• United States



Microsoft patent may ruin Skype, may make VoIP spy and pry easy for gov’t

Jun 27, 20115 mins
Data and Information SecurityEnterprise ApplicationsMicrosoft

A Microsoft patent mentions both law enforcement and government having a need to sometimes "monitor communications," but is aimed at VoIP "recording agents" for "silently recording communications," and possibly indicates future Skype surveillance.

Oh man! Don’t you hate it when you suspect something unpleasant is likely to happen and then it turns into an “I told you so”? Are you one of the millions of people who depend upon Skype? Remember when Microsoft bought Skype? Did you wonder just how long it would be before Skype was ruined with a backdoor for easy-access eavesdropping? A Microsoft patent mentions both law enforcement and government having a need to sometimes “monitor communications,” but is aimed at VoIP “recording agents” for “silently recording communications,” and possibly indicates future Skype surveillance.

According to ConceivablyTech, the U.S. Patent and Trademark Office published a Microsoft patent application that might indicate Microsoft will add “recording agents” for eavesdropping purposes, “to legally intercept VoIP phone calls.”

Since companies seem to get up-in-arms when you write about patents that most have filed for the purpose of using at some point in the future, but only when it wants to release the news to the public, let me qualify this article by a CYOA statement. It is a fact that just because a company files a patent for something doesn’t always mean it intends to use it.

The Microsoft patent called “Legal Intercept” (images here) was filed on December 23, 2009, way before Microsoft ever acquired Skype. However, section [0028] specifically mentions Skype. “As mentioned previously, traditional techniques for silently recording telephone communication may not work correctly with VoIP and other network-based communication technology. As used hereafter, the term VoIP is used to refer to standard VoIP as well as any other form of packet-based communication that may be used to transmit audio over a wireless and/or wired network. For example, VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like.”

According to the abstract, “Aspects of the subject matter described herein relate to silently recording communications. In aspects, data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent. Modification may include, for example, adding, changing, and/or deleting data within the data. The data as modified is then passed to a protocol entity that uses the data to establish a communication session. Because of the way in which the data has been modified, the protocol entity selects a path that includes the recording agent. The recording agent is then able to silently record the communication.”

Section [0032] states, “A VoIP entity, such as the VoIP entities 205-206, may comprise any device that is capable of sending and receiving IP packets that encode voice data. Such devices may include, for example, dedicated VoIP phones, regular phones connected to a VoIP gateway, personal computers, server computers, hand-held or laptop devices, multiprocessor systems, microcontroller-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, cell phones, personal digital assistants (PDAs), mobile devices such as smartphones, gaming devices, appliances including set-top, media center, or other appliances, automobile-embedded or attached computing devices, other mobile devices, distributed computing environments that include any of the above systems or devices, and the like.”

A remote entity will start the recording agent after being triggered by “events” or a “sequence of events.” The communications might be stored for law enforcement to use at some point in the future. According to number 9, “comprising storing data corresponding to the communication to a storage medium for later retrieval by a law enforcement agent.”

What does all this mean? Who knows, but it’s not looking good for Skype. Microsoft has a history of working closely with law enforcement and of spying on its users for free. This fact was discovered by FOIA requests from security researcher Christopher Soghoian before he announced that Microsoft does not charge the government or law enforcement even a penny for surveillance of its users. Also, in the past, Microsoft took down Cryptome after it published a “top-secret” Internet surveillance guide meant only for law enforcement. That document, for the curious, can be read here.

But don’t worry, all these giants are about the same. Google updated its transparency report and “fully or partially complied” with 94% of the 4,601 U.S. government data requests from July to December 2010. Sheesh.

Like this? Here’s more posts:

  • What happens if you catch a hacker and must deal with the FBI?
  • Microsoft Approves Cybersecurity Plan, PC Health Certificate Plan Gains Support
  • FBI Dumpster Diving Brigade Coming Soon to Snoop in a Trashcan Near You
  • ‘Secret Law’ of Patriot Act: Geolocation Tracking & Domestic Spying on Steroids?
  • Having private parts is not probable cause for TSA to grope or body scan you
  • FaceNiff Android App Allows the Clueless to Hack Facebook in Seconds Over Wi-Fi
  • Project PM Leaks Dirt on Romas/COIN Classified Intelligence Mass Surveillance
  • Former FBI Agent Turned ACLU Attorney: Feds Routinely Spy on Citizens
  • Microsoft’s automated Future Home, what can go wrong?
  • EFF: Microsoft abusing DMCA to eradicate competing Xbox 360 accessories

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.