Microsoft indirectly hinted that Skype communications can be intercepted and handed over to the National Security Agency, according to two privacy and security researchers' interpretation of the latest statement by the company regarding NSA surveillance.
In a long blog post addressing the latest reports that said Microsoft helped the NSA spy on its users, the company equated Skype with traditional calls, saying that it "[assumes] that all calls, whether over the Internet or by fixed line or mobile phone, will offer similar levels of privacy and security."
For security experts, that means Skype calls are at the mercy of NSA requests, just like traditional phone calls made with landlines or cellphones. In other words, the U.S. government, through its PRISM program, can legally compel Microsoft to hand over Skype communications, something that the company previously denied was even possible at a technical level.
"That's the most telling sentence," privacy researcher Ashkan Soltani told Mashable. "They're implying that until they can say more, all they're going to say is 'don't assume Skype is different.'"
His conclusion is based on the fact that Microsoft does not deny it like it used to in the past, and that Skype is compared to "other technologies that do allow interception," he said.
In a tweet, ACLU's principal technologist and senior policy analyst Christopher Soghoian echoed Soltani's thoughts: "Microsoft, a company with dozens of cryptographers, aims to offer same security and privacy for Internet calls as regular phones (aka none)."
Microsoft, a company with dozens of cryptographers, aims to offer same security and privacy for Internet calls as regular phones (aka none).
— Christopher Soghoian (@csoghoian) July 16, 2013
The statement by Microsoft's General Counsel Brad Smith, however ambiguous, is a far cry from what Skype claimed in 2008.
At the time, the company — which was owned by eBay — claimed it couldn't possibly comply with wiretap requests because of Skype's "peer-to-peer architecture and encryption techniques," as reported by CNET.
In the following years, experts have questioned that claim.
A Microsoft spokesperson declined to elaborate. When asked by Mashable to clarify that sentence, and asked directly whether it means that Skype calls can be tapped just like regular calls over fixed lines and mobile phones, the spokesperson said that when the company was last asked about that, it declined to comment, and that its position hasn't changed since then.
Microsoft released its lengthy statement to respond to last week's allegations that the company had actively helped the NSA and the FBI spy on its users. According to documents leaked by Edward Snowden to The Guardian, the company has changed Skype's architecture to make it possible to hand over audio and video calls.
Additionally, The Guardian report alleged that Microsoft was giving access to emails and chats before they were even encrypted. An allegation that Microsoft denied.
See also: Is It the Dawn of the Encryption App?
"To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys," Smith wrote. "When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency."
Even though this explanation still lacks a lot of technical details, Soltani thinks that this could be explained by an infographic that speculates how PRISM works, which he published in June. Soltani speculated then, as he does now, that Microsoft responds to PRISM requests by sending the data to a separate server or "dropbox" that can then be accessed by the NSA.
Without more details, however, we can't know for sure how the system works, and for Soltani that's the most important thing.
"Besides the legal question, knowing the specifics of the technical architecture will really help understand the actual scope and impact of this program," he said. "We can't have oversight without knowing exactly what technically is being 'scooped up' by the legal request."
In the statement, Microsoft also reiterates what all big tech companies have denied following the PRISM revelations — that it doesn't give "direct and unfettered access" to customer data.
Additionally, Microsoft sent a letter (embedded below) to U.S. Attorney General Eric Holder, asking him to get directly involved and let the company reveal more details about how it responds to government requests. Microsoft argues that it has been trying to disclose more since the very first leaks. First it asked the Department of Justice and the FBI for permission, then it went to the Foreign Intelligence Surveillance Court (FISC) on June 19. The court still has yet to respond to Microsoft's motion.
And despite all these pleas, "we're not making adequate progress," wrote Smith in the letter.
Ultimately, Microsoft argues it has a constitutional right to disclose more information and respond to media reports based on the documents leaked by Snowden.
"We believe the U.S. Constitution guarantees our freedom to share more information," reads Smith's blog post. "The United States has been a role model by guaranteeing a Constitutional right to free speech. We want to exercise that right. With U.S. Government lawyers stopping us from sharing more information with the public, we need the Attorney General to uphold the Constitution."
Microsoft Letter to the Attorney General
Image: Justin Sullivan/Getty Images
No hay comentarios:
Publicar un comentario