While already giving intelligence services access to private data without a court order, some Russian experts say, Skype is still being pressured into registering as a telecom agency, allowing intelligence to operate around a series of legal loopholes.
Intelligence services have for years have been monitoring Skype
communications, several participants in the Russian information
security industry have told Russian newspaper Vedomosti. According
to security experts, access to correspondence and Skype
conversations within the Russian intelligence community does not
always go through the court system – it is often obtained on a
“simple request.”
After Microsoft acquired Skype in May 2011, it updated its software
with a technology allowing “legitimate wiretapping,” Maksim
Emm, CEO of Peak Systems, told the publication. Since then, any
user account can be switched to a special mode in which the
encryption keys that were previously generated on a user’s mobile
device or computer would be generated on Skype’s server.
With access to the server, anyone can listen to the conversation or
read the correspondence, including short messages sent to mobile
phones. Microsoft provides the opportunity to use this technology
to security services all around the world, including Russia, the
expert explained.
Another expert elaborated that “for a couple of years” the
intelligence agencies can not only listen, but also determine a
user's location. “That is why our employees, for example, are
forbidden to talk on work-related manners on Skype,” Ilya
Sachkov, CEO of Group-IB, told Vedomosti.
The Federal Security Service (FSB) asked Microsoft back in 2011 to
provide Skype's source code, claiming it was required to reduce the
threat to Russia's national security. Although the code would not
allow authorities to obtain direct and easy access to private data,
it could help to crack the encryption system.
The request was apparently turned down, leaving security services
with the only fully legal ways of obtaining private information –
through a direct court request to Microsoft.
Legalized wiretapping
Microsoft’s somewhat cooperative attitude towards releasing private data did not stop the FSB from filing numerous complaints to the company, pushing it to register under a different designation – as a telecommunications operator.
While Skype provides VoIP (Voice over IP) services, the company is not registered as an operator. Such a move would make accessing and collecting private data even easier for the authorities, because in accordance with Russian legislation, mobile operators and Internet service providers are required to collect personal data and store it for at least three years.
Meanwhile, the French telecom regulator ARCEP is also pushing Skype towards further collaboration with the special security services.
The body posted a notice on Tuesday saying that prosecutors had been notified that Skype should register with the authorities as telecom firm as it provides its users with the ability to make phone calls, and therefore is required to meet regulations including “implementing the means required to perform legally ordered interceptions.”
ARCEP added further that Skype's failure to register as an “electronic communications operator,” after several requests by ARCEP, could be viewed as a criminal offense.
Skype's position on the matter was outlined in a statement sent
to Ars Technica, which said: