Skype Encryption Stumps German Police?
November 27, 2007
From New Zealand Herald: German police are unable to decipher the encryption used in the internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany’s top police officer said.
Law enforcement agencies and intelligence services have used wiretaps since the telephone was invented, but implementing them is much more complex in the modern telecommunications market where the providers are often foreign companies.
“We can’t decipher it. That’s why we’re talking about source telecommunication surveillance – that is, getting to the source before encryption or after it’s been decrypted.”
The German police aren’t the first ones to realize that when faced with industrial strength crypto, the easiest route is to simply go to the source, instead of attempting to intercept it in transit.
What’s curious is why they would announce to the world that Skype’s crypto is too good to crack. What’s even more curious is that they could have easily pursued the same approach that China’s government did when it began censoring forbidden topics discussed using Skype’s text chat system – something that’s possible only when Skype deliberately modifies its own software to disable the privacy protecting effect of cryptography.
Why didn’t the German police not take the later approach and simply keep their mouths shut? Curiouser and curiouser, indeed.
Beyond idle speculation as to the German authority’s ulterior motives, there is a lesson here that bears repeating: a secure system is only as secure as its weakest link.
