While already giving intelligence services access to private data without a court order, some Russian experts say, Skype is still being pressured into registering as a telecom agency, allowing intelligence to operate around a series of legal loopholes.
Intelligence services have for years have been monitoring Skype communications, several participants in the Russian information security industry have told Russian newspaper Vedomosti. According to security experts, access to correspondence and Skype conversations within the Russian intelligence community does not always go through the court system – it is often obtained on a “simple request.”
After Microsoft acquired Skype in May 2011, it updated its software with a technology allowing“legitimate wiretapping,” Maksim Emm, CEO of Peak Systems, told the publication. Since then, any user account can be switched to a special mode in which the encryption keys that were previously generated on a user’s mobile device or computer would be generated on Skype’s server.
With access to the server, anyone can listen to the conversation or read the correspondence, including short messages sent to mobile phones. Microsoft provides the opportunity to use this technology to security services all around the world, including Russia, the expert explained.
Another expert elaborated that “for a couple of years” the intelligence agencies can not only listen, but also determine a user’s location. “That is why our employees, for example, are forbidden to talk on work-related manners on Skype,” Ilya Sachkov, CEO of Group-IB, told Vedomosti.
The Federal Security Service (FSB) asked Microsoft back in 2011 to provide Skype’s source code, claiming it was required to reduce the threat to Russia’s national security. Although the code would not allow authorities to obtain direct and easy access to private data, it could help to crack the encryption system.
The request was apparently turned down, leaving security services with the only fully legal ways of obtaining private information – through a direct court request to Microsoft.
Microsoft’s somewhat cooperative attitude towards releasing private data did not stop the FSB from filing numerous complaints to the company, pushing it to register under a different designation – as a telecommunications operator.
While Skype provides VoIP (Voice over IP) services, the company is not registered as an operator. Such a move would make accessing and collecting private data even easier for the authorities, because in accordance with Russian legislation, mobile operators and Internet service providers are required to collect personal data and store it for at least three years.
Meanwhile, the French telecom regulator ARCEP is also pushing Skype towards further collaboration with the special security services.
The body posted a notice on Tuesday saying that prosecutors had been notified that Skype should register with the authorities as telecom firm as it provides its users with the ability to make phone calls, and therefore is required to meet regulations including “implementing the means required to perform legally ordered interceptions.”
ARCEP added further that Skype’s failure to register as an “electronic communications operator,” after several requests by ARCEP, could be viewed as a criminal offense.
Skype’s position on the matter was outlined in a statement sent to Ars Technica, which said.