April 19, 2006

How COULD Skype support CALEA?

It has been widely assumed that because Skype encodes the speech, it is not easy for the governments to intercept a call for monitoring purposes. Today, Financial Times reports that Skype CEO agreed that Skype filters certain texts from chat session in China (if only indirectly through their partner Tom Online). Indeed, the CEO is quoted as saying: “I may like or not like the laws and regulations to operate businesses in the UK or Germany or the US, but if I do business there I choose to comply with those laws and regulations.” But we do not know the full scope the filtering. This raises the possibility (for many a surprising one, I am certain) that Skype may agree to assist in the legal intercept of a voice session. Mind you, I am not suggesting that they have agreed or that they have facilitated this. But I am interested in knowing how they could go about implement this capability IF they were approached AND IF they agree to cooperate. I am using US CALEA regulations as an example.

CALEA has two aspects: the first one is interception of call control information and the other is interception of call content. The legal requirements are different. Nonetheless, a LEA has to get approval from a legal authority and produce the order to the relevant service provider. In this case Skype is advised ahead of time the identity of the target. We also know that when a user logs into Skype system, the user is given a list of supernodes to try. We do not know on what basis, Skype selects this list. But Skype can clearly select its set of supernodes (let me call them CALEA supernodes) and deliver only that list to the target. This way, Skype can ensure that only CALEA supernodes will serve the target. Then it is a simple matter for the supernode to collect call control information and deliver to the relevant LEA(s).

If the LEA is authorized to intercept call content as well, then the CALEA supernode can be instructed to use a relay supernode (again operated by Skype for the purpose of CALEA) and use the relay supernode to intercept the call content. The fact that the content is encrypted is not a big problem, because Skype can deliver the key to the LEA through CALEA supernode.

Of course, I have omitted certain difficult aspects of CALEA; but then any VoIP system will have those difficulties. My point is that, once Skype is willing to abide by a country’s laws they can easily provide support for CALEA as well, all within their current architecture. One thing is clear: claims not withstanding, geographic boundaries do exist in Internet. It better be; otherwise one can not hope to offer location based services.

Posted by aswath at April 19, 2006 04:57 PM
Related Posts Widget for Blogs by LinkWithin
If you do not have an OpenID, then please use www.enthinnai.com/unauopenid/anyblog.



Wouldn't this be apparent to the target? If I recall correctly that's a no-no according to the J standard.

Posted by: Craig at April 21, 2006 01:11 PM

If you are referring to the use of media relay nodes, the answer is yes and it does violate the requirement. But then this applies to other VoIP providers as well when they use a Session Border Controller for the intercepted calls. As I state, this is one of the things that I didn't elaborate on this post; but I had covered it in an earlier post (http://www.mocaedu.com/mt/archives/000050.html).

Posted by: Aswath at April 21, 2006 02:23 PM

Copyright © 2003-2014 Moca Educational Products.