Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Sky(pe) is falling! Skype moves to the cloud, but what about security?

Glenn Fleishman | Aug. 3, 2016
Microsoft's move of Skype to the cloud comes with a continuing lack of disclosure on security and privacy.

Skype is moving to the cloud from its previous peer-to-peer (P2P) approach, and the sky is falling! Ok, not quite. It's not a revolutionary move, given changes Microsoft already made in Skype's infrastructure in 2012 after its acquisition of the service from eBay, which in turn bought it from its founders. Rather, it's a technical and business change that lets Skype more rapidly roll out services that have a heavy reliance on back-end server elements, and which can be more reliable if handled centrally.

Centralization doesn't have to reduce a user's expectation of privacy. But because Skype has never provided substantive disclosure about how it encrypts data and exactly how much it gives governments of your private texts, voice calls, and video sessions, we have little information on which to make a judgment. Centralizing Skype makes it somewhat easier to tap conversations, although there's no good reason to change architecture entirely for that purpose.

The Guardian newspaper reported in 2013, based on documents provided by NSA whistleblower Edward Snowden, that the NSA had dramatically increased its ability to collect data from Skype several months after the Microsoft acquisition. In response, Microsoft reiterated its policy about working with legal requests, but has never clarified or refuted whether it can tap into encrypted conversations.

I don't suggest the move to the cloud is a reason to stop using Skype-that reason has been in place since any other option existed with greater transparency about how its end-to-end encryption works.

When the Internet was thinly spread and expensive

When Skype's founders started to build the system in 2003, the Internet was much less resilient, and it was extremely expensive to buy and manage servers in data centers and carry huge amounts of traffic around the net. Rather than rely on centralization and a requirement of high-quality routes between data centers and end users, Skype used peer-to-peer (P2P) technology that let every other logged-in Skype user's copy of the software share some of the load.

This was a revolution in the developing world, where network infrastructure has since substantially improved due to the rise of inexpensive cell phones, but at the time was stretched thin. Even in highly industrialized nations in the early 2000s, it was often unbelievably expensive to make non-local calls. I traveled briefly through Europe in 2000 and Costa Rica in 2002, and every tiny storefront had some kind of national or international calling service advertised. Many used low-speed dial-up phones and voice over IP relays.

tin can phone thinkstockphotos 76756624
Creatas/Thinkstock

Skype was built like a series of tin cans with string stretched between them, and had extremely efficient voice-compression algorithms (codecs) and a lot of tolerance for dropped packets and loss of latency. A villager in South America could go to an Internet café and pay for a relatively affordable slice of time compared to other methods and make a call to a relative in the United States that probably sounded not much worse than long-distance phone service.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.