Skype Encryption Stumps German Police 289
TallGuyRacer writes "German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer, Joerg Ziercke, said. "The encryption with Skype telephone software ... creates grave difficulties for us... We can't decipher it. That's why we're talking about source telecommunication surveillance — that is, getting to the source before encryption or after it's been decrypted.""
I long for the day (Score:3, Interesting)
It's all about building trust.. (Score:5, Interesting)
Yeah right.
If you are paying attention, Skype is incorporated in Luxembourg, which is part of the EU, just like Germany (they actually share borders).
Do you think the EU would allow for some European company to provide tools to "terrorists" without having eavesdropping ability?
Now for the real story; German Police is putting on a little show so people actually trust *more* the closed-source Skype software.
If the German Police had no way of eavesdropping they would either (a) Shut up about it or (b) Actually say they have supercomputers that can decipher anything (even if this is not true). (a) or (b) would create enough FUD for "terrorists" to actually distrust Skype as a communication medium.
This is all spin doctor speak, and I would never trust Skype for sensitivie material communications. The Zfone project http://zfoneproject.com/ [zfoneproject.com] is a much more secure system.
Re:Skype unbreakable? (Score:5, Interesting)
The US managed to get the UK to agree to deport anyone they asked for in case they were terrorists.
The first people the chose to ask to be deported were a bunch of bankers that had done some dodgy dealings, hardly terrorists.
And what's worse/better is that the US didn't hold up to it's part of the bargain and sign up to a similar agreement.
Re:Skype unbreakable? (Score:3, Interesting)
Re:Skype unbreakable? (Score:3, Interesting)
Of course, the ministry of interior and the police argue, that they can't stop the terrorists, if they can't secretly hack the computer and monitor their communication.
And of course, it will only be used for severe crimes. Normal people have nothing to fear.
Re:Skype unbreakable? (Score:5, Interesting)
Tech Savvy terrorists (Score:2, Interesting)
And without any encryption to boot, most conversations are phrases within local dialects which listed out would mean anything from a shopping list to a planned assasination. The point here is rather than spying on the content its the point of origin and the investigative techniques used by most third world countries today that'll help. And definitely not the backdoors left in most protocols used by skype et. all by all the three letter agencies.
The type of curbs being tried by the German Police would essentially be useful against big time money laundering and crimes similar in vein.
Re:Skype unbreakable? (Score:3, Interesting)
You see, the idea behind the compromised portion deals a lot with the intent of who compromised it. Compromised means that you don't know their intent, what they have done and cannot trust the computer for anything. This wouldn't necessarily be the case when the police do it. At least not in the virgin eyes of the courts who still believe the police wouldn't act in an unlawful manor.
Re:Skype unbreakable? (Score:4, Interesting)
Re:Skype unbreakable? (Score:1, Interesting)
Under the US system of law, basically every law is a restriction on rights, and a great many of them make sense and are a necessary basis of a society.
Re:Skype unbreakable? (Score:3, Interesting)
There is a possibility that everyone whoever has been arrested had been framed, but the likelihood is so small that not everyone claims it nor do others think it. IT would depends a lot on what steps needed to be taken and how likely someone else could take those steps. I could also be possible that the police end up seeing some other party putting the incriminating stuff onto your PC. But ultimately, it would/could be your defense that the computer was infected with something and you couldn't get rid of it. Or something similar to that. We have seen this in the past and it didn't fair to well, remember the schoolteacher who had pornographic popups due to malware on a presentation computer and ended up getting something like 40 years?
Two points (Score:3, Interesting)
First, it should be unbreakable. If the government can crack it, then so can anyone else. There are so many bogeymen on the 'net, that it would be ridiculously irresponsible to deploy an easy-to-break VoIP system.
Second, Skype is very breakable. There's no secure key exchange: Skype is a totally trusted introducer. Government, if you want to break Skype, just ask them to help with your MitM attack.
But that vulnerability should be Skype-only, and a "serious" VoIP system should be quite resistant. IMHO, phone apps should be built on OpenPGP, except also include some kind of OTP support since most people talk to people they regularly meet in real life. (Actually, I sort of think we need OpenPGP to be expanded to include a standardized OTP.)