnologically advanced enough to use Skype, and even if they where, when they put the microphone headsets on they would just fall through their spectral heads, onto the floor. Also the moons atmosphere would prohibit the transmission of sound. Even so, I think it is something we should all bare in mind.

Re:"Allowing Criminals" (0)

Anonymous Coward | more than 4 years ago | (#26956483)

hey man, this is Europe! No government hostility threatens us! those are the ways of poor countries only governors! they're just taking care of us all!

Re:"Allowing Criminals" (0)

Anonymous Coward | more than 4 years ago | (#26956553)

(oh NO! don't tell me that my sarcastic comment hasn't been sent under encryption... I MUST HIDE!! B-S )

Re:"Allowing Criminals" (0)

Anonymous Coward | more than 4 years ago | (#26956545)

Or allowing law abiding citizens to speak with their relatives in hostile countries without worry of big brother listening.

It's illegal to keep secrets from government, e.g. see RIP [wikimedia.org] which explicitly gives a 2-year prison sentence for having something the government can't read

Re:"Allowing Criminals" (1)

mdwh2 (535323) | more than 4 years ago | (#26956605)

Or indeed, people who would be made criminals by stupid laws, even though they are harmless (e.g., in the UK, we have all sorts of laws on distribution or in some cases even possession of adult imagery, which would still apply to consenting adults doing something saucy over private webcam). Of course, even when it's legal, it's perfectly reasonable to use encryption to keep it private, as you say.

Re:"Allowing Criminals" (0)

Anonymous Coward | more than 4 years ago | (#26956737)

Or allowing law abiding citizens to speak with their relatives in hostile countries without worry of big brother listening.

In a police state there are *no* law abiding citizens.

Too many loopholes (4, Insightful)

mangu (126918) | more than 4 years ago | (#26956219)

Suppose they have a way to intercept Skype calls and decrypt everything. How will they know a conversation like "Aunt Emma's cat had seven kittens, three black and four white" actually means "I'm sending seven kilos of heroin, Giuseppe will take three and Giovanni four"?

Re:Too many loopholes (3, Insightful)

Anonymous Coward | more than 4 years ago | (#26956247)

That's an issue which applies to any form of intercepted communication not just skype

Re:Too many loopholes (4, Interesting)

mangu (126918) | more than 4 years ago | (#26956337)

That's an issue which applies to any form of intercepted communication not just skype

Precisely. Intercepting communications is pointless if the target has reason to suspect they are being watched. That's why the US and Britain went to great efforts to disguise the fact that they had broken the German and Japanese encryption systems during WWII.

For instance, when American fighters shot down admiral Yamamoto's plane the US didn't report the fact. They wanted the Japanese to believe that was just a chance encounter, not an action planned from a flight schedule they had known from decrypted Japanese communications.

Re:Too many loopholes (1)

caluml (551744) | more than 4 years ago | (#26956581)

Re:Too many loopholes (1)

digitig (1056110) | more than 4 years ago | (#26956723)

Surely it's this [xkcd.com] XKCD?

Re:Too many loopholes (0)

Anonymous Coward | more than 4 years ago | (#26956825)

Here's hoping there is a special place in Hell for you XKCD fanboys.

Re:Too many loopholes (2, Funny)

digitig (1056110) | more than 4 years ago | (#26956931)

It's here [garfield.com] .

Re:Too many loopholes (1)

fastest fascist (1086001) | more than 4 years ago | (#26956259)

Furthermore, how will they prevent people from using third-party add-ons to encrypt their comms themselves? If you can't make your own skype client then you need to encrypt the audio before skype catches it, and decrypt it after skype plays it out. Shouldn't be impossible. But that's not the point, is it? Blanket surveillance measures will never catch determined adversaries, they are useful only against the population at large. This is the every-citizen-is-a-potential-criminal mindset at work yet again.

Re:Too many loopholes (4, Funny)

Chrisq (894406) | more than 4 years ago | (#26956357)

Suppose they have a way to intercept Skype calls and decrypt everything. How will they know a conversation like "Aunt Emma's cat had seven kittens, three black and four white" actually means "I'm sending seven kilos of heroin, Giuseppe will take three and Giovanni four"?

because you've just told us - and you are now on the "listen" list

Re:Too many loopholes (1)

Dunbal (464142) | more than 4 years ago | (#26956371)

How will they know a conversation like... actually means

And they will NEVER know that an email sent from 4321cba@gmail.com to 91023ofg@hotmail.com containing an attachment which was just a JPEG photograph of people on a ski slope, with three people on the left of the picture and four people on the right - means EXACTLY the same thing.

This is still the same "make believe security" bullshit that governments are so good at to cause the paranoid masses to support them, while wasting money and not actually doing anything at all. Governments don't win wars because they are competent - they win because they are less incompetent than their enemy.

Re:Too many loopholes (0)

Anonymous Coward | more than 4 years ago | (#26956383)

Suppose they have a way to intercept Skype calls and decrypt everything. How will they know a conversation like "Aunt Emma's cat had seven kittens, three black and four white" actually means "I'm sending seven kilos of heroin, Giuseppe will take three and Giovanni four"?

Erm..."Illustrissime, le vostre idee lo intrigano e desidero abbonarmi al vostro bollettino, prego."

Re:Too many loopholes (1)

Joce640k (829181) | more than 4 years ago | (#26956953)

"Ilustrado, su idea es intrigante y deseo inscribirme en su boletin, por favor"

Re:Too many loopholes (1)

El_Muerte_TDS (592157) | more than 4 years ago | (#26956533)

The first one is a drug deal, and the second one is two teenagers player some online computer game.

Right?

Re:Too many loopholes (4, Insightful)

JasterBobaMereel (1102861) | more than 4 years ago | (#26956797)

Arbitary codes like this and One time pads have been proven (when done correctly) to be absolutely secure, whereas all encryption in theory is insecure (the only exception is quantum encryption)

Skype is a well known protocol, with a know encryption system, and is not secure ....

Re:Too many loopholes (1)

deeLo57 (641046) | more than 4 years ago | (#26956883)

It's called injecting measured noise into the stream. Wolski: LT. There's nothing wrong with the fresh water condensers I was just over there, Lt: Wolski, Send the message... Target: "White Kittens may have Kidney problems"

Re:Too many loopholes (5, Insightful)

Asic Eng (193332) | more than 4 years ago | (#26957141)

As much as I'm a privacy advocate ... Fact is most criminals are not particularly clever - often they make mind-numbimgly stupid mistakes. One of the tasks which the police has to solve, is to process the stupid criminals quickly, so that they have resources left for the more intelligent ones. Besides, in theory you can avoid any one mistake, but in practice it's impossible to avoid all of them.

So suppose the police intercept the conversation example you used. What does it tell them? Well - first they are going to find out that neither of the people involved actually has an aunt emma, or indeed any aunt who owns cats. Alternatively they might be aware that the people involved don't exchange a lot of private information, hence are not close enough to care about the cat of some relative. So they know it's a code and from that they know that something is going to happen. The recipient is a suspected drug dealer, the sender a suspected supplier, so they guess that it's about a drug deal. Possible action: keep a close watch on the recipient of the message - he may receive the drugs soon, or he may establish contact with the persons receiving the drugs.

Even if they can't guess the first thing about the content of the message - intercepting it can still yield information. E.g. it could tell them that the recipient is online now - using the IP address they could identify his location - or they could obtain a voice sample which could be used for identification. They could use the time someone calls to identify their daily routine - if suddenly a call is made at an unusual time (e.g. 2 am for someone who usually sleeps early) then they can guess that something interesting is going on.

Taken to the extreme opposite - if intercepting communications between criminals would never yield results, then wire tapping in all forms would have to be stopped. We could determine whether that's the case by analyzing criminal cases - is wire tapping evidence never introduced, is wire-tapping information never used to guide investigations? If that's not the case, then we shouldn't expect a zero return for skype-interception either.

Communication privacy in freedom (3, Informative)

dyfet (154716) | more than 4 years ago | (#26956245)

One does not need to rely on proprietary or otherwise closed source solutions and protocols which may have or can in the future carry backdoors to achieve communication privacy. For the past three years, one could simply apt-get install twinkle with ZRTP support from any Debian repository, which has an open and proven model for peer-to-peer media security and a reference implementation of the ZRTP stack that is part of the GNU Project. More recently, there is SIP Communicator, purely Java based and truly multi-platform, which uses the newer ZRTP4J stack. Existing non-B2BUA based SIP servers like opensips or GNU sipwitch can be used to organize and coordinate scalable secure calling networks. All the tools are there to do verifiable communication privacy in freedom today.

Re:Communication privacy in freedom (1)

Kjella (173770) | more than 4 years ago | (#26956333)

which uses the newer ZRTP4J stack. Existing non-B2BUA based SIP servers

I'm usually quite nerdy, but your post even gives me acronym overload. At any rate, I guess some of the point you miss would be hiding in a bigger network? Perfect security is fine, but not if you can just assume that everyone participating is involved in some nasty business.

Re:Communication privacy in freedom (2, Funny)

Yetihehe (971185) | more than 4 years ago | (#26956447)

It's surprising that TMA* filter allowed you to submit your post ;)


*Too Much Acronyms.

still must be many workarounds (1)

portscan (140282) | more than 4 years ago | (#26956251)

even without skype, it's must be possible to have fully encrypted voice (or text or video) communication over the internet that should be completely private and impossible to decrypt in real time. so yet again, this will only affect those too lazy or ignorant to try to evade it (which will probably be most people--even most "criminals").

Re:still must be many workarounds (1)

Joce640k (829181) | more than 4 years ago | (#26956973)

ie. Everybody *except* the people they tell us they want to listen to.

It's all the lies that really bug me.

I'm glad we standardized on Skype (1)

sakdoctor (1087155) | more than 4 years ago | (#26956261)

If the defacto standard was opensource, with provably well implemented encryption, then I wouldn't be safe from the criminal hordes.

Re:I'm glad we standardized on Skype (0)

Anonymous Coward | more than 4 years ago | (#26956335)

Um. What stops you, the criminal, from using the defacto standard, opensource, highly encrypted, portable and work-everywhere system known as SIP?

Re:I'm glad we standardized on Skype (1)

TheRaven64 (641858) | more than 4 years ago | (#26956467)

Did we? I'm fairly sure we standardized on SIP, with SRTP support for those requiring encryption. Go into any modern office and the phones will be using SIP, not Skype. The fact that anyone can implement SIP devices means there is a lot more competition in the market, and a lot of cheap devices and software clients.

Re:I'm glad we standardized on Skype (1)

Ash-Fox (726320) | more than 4 years ago | (#26956885)

Go into any modern office and the phones will be using SIP, not Skype.

My office uses Skype and 3 skype phones [wikipedia.org] when out of office.

Re:I'm glad we standardized on Skype (4, Insightful)

jimicus (737525) | more than 4 years ago | (#26956501)

If the defacto standard was opensource, with provably well implemented encryption, then I wouldn't be safe from the criminal hordes.

It could have been. If an opensource project created a product which worked as well as skype I'm sure it could easily have been as popular.

The problem with a plain SIP client is you suddenly find you need a SIP account with a provider - there aren't many truly international SIP providers and they don't all have agreements to allow SIP calls to be carried for free, which adds a lot of complication. And every layer of complication you add to a product will put a lot of people off.

Re:I'm glad we standardized on Skype (0)

Anonymous Coward | more than 4 years ago | (#26956613)

please somebody think of the nerds?

Re:I'm glad we standardized on Skype (1)

Jamie's Nightmare (1410247) | more than 4 years ago | (#26956871)

You would still be safe with "open source" if you placed the call to or from an Analog Telephone. Wrapping the handset in aluminum foil also helps.

Secure phone (0)

Anonymous Coward | more than 4 years ago | (#26956279)

I wonder why phone communication is not yet secured the same way like ssh. It probably won't take long before someone creates secure communication application for smartphones like HTC G1.

Re:Secure phone (2, Insightful)

TheTurtlesMoves (1442727) | more than 4 years ago | (#26956511)

I just use write over ssh. But if they have a warrant they could put key logger on my keyboard or put bugs in the house. Once there are warrants, all bets are off.

Re:Secure phone (1)

berend botje (1401731) | more than 4 years ago | (#26956555)

Once they can get you into custody, all bets are off anyway. For cracking encryption a rubber hose beats a Beowulf cluster every time.

Your privacy (1)

drsmall17 (1240792) | more than 4 years ago | (#26956295)

"Who Poses the Greatest Threat To Your Privacy?" ... without a doubt, Your Government. This probably would not be a problem had Skype instituted peer to peer encryption with either openSSL or GnuPG keys.

Re:Your privacy (1)

TheRaven64 (641858) | more than 4 years ago | (#26956499)

"Who Poses the Greatest Threat To Your Privacy?" ... without a doubt, Your Government

Really? You think an organisation that believes they can intercept communications by requiring a single, proprietary, software maker to give them back doors, and don't realise that there are open standards for encrypted communications with independent implementations that anyone can use is a threat to your privacy? Companies like Skype and Facebook that rely on social pressure to persuade people to give up their privacy are a much bigger threat than a group that flails around aimlessly and plays a hopeless shell game trying to catch the various ways of evading their monitoring.

