"It's technically impossible to do what you want, Skype said"
That's only if your not a member of the five-eyes club.
Belgium has fined Skype €30,000 for failing to comply with a court request to intercept users' communications, something Skype claims was technically impossible at the time of the request. According to Het Belang van Limburg, a Dutch-language newspaper in Belgium, the fine was delivered by the court in Mechelen because Skype …
I suppose the simplest solution would be to stop offering the service in the legally incompatible country. There's very little Skype or Microsoft can do to comply with this and the ruling is simply ignoring reality.
If this is going to be a regular thing, then the only solution would be to conclude that Skype can't operate in Belgium.
But what does "operate" mean?
The software could conceivably be banned in Belgium, but I'm not sure how Skype could enforce this (or indeed the Belgium authorities).
It would be an interesting bunfight if Skype were to turn round and say that as they can't comply with Belgium regulations then Skype products must not be available/used in Belgium... and that they would appreciate the Belgium authorities assisting in this clamp-down on their citizens! An EU government making criminals out of its citizens for using software...
Then point out that the people the government wanted to spy on weren't "criminals", they were "suspects".
"I suppose the simplest solution would be to stop offering the service in the legally incompatible country....." Technically, Skype does not provide a "service" as the non-commercial version of Skype is a peer-to-peer connection. All Skype provides is the software, the "service" is then provided by the ISPs that make up the connection. Since the Skype connection is encrypted, intercepting it at the ISPs is also pretty pointless unless you have access to the encryption keys or a massive amount of processing power to break it. That's no doubt why the terrorists chose it in the first place.
".....There's very little Skype or Microsoft can do to comply with this and the ruling is simply ignoring reality...." The interesting bit is whether Skype will appeal or simply take the smaller cost of the fine.
".....If this is going to be a regular thing, then the only solution would be to conclude that Skype can't operate in Belgium." Or that this is the Europeans trying to force an American software provider to implement a backdoor into their communication software so conversations can be intercepted and decrypted at will.
Perhaps it still is, perhaps it isn't, but Microsoft will insist it isn't. And in all truth, can you blame them? If they admit its possible, they'll get subpoenas from national governments, non-government agencies, and demands all the way down to divorce attorneys and private employers who manage to convince a judge to sign the paperwork. Everyone wants to snoop if they get even the smallest advantage from it, and all the better if they can make a third party do the work for them - for free. Meanwhile, if two people are using older clients that don't use the snoopware-enabled "plug in" (or "update") and remains a true peer-to-peer, with no ability for any central point to intercept and copy the data stream for storage/analysis/decoding or other use/abuse, whoever is demanding it will get argumentative about it "You were able to handle this for XYZ, now you claim you can't! Lies! Now give us the data, or else." Who pays Microsoft (in this case) for the time required to comply with the flood of "court orders" they can expect if they admit they can snoop on these conversations?
... on both sides, if you ask me.
The "We're not a service provider" argument doesn't hold, unless Skype were a pure peer-to-peer service, which it wasn't at any time. So they did provide a service.
The "offering services in our country" argument is questionable as well. If anybody who does not employ geo-blocking for any internet service or content is considered providing that "in" every country on this planet, then my blog is probably violating the laws of the Democratic People's Republic of Korea right now.
Very true, looks Skype (MS) is talking rubbish here because it suits them. After all, if they are not a service, what have people, who purchased calls to landline and mobile numbers (services?) have been paying for then? I think I can even remember that, if you bought such a credit, you had to register and agree to T&As. I think you also had to pay if you wanted to do group calls? Now, that sounds pretty "servicy"... Unless people were paying money for "not receiving a service". Just as the fact that all those calls run though the Skype servers, and not, as somebody else here said, P2P. I guess these servers also do not serve...
The US declared them a service provider under CALEA (wiretap law) in 2006, although the response then was essentially "F.U.". They got away with that, probably because they were a Luxembourg entity at the time. So MS may indeed be working to avoid getting hauled into court, but a Belgian one was probably not what they had in mind...
(So, the Belgian court may have reasoned Skype had 6 years to provide what was asked for, assuming that if Skype had to offer the capability to the US, it would be able to provide it anywhere. It's only software, after all...)
Want to make free local, national & international phone calls & messages which are probably untraceable even to the spooks? Get yourself some free voip numbers, Sipgate.de works in this example. Download a copy of freeswitch and set it up to record the phone call and have call intercept setup. Set the voip phone software running with call intercept running, and phone the voip number but never answer the call. Instead talk away ignoring the ringing tone the caller is hearing as the phone system will record everything you say, and you can listen in to what the caller is saying using the call intercept. Reverse to have a two way conversation ignoring or filter out the ringing tones. Not only will you not be charged for the call as the call is technically never answered but the way the phone systems works is freeswitch sends the ringing tones back to the call once it has been routed to you.
Et Voila free probably untraceable (at least no billing logs will exist) telephone messaging.
Security is hard and expensive and repressive - more so if everyone is operating in a peer to peer fashion and you are not allowed perimeter controls.
Besides, terrorism is such a tiny threat it's hardly worth worrying about. In case anyone has forgotten the meaning of the word, it works by harnessing an ill-considered response generated by fear.
its so shortsighted of the courts, they better just outright ban all communication, and make it illegal to use any form of software telephony, messaging, encryption, why not ban all electronic devices then, while your at it shut down all power plants, ban electricity, remove all vehicles, close the borders,... wait, some people might love that...but really?... as if that is going to happen.
and indeed in 2012 skype was not yet owned by microsoft, it was employing p2p ( one of the reasons it didnt work for confcalls with multiple parties). for that reason it is technically impossible to deliver anything more than the meta data of the call.
we will have to go back to writing texts with hidden messages like during WW2
hmmm we already do that... wickr, whatsapp, facetime... any voip soft, people running asterisk at home... guess what.. you cant trace those calls... and if you can, you need years of compute time to get to the message.
Is a Skype call transcript admissible evidence? To avoid the admittedly piddly fine Skype could just make something up as there's no other record of the conversation. I find myself agreeing with Skype here, some people in Belgium used their software to have a conversation, they can't carry liability for the download and use of that software. Belgium should block it from working if theyre unhappy with it.
"Skype refuted this claim, however, arguing that the legislation cited did not apply to it as it was a software provider, rather than a service provider."
I call bullshit - when I set up Skype a few years ago (after MS bought it out) it proved impossible to set it up without signing up to an MS account. And if I have to sign up with a central authority, it's a service.
@Neoc, At the time of the original court order, Skype was still independent - All it was was a peer2peer software. Skype central servers were nothing more than directory listings enabling users to locate other Skype users and what their current IP address is when they logged in online and maybe some feedback metadata for software operation performance. Even back then, you needed to register with a valid email account and was something quick for MS to force MS accounts only onto new users after they bought it. The Skype client back then could still only physically connect the call to another PC running a Skype client that was logged into. There was nothing for Skype to intercept, unless it baked in spyware that sent a digital recording of the call to a central server somewhere.
After 2012, when MS bought it up, they ripped the guts out of it then centralised all the comms routing so they could mismanage it. Now, Skype/MS could comply with the order and intercept a call, but they don't have a time-machine to send the new post-2012 Skype infrastructure back to the time of the conversation in question and then capture/decode it for the Belgians.
However, most of what they said was BS.
But failing to comply with an impossible court order is ridiculous.
If Belgium were however to charge them with providing a service incompatible with Belgian law, then that would be a different question. And if they accepted any payments from the country for services, then they would have little defence.
Of course they could technically comply. After all they control the client (with updates and possibly hidden extra features), so they can instruct it to either give them the key or even the complete conversation. There is no incentive for Skype not to have that feature. (appart from the few hours of work that feature would require)
Of course they need to claim that they have no control over their clients. Paying 30k€ is a low price for all the positive publicity they get in the newspapers.
Biting the hand that feeds IT © 1998–2021