Skype buy heralds wiretaps, Linux death

Microsoft plans to buy online phone service Skype for US$8.5 billion, but what are the security implications?

For those not familiar with Skype, it's an interesting sort of beast. Loosely speaking, it's an internet telephone company without much of a telephone company. Much of its operation is peer-to-peer, so that much of its bandwidth and infrastructure - not unreasonably - is provided directly by the users of the service.

One uncertainty - indeed, to some, it's a controversy - about Skype's proprietary software is whether it includes any sort of 'lawful interception' system.

Most countries require landline and mobile phone operators to provide a vehicle by which duly-authorised law enforcement agents can intercept calls on their networks.

Indeed, phone carriers spend a lot of money maintaining lawful interception systems, something which is as useful to law enforcement as it is worrying to privacy.

But since most Skype calls are peer-to-peer, and encrypted end-to-end, Skype isn't a traditional phone carrier.

Either it doesn't have a lawful interception capability or it must contain some sort of network-independent backdoor which could be considered a serious security risk.

So what's likely to happen from a software and a security point of view? Here are my guesses:

• The Linux version of the Skype software will wither and die.

• The OS X version of the Skype software may wither and might die.

• Microsoft will add some sort of lawful interception system into the Skype software, assuming there isn't one already. But they'll be honest about doing so.

• You'll need to get a Windows LiveID to create a Skype account.

• Skype will come under greater scrutiny from cybercrooks keen to find saleable vulnerabilities.

• Skype for Windows will come under the Microsoft Active Protections Program, which will balance out or defeat problems caused by the previous issue.

Copyright © SC Magazine, Australia