Only Skype? (3, Insightful)

tedrlord (95173) | more than 4 years ago | (#26956299)

Somebody better tell them about all the other evil loopholes that criminals can use to talk over the internet. They'd better also be able to wiretap Yahoo and Windows Messenger voice, oh, and X-Box chat, and we're going to have to change the RTP protocol to send them a copy of all communications, of course. I'm guessing we'll have to hack all ssh clients to unencrypt VoIP traffic if somebody tries to tunnel it, too.

Or, you know, just get on Skype's case because authorities apparently have no idea what they're doing and seem to believe that Skype is the only way to talk over the internet. I'm sure the criminals appreciate the heads up so they can make sure to use more secure methods.

Crimanl law makes people criminals (1)

unlametheweak (1102159) | more than 4 years ago | (#26956303)

They want to eavesdrop to stop sex and drug use (according to the article). Clearly governments need to get rid of their bad laws instead of introducing yet more bad government practices. As for terrorism, that can be dealt with more effectively through political channels than through spying on your citizens.

Re:Crimanl law makes people criminals (1)

Spatial (1235392) | more than 4 years ago | (#26956421)

Clearly governments need to get rid of their bad laws instead of introducing yet more bad government practices.

How crazy! Who would they appease by doing that?

Re:Crimanl law makes people criminals (1)

unlametheweak (1102159) | more than 4 years ago | (#26956479)

Clearly governments need to get rid of their bad laws instead of introducing yet more bad government practices.

How crazy! Who would they appease by doing that?

Criminals. But the best way to get rid of crime is to legalize it. It would certainly make the self-righteous upset, which is a righteous goal in itself.

Re:Crimanl law makes people criminals (1)

digitig (1056110) | more than 4 years ago | (#26956765)

Clearly governments need to get rid of their bad laws instead of introducing yet more bad government practices.

How crazy! Who would they appease by doing that?

Criminals.

That must be just about all of the UK electorate by now, so that looks like a vote-winner!

Re:Crimanl law makes people criminals (1)

mdwh2 (535323) | more than 4 years ago | (#26956625)

I agree. I also love the practice of how the police try to demonise things by referring to them as "rings". I guess we'll be hearing about a crackdown on "Skype rings".

Skype sucks (0)

Anonymous Coward | more than 4 years ago | (#26956325)

We all know that Skype has sold access to the chinese, germans and the United Bluf.

Skype has never been good, and never will be.

The only real solution is standard VoIP with the addition of Phill Zimmermanns Zfone. This they can not crack.

Ah Europeans (1)

tjstork (137384) | more than 4 years ago | (#26956339)

All this crap we heard about Bush, and as we speak the UK is threatening to sink because of the weight of all its cameras, and now the EU wants to spy on everyone.

Re:Ah Europeans (2, Informative)

MoellerPlesset2 (1419023) | more than 4 years ago | (#26956401)

All this crap we heard about Bush, and as we speak the UK is threatening to sink because of the weight of all its cameras, and now the EU wants to spy on everyone.

The EU wants the existing wiretap legislation, the one that requires showing cause in court and getting a warrant, to be expanded to also include forms of IP-telephony. The Bush administration wiretapped everyone they felt like, without even bothering to show any cause or get a warrant from that rubber-stamp of a court that is FISA.

Seems pretty obvious that you'd think the criticism of Bush is 'crap' then, since you obviously don't understand the important distinction here. And yes, it's a pretty damn important distinction. Important enough to have been codified into the US Constitution as the Fourth Amendment. [wikipedia.org]

Re:Ah Europeans (1)

jabithew (1340853) | more than 4 years ago | (#26956629)

The other thing about CCTV in the UK is that it is mostly privately owned. The state does not control the majority of UK CCTV. And they can't demand it without good reason.

Tis funny... (1)

tjstork (137384) | more than 4 years ago | (#26957177)

How so many people can argue that the 4th amendment implies a right to privacy in everything, argue that Commerce clause gives the government the right to regulate CO2, but, that little phrase "the right to keep and bear arms shall not be infringed", somehow does not imply an individual right to keep and bear arms. My point is that everyone twists around the Constitution to mean what they want these days, and if you wanted to make a case for a civil right, you should do so not because it says that it is the law, but on the basis of some other reason.

