VOICE OVER IP (VoIP) and chat service Skype has denied claims that it snoops on users.
Microsoft, which bought Skype last year, filed a US patent application titled Legal Intercept describing a method for silently snooping on VoIP traffic. While the patent application did not mention Skype specifically, given Microsoft's buyout of Skype the firm has been forced to deny that it has changed its policies.
Skype COO Mark Gillett said the company hasn't changed its architecture based on Microsoft's demands, however he did say that all of Skype's supernodes - key infrastructure nodes - are now located in Microsoft datacenters. Gillett also denied that Skype had changed its policies regarding requests from law enforcement agencies, though he said that the firm has a team that responds to legal demands.
Gillett claimed that the supernodes that are now in Microsoft datacenters simply act as service discovery 'oracle' nodes rather than carrying voice or video data. Gillett also said that Skype still encrypts Skype-to-Skype conversations.
Gillett's comments about the supernodes acting as service discovery oracles sounds plausible, as bootstrapping peer-to-peer networks is a considerable challenge and having a few well provisioned nodes to act as a central repository of information is an easy way to improve performance. From Skype's point of view, if it can get its users to carry the huge amount of VoIP and video data that it transfers then it is a considerable saving for the firm.
However what Gillett didn't talk about is how Microsoft's patent could in theory be used to route communications through a node that acts as a snooping agent. Given that Skype uses the aforementioned supernodes to act as service discovery nodes, it isn't much of a stretch to think that Microsoft, or any company operating such a service, could route particular SIP sessions through an intermediary that can sniff packets on their routes to intended recipients.
And while Gillett said that Skype-to-Skype data is encrypted, that is of little use if Skype or Microsoft gives up the encryption keys to law enforcement authorities. Microsoft's Legal Intercept patent application might be designed to help it comply with law enforcement agencies but it is yet another reminder that online communications are far from private. µ