Skype calls use 256-bit advanced encryption by default, but that’s not secure enough for some people. So a prof at the Warsaw University of Technology has created a way to communicate even more privately on Skype — by using silence.

Wojciech Mazurczyk (ten points if you can pronounce that name) has found a way to hide data in the 70-bit packets that Skype sends by default when it is detecting silence … when you’re not talking. Skype itself does nothing with these packets when it receives them, but Mazurczyk’s team has discovered a way to intercept and decode them anyways, according to New Scientist.

The new secrecy might seem overkill for an already-encrypted call, but Skype is owned by Microsoft, and we know that 3-letter American government agencies want the ability to monitor your digital communications on Skype and social networks … and have asked Microsoft, Facebook, and others for backdoors in their communications technologies.

Microsoft is consolidating its VOIP messaging services, having just moved Windows Messenger users over to Skype, and releasing a gorgeous full-screen version for Windows 8. The company does have a patent application in process called “Legal Intercept” which enables the ability to record “any kind of voice-over-Internet-protocol (VoIP) communications” by re-routing messages over “a path that includes a recording agent.”

It’s unclear at this point whether law enforcement agencies are actually intercepting and listening to Skype conversations, but the Skype privacy policy does seem to allow for it, including the actual “content of instant messaging communications, voicemails, and video messages” in a long list of data that Skype collects on its users.

And this clause basically says that what you do or say on Skype could be disclosed and, I suppose, used against you in a court of law for basically any reason, including the fairly nebulous “protecting Skype’s interests:”

Skype may disclose personal information to respond to legal requirements, exercise our legal rights or defend against legal claims, to protect Skype’s interests, fight against fraud and to enforce our policies or to protect anyone’s rights, property, or safety.

All of which goes to show why security researchers might be tempted to find ways to use probably the most popular VOIP app on the planet without airing their private conversations for anyone in law enforcement to enjoy.

A Microsoft representative that I contacted for comment could not speak about this issue immediately (it is, after all, the weekend). A Skype representatives, similarly, is conferring with the company’s chief security officer, who is based in the UK, before commenting.

Mazurczyk will be presenting on his team’s work and findings at a steganography conference this summer in France.

photo credit: Chris Pirillo via photopin cc, Vince Welter via photopin cc

Filed under: Business, Security, Social, VentureBeat

Categorised as: Chief Digital Officer | Digital Media | Feedster

Comments are disabled on this post