I don't WORRY about so-called criminals (4, Insightful)

TheGratefulNet (143330) | more than 4 years ago | (#26956373)

I do worry about my (and everyone's) government.

the governments are ruining our lives, NOT the terrorists OR the criminals!

what an upside down world we live in. I truly don't fear criminals. I truly do fear my own government.

what is a criminal going to do with info he taps from my line? otoh, we can clearly imagine the kind of damage that happens when the governments listen in.

I wonder if we can ever fix this broken world of ours, where we have more to fear from the so-called good guys than the bad guys.

Re:I don't WORRY about so-called criminals (0)

Anonymous Coward | more than 4 years ago | (#26956435)

I truly don't fear criminals. I truly do fear my own government.

You'll also have more to fear from everyday criminals like muggers, burgulars etc. if law enforcement resources are diverted to monitoring and censoring millions of internet users.

If governments are bad ..... (1)

adrianmsmith (1237152) | more than 4 years ago | (#26956449)

What's your proposed alternative?

Re:If governments are bad ..... (5, Interesting)

TheGratefulNet (143330) | more than 4 years ago | (#26956813)

my alternative is a complete ban on ALL wire-tapping.

making all electronic communication the equivalent of whispering in a person's ear.

why would one be considered a fundamental human right and yet the other be so easily discarded?

criminals have the right to air, water, food, shelter, clothing. I'd also add 'right to communicate freely' in that list.

once we start whittling down what rights 'certain' people have, you are on the road to societal doom.

I don't believe 'the end justifies the means' and that's ENTIRELY what this wiretapping is all about. we'll VIOLATE your right to communicate in privacy - because there's some 'bad guy in a turban' that we want to stop.

this is insane! the founding fathers would not have given up our freedom to 'ensure' temporary safety and we shouldn't sell our freedoms out, either!

no, I don't agree that police and the gov have any INHERENT right to tap our comms. nothing at all gives them THAT kind of right-stomping ability, no matter WHAT the cause is.

in all situations, humans should have the DIGNITY to communicate and not have to worry about how is stealing their thoughts, ideas or even worse - who is going to MIS-INTERPRET your writings or speech. I'm waiting for the case where someone's fictional writing is intercepted and someone gets into 'big trouble' when the wiretappers refuse to believe that a person's private writing is just that - private. same with phone, net and anything else including email.

Re:I don't WORRY about so-called criminals (2, Insightful)

freedom_india (780002) | more than 4 years ago | (#26956799)

Yup.
Since when do people who use undocumented features became criminals?
And what right do the governments have in labeling such people criminals?
Have they been proven guilty in a court of law?
If not, then it means if the government indulges in unauthorised snooping it is OK by law?
Why can't be governments be held under the same law that they pass for citizens?
For instance in US, it is a criminal offense to eavesdrop on a telephone line without a court order.
If i do it, i have committed a criminal offense.
But if the NSA does it, its legal???
When nixon said that if the president does it, it must be legal, he was right.
If i "forget" to pay my income tax on the deadline, i get a mandatory fine AND penal interest at 3% per month.
However, the government has no such refund deadlines. If it "forgets" to refund my income tax excess, it gets away with a simple apology and a interest rate of 1% per year!
Why can't the government be criminalized if it fails to refund me excess income taxes? Because it would bankrupt the government?
Since when did the Government become an entity separate from the people?
The French are right: we need another Republic.
The Government IS the problem: anywhere.

Re:I don't WORRY about so-called criminals (3, Funny)

LVSlushdat (854194) | more than 4 years ago | (#26956881)

Everybody pissed and moaned about how bad Bush was.. Just you wait till we've had Comrade Obama and his ilk in Congress for a couple of years.. You aint seen NOTHING yet!! Before one of the many SlashLibs shouts me down as being a Republican, I'll admit that I *was*, for 98% of my life (I'm 58), but in the last couple of years, I've gotten absolutely fed up with the Republican party and am now an Independent.. Which means I'm disenfranchised.. Nobody to vote for.. In any event, I strongly suspect by the time I'm 65 in 2015, this country will finished, only the cleanup of what it once was left to complete.. Of course, perhaps John Titor actually WAS from the future, and the civil war he reports that happened in 2012 really happened, after all he did say we'd start seeing signs of it in 2008-2009... I *used* to have to put on a tight-fitting tinfoil hat when I read the accounts of John, but not so much anymore...

Honeypot, baitcar or try zphone (2, Interesting)

AHuxley (892839) | more than 4 years ago | (#26956415)

If they want you, they will get you.
Via hardware or software a gov can intercept with your calls.

Any info seems more about extending national or wider legal powers.
ie. Skype has been open to law enforcement, they just want to use it in court.
http://wikileaks.org/wiki/Skype_and_the_Bavarian_trojan_in_the_middle [wikileaks.org]

You know... (1)

soren202 (1477905) | more than 4 years ago | (#26956531)

It's tempting to be sad, or even surprised, but, really, anyone who didn't see this coming should be ashamed of themselves. At the very least, we can all take solace in the fact that the government will probably never figure out that SIP exists, a point especially true when you factor in the fact that a politician owning and using a blackberry is still a big deal.

Smart criminals will not be affected (2, Insightful)

houghi (78078) | more than 4 years ago | (#26956645)

A smart criminal will know that not only are they interested in what you say, but more often who you say it to. "Aunt Bertha is ill" could mean that I am worried about my aunt, or that the shipment of drugs and guns will be arriving 09:00 in wherever.

A semi-smart criminal will be using e.g. /. to post messages and think there is no relation between the people. However the Man can gather the information to who connects and then with some time and exclusion determine who I would be speaking to.

So what you need is a way of communicating with each other where there is no direct link between sender and receiver. You could wait for Google to enter the message in their seach and use their cache to read it. Bit safer, but still not 100%.

An even smarter criminal would be using something where messages are exchanged between points where you have no control. During WWII (Not the game console) radio was used. Sending from the UK, receiving on the continent and no idea who the message was intended for.

Such a thing exists today and is called Usenet. You can use e.g. alt.test for plain messages. You can also pgp the message and then post it inside a porn image or music file to an appropriate group.

Darn I just provided a link between illegal music and terrorism. Sorry.

Now the real smart criminals won't be effected by this. They do everything by the law and when things do not go well, they get rewarded anyway.

Re:Smart criminals will not be affected (0)

Anonymous Coward | more than 4 years ago | (#26956923)

You're talking about "dead drops". Make Magazine had an article about using DNS to dead drop a message and there are a billion and one other ways to do so.

Right after 9/11 there were a lot of random word messages on Usenet that everyone said were generated by some AI experiment at Harvard or the like but the patterns they used made it seem as though they were using steganography and posting the messages as a dead drop. I picked up on the pattern when I noted that they all had the same basic subject except if it were posted in alt.sex.goatse the end of the subject line might be "XEVSASDE" but another in alt.geek might be "YEWSVSWI" and the text would be entirely different. I hypothesized that was like saying "Message 1, part 1" "Message 1, part 2", etc. I don't know what the FBI ever found out about it but those messages stopped immediately after I dropped that hint on their tipline.

side note, my captcha for this post is "Bunker".

Re:Smart criminals will not be affected (1)

MasterOfMagic (151058) | more than 4 years ago | (#26957037)

This sort of thing is very easy to use these days.

Take, for example, Mixmaster. Great way to send truly anonymous email to somebody. Of course, they are unable to reply unless they know your email address (which Mixmaster hides), so layer Mixmaster with a nym server. Then you can send email, the person that receives the email can reply to it, and all of the traffic is encrypted and sent through the Mixmaster network.

If you want to take it a step further, use Mixmaster with nym server accounts which forward to Usenet. Then you can send from a regular email client, and you check a group of your choice for the encrypted responses. The only person who knows what to look for is you (because it is encrypted) and anybody can get in touch with you without knowing your real email address.

So go ahead, tap Skype if you want. Private communication across the Internet will keep going.

Re:Smart criminals will not be affected (1)

thethibs (882667) | more than 4 years ago | (#26957173)

A semi-smart criminal will be using e.g. /. to post messages

Of course! That's it! And here I thought all these weird, incomprehensible AC posts were coming from pimple-faced teenagers with half an education and no life outside of sitting in the dark keying stream-of-consciousness babble into Slashdot. Now it all makes sense! It's a code of some kind.

I wonder what "intertubes" is code for.

Crypto vs surveillance (1)

argent (18001) | more than 4 years ago | (#26956663)

They can get more cooperation from skype, to be sure, and when they do criminals will switch to private and distributed encrypted channels. These will be outlawed, and they'll have to use steganography to hide.

Meanwhile physical surveillance will be improved to the point where the unencrypted channel from the mouth to the handset and from the handset to the ear will be the easy target... but the legal residue of the effort to outlaw crypto will leave us in a situation where only the outlaws are safe using it.

time is money (1)

GregNorc (801858) | more than 4 years ago | (#26956695)

The NSA can already crack Skype encryption most likely.

The thing is, it probably either requires human intervention or lots of computing resources (I'd bet they'd be relying on pattern analysis and the like, not any cryptographic break.)

Their current method for regular phone conversations is to use software to convert them from sound to text... this not only cuts down on storage costs dramatically, but allows them to write software to look for keywords or call patterns (For example, if I make a call from Yemen to the UK, then whoever I talked to inb the UK calls seven other people shortly after, that has the hallmark of a compartmentalized organization, like a drug ring or terrorist organization)

But between the P2P nature of skype (no central authority to tap) and it's encryption, massive automated intelligence collection is impossible, and this makes the NSA very sad.

...suspicious phone conversations?!? (2, Insightful)

ReeceTarbert (893612) | more than 4 years ago | (#26956707)

Suspicious phone conversations on Skype could be targeted for tapping
Am I missing something here? How can you know a phone call is "suspicious" if you're not tapping it already? The mind boggles...

slp (0)

Anonymous Coward | more than 4 years ago | (#26956779)

Open up a gmail (or whatever) account, tell your friend the login credentials, write a message, do not send it, but save it as a draft, then let him know to log in from wherever he is, and read the draft. NO email sending involved at all. Terrorists, or any other wrongdoers are not stopid enought to use voicecom AND speak plainly about their plans. This is a pointless step again.

Judicial oversight (1)

Aceticon (140883) | more than 4 years ago | (#26956861)

As long as they do it under Judicial oversight (e.g. with a court warrant) I don't see what's the problem - just because it goes "over the tubes" and might use computers in one or both sides doesn't mean it's "special", more than just a phone call and entitled to extra protection from the police.

I'm a lot more concerned with large scale wiretapping without court orders than I am about court authorized wiretapping of calls that go over "the tubes".

"Eurojust"... (1)

(pvb)charon (685001) | more than 4 years ago | (#26956925)

Is it just me or does that sound rather like coming straight from an Orwellian "Newspeak" nightmare?

Non-criminals have no rights (0)

Anonymous Coward | more than 4 years ago | (#26956965)

Pretty soon now, doing anything that even smacks of caring for your privacy will brand you a criminal. Anything still legal is already branded a "loophole". Right. Do we even need to discuss this further?

"Want to hear a secret?" (1)

demolitio (1473833) | more than 4 years ago | (#26956999)

Alright....

First of all- as many here have mentioned- proprietary networks are a big no-no when it comes to VOIP security.

second of all- as some here have mentioned, but which needs a bit more emphasis- one of the best ways to make something secure when it comes to ANYTHING computer software related is to make sure hardly anybody knows anything about it! That being said, there are a lot more knowledgeable criminals out there, now that the EU has made a big stink of it.

Thanks EU for spilling the beans!

Re:"Want to hear a secret?" (1)

demolitio (1473833) | more than 4 years ago | (#26957057)

hmm.. come to think of it, that's rather contradictory- but still applies. May I add- just because it's not advisable, doesn't mean criminals won't use it.

Pretty pointless (1)

jambox (1015589) | more than 4 years ago | (#26957001)

I should think any sort of video calling makes monitoring much much more difficult. With voice calls, you can fairly easily hook up some text-to-speech and mine some medium-term recordings for potentially nasty combinations of words. True that'd only catch the careless but I believe it is done.

With video calling you can't do that. If two terrorists were using Skype they could pass messages by writing messages on cards and holding them up to the camera - there'd be no way of transcribing or flagging that automatically.

The technology is growing and diversifying so fast that the whole concept of SIGINT is looking increasingly unrealistic.

I suppose law enforcement has to do something... (2, Insightful)

OneSmartFellow (716217) | more than 4 years ago | (#26957171)

...I just wish they had better advisors. There's simply no way to prevent a determined group from communicating in secret. Certainly this proposed legislation isn't going to help one bit. Perhaps they'll catch the dumbest of the groups, but then, they're probably the least dangerous anyway.I'm not suggesting they give up, but perhaps a radical change in tactics is in order.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>