Recently, Reporters Without Borders (RSF) stated that Skype has signed a contract with the Chinese government stating that Skype would block out certain keywords. (Probably all the daaaangerous stuff, such as freedom, democracy or Mao comics. Kidding. Anyway.) For links and info, see my old post here. Now, this is pretty bad, obviously. Blocking keywords isn’t half as bad as wire-tapping phone calls, for two reasons: First, it’s easier to circumvent blocked keywords: Just use codewords, as anyone talking about something secretly would do anyway. Second, the blocking would probably take part within the Skype network. Wire-tapping on the other hand is most likely done by governments, and without the users knowledge.
Wiretapping on Skype may not be as easy as some government agencies would like it, though, says a great San Jose Mercury News (article also available via freepress.net). While many voice over IP (VoIP) services work through a central system, Skype doesn’t, which makes it harder to filter. Skype is completely decentralized, encrypted (how securely I cannot judge), and since you can login from any computer, it’s even harder to find the call you’re looking for. Now, as soon as you connect from Skype to a regular landline (or the other way round), there’s a connection where governments could wire-tap easily, depending on the national legislations, of course.
The easiest way to solve this issue, from a law enforcement agency point of view, is access to the software that powers the phone calls, of course. Some kind of backdoor, engineered to allow nosy intelligence services to keep an ear on the conversation. That would mean crippling the whole system, though, and pose the risk of letting any interested party gain access, lawful or no. In addition, given that different countries have different legislation, every conversation may be tapped several times: In the originating country, the destination country, as well as the countries the calls are routed through. We might have, in the end, a phone call that’s filtered for keywords in China, then eavesdropped in Germany, just to be analyzed closely in the U.S.
Says the Mercury News article:
â€œItâ€™s bad policy to cut off the benefits of VOIP and make it vulnerable,â€ agrees Whit Diffie, chief security officer at Sun Microsystems.
Apart from being an appalling idea, this also wields serious dangers of the more… financially graspable sort. Where technology is regulated to death, so to speak, its development will move abroad:
We are not at that point yet. But Landau warns this kind of regulation is a slippery slope. If peer-to-peer calls become illegal in the United States, the technology will move offshore. Other nations will innovate, and we wonâ€™t compete as well. We have to balance the need to enforce laws with the need to move technology forward and at the same time protect our privacy. If we hobble technology to help law enforcement, we make ourselves vulnerable, not safer. We faced this kind of issue in the early 1990s, when the debate was about whether to allow encryption technologies strong enough to hide data from the government. The government later decided to allow strong encryption to be used unencumbered, particularly as the technology was allowed overseas. The outcome here may be the same.
While in the case of Skype I’m not sure this would matter from a U.S. point of view. (Skype’s HQ is in Luxembourg, its developers are distributed around the world, with a bunch of them in Estonia.) But the point is clear.
This also highlights how important it is to not have one or few companies control the whole network. So on that cue, I’d like to take the opportunity to refer to the The Internet Freedom Declaration of 2007. This discussion is, so far, mainly U.S.-based. But let’s face it, if the U.S. won’t provide legislation to guarantee Net Neutrality, then most other countries won’t follow through with it either.
Here’s to the Save The Internet coalition: