Microsoft seeks patent for spy tech for Skype
'Legal Intercept' would allow it to silently record VoIP communications.
Computerworld - Editor's note: An earlier version of this story said the Legal Intercept patent had been granted. The patent application is still being processed.
A technology called Legal Intercept that Microsoft hopes to patent would allow the company to secretly intercept, monitor and record Skype calls. And it's stoking privacy concerns.
Microsoft's patent application for Legal Intercept was filed in 2009, well before the company's $8.5 billion purchase of Skype in May. The patent application, which is still in process, was made public last week.
From Microsoft's description of the technology in its patent application, Legal Intercept appears similar to tools used by telecommunication companies and equipment makers to comply with government wiretap and surveillance requests.
According to Microsoft, Legal Intercept is designed to silently record communications on VoIP networks such as Skype.
"Data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent." The recording agent is then able to "silently record" the communication, according to Microsoft's description.
"Modification may include, for example, adding, changing, and/or deleting data within the data. The data as modified is then passed to a protocol entity that uses the data to establish a communication session," the description notes.
According to Microsoft, Legal Intercept addresses gaps in current monitoring tools that are designed mainly for intercepting Plain Old Telephone Service (POTS). "With new Voice over Internet Protocol (VoIP) and other communication technology, the POTS model for recording communications does not work," Microsoft noted in the patent application.
Michael Froomkin, a professor of law at the University Of Miami School Of Law, said that from the patent description it sounds as if the technology would allow Microsoft to do is make Skype CALEA capable.
CALEA (Communications Assistance for Law Enforcement Act) requires telecommunications carriers and makers of communications equipment to enable their equipment so it can be used for surveillance purposes by federal law enforcement agencies.
But the implications of the technology are much broader, Froomkin added. "First, making a communication technology FBI-friendly means also making it dictator-friendly, and in the long run this is not good for movements like the Arab Spring," he said. "Second, experience shows that building in back doors invites exploits."
Skype has also been somewhat cagey about whether it's had a CALEA-style back door all along, he said. "Skype doesn't fully disclose how it works or how it encrypts," Froomkin said. "As a result users must take a great deal on faith.
"History teaches us over and over that faith is very easily misplaced," he added.
Jeffrey Chester, executive director of the Center for Digital Democracy, said the technology aligns with Microsoft's broader goals.
The company "aims to incorporate tracking technologies for its Skype services, as it aggressively expands its mobile advertising system across the world," Chester said. "Skype will likely soon have ad targeting and user profiling digit strings attached. This underscores the need for strong mobile and location privacy safeguards," he said.
A Microsoft spokesman said the company would not comment.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
Read more about Privacy in Computerworld's Privacy Topic Center.
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Accelerate your innovation with IBM Bluemix™ Join us for a webcast introducing the new IBM BluemixTM. IBM Bluemix (www.bluemix.net) is a developer oriented Platform as a Service (PaaS) environment... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!