Skype's Encryption May be Used as an Excuse for Trojan Viruses by German Police

Illustration for article titled Skype's Encryption May be Used as an Excuse for Trojan Viruses by German Police

Skype's encryption codes are proving a problem for German police, who say that their officers are unable to monitor suspect conversations. One of the country's top cops admitted yesterday that the combination of VoIP technology and Germany's strict anti-surveillance laws — a reaction to the Stasi's exploits during the Cold War — is making it harder to keep tabs on criminal and terrorist activity in the country.


"We can't decipher it," says Joerg Ziercke, President of the BKA, Germany's Federal Police Office. "That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted." He does not, however, advocate that the Talinn-based internet company gave law enforcers its encryption keys.

"There are no discussions with Skype," he continued, stating that he had no interest in harming a company's competitiveness. "I don't think that any provider would go for that." He did, however, express the need for his country's law enforcement agencies to be able to conduct online searches of suspects' hard drives using Trojan Horse spyware, but he stressed that these cases were rare.

"We currently have 230 proceedings related to suspected Islamists," Ziercke said. "I can imagine that in two or three of those we would like to do this." [i4u and VoIP News]



I don't see the problem here: if the German police obtain a warrant to tap some one's Skype phone, and record the encrypted conversation, they can obtain another warrant that will allow them to bring the encrypted recording to Skype, to decrypt it for them.

Skype does not need to reveal their encryption technology, and the police can obtain the phone conversations they need.

Skype needs to adopt adequate security measures to ensure the privacy of the subscribers under surveillance, and also needs to limit this information within the company, but that isn't anything more than any Local Exchange Carrier would have to do under similar circumstances.

In effect, Skype is acting as a Local Exchange Carrier, except they have distributed a bit of their Central Office equipment to each Customer Premises. Since their Central Office equipment encrypts the phone conversation, Skype has an obligation to provide Law Enforcement with a decrypted copy.