Microsoft seeks patent for spy tech for Skype
'Legal Intercept' would allow it to silently record VoIP communications.
Computerworld - Editor's note: An earlier version of this story said the Legal Intercept patent had been granted. The patent application is still being processed.
A technology called Legal Intercept that Microsoft hopes to patent would allow the company to secretly intercept, monitor and record Skype calls. And it's stoking privacy concerns.
Microsoft's patent application for Legal Intercept was filed in 2009, well before the company's $8.5 billion purchase of Skype in May. The patent application, which is still in process, was made public last week.
From Microsoft's description of the technology in its patent application, Legal Intercept appears similar to tools used by telecommunication companies and equipment makers to comply with government wiretap and surveillance requests.
According to Microsoft, Legal Intercept is designed to silently record communications on VoIP networks such as Skype.
"Data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent." The recording agent is then able to "silently record" the communication, according to Microsoft's description.
"Modification may include, for example, adding, changing, and/or deleting data within the data. The data as modified is then passed to a protocol entity that uses the data to establish a communication session," the description notes.
According to Microsoft, Legal Intercept addresses gaps in current monitoring tools that are designed mainly for intercepting Plain Old Telephone Service (POTS). "With new Voice over Internet Protocol (VoIP) and other communication technology, the POTS model for recording communications does not work," Microsoft noted in the patent application.
Michael Froomkin, a professor of law at the University Of Miami School Of Law, said that from the patent description it sounds as if the technology would allow Microsoft to do is make Skype CALEA capable.
CALEA (Communications Assistance for Law Enforcement Act) requires telecommunications carriers and makers of communications equipment to enable their equipment so it can be used for surveillance purposes by federal law enforcement agencies.
But the implications of the technology are much broader, Froomkin added. "First, making a communication technology FBI-friendly means also making it dictator-friendly, and in the long run this is not good for movements like the Arab Spring," he said. "Second, experience shows that building in back doors invites exploits."
Skype has also been somewhat cagey about whether it's had a CALEA-style back door all along, he said. "Skype doesn't fully disclose how it works or how it encrypts," Froomkin said. "As a result users must take a great deal on faith.
"History teaches us over and over that faith is very easily misplaced," he added.
Jeffrey Chester, executive director of the Center for Digital Democracy, said the technology aligns with Microsoft's broader goals.
The company "aims to incorporate tracking technologies for its Skype services, as it aggressively expands its mobile advertising system across the world," Chester said. "Skype will likely soon have ad targeting and user profiling digit strings attached. This underscores the need for strong mobile and location privacy safeguards," he said.
A Microsoft spokesman said the company would not comment.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Update: Judge rules NSA spy efforts may be unconstitutional
- Perspective: Privacy concerns could keep Amazon delivery drones grounded
- NSA collects data from millions of cellphones daily
- Perspective: Curbing data use is key to reining in NSA
- Lavabit-DOJ dispute zeroes in on encryption key ownership
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts