Periodically this topic of should we extend legal intercept capability to IP Communications is raised and more often than not the slant of the argument is that IP Communications should be free of any regulatory requirement. Invariably one of the supportive point is that the participants could encode the data exchange thereby thwarting the objective of interception. It is widely held that Skype’s encryption is the most difficult to break and so Skype is the poster child. Phil Wolff reports in Skype Journal that a German company is suggesting that they have developed a capability to infect a target’s PC so that the communication is intercepted in the PC itself and that too before the transmission is encrypted. At least in my reading it looks like Phil is suggesting that the German authorities have signed onto this. But I have my own reservations. First it is not clear whether they can infect stand alone devices. If not, won’t the targets who are professional miscreants use Skype devices, rather than a PC? Second, the infected PC has to transmit the intercepted communication to the LEA at some point. Since the targets can easily monitor the traffic flowing across their router, they can easily infer that they are targets. Once of the CALEA requirement is that the targets shouldn’t be able to discern that they are indeed targets.
In certain cases, the LEAs may not need access such an elaborate setup. It so happened that in a recent case, the Italian authorities needed to locate one of the suspects. “Soon after the murder, Guede (the suspect) left Perugia, but he kept checking Facebook for messages from friends. The Communications Police arranged for one of those to contact Guede using Skype from their office, and as the two chatted, the cops traced Guede to a computer in Dusseldorf.”
"I think that the vision of the early SIP founders has been largely unreal in the SIP world. SIP is typically just used for this mundane trunkling application like the one we have or sending calls between two networks and it is just calls. The vision of multi-modal communications and rich end points has largely failed within the same and I think that a big part of this is that they did not pragmatically just solve basic problems like NAT traversal for example and they also evolved the specification to the point that it is no longer had its light weight appeal." Jonathan Christensen, General Manager of audio and video, Skype.
From one Jonathan to another: Remember H.323 remarks? What goes around comes around.
By the way, is Skype is really P2P or CS in disguise? Isn’t their NAT traversal derived from the same source as STUN – UDP hole punching? (Read the History section at the bottom of the page.) Is Skype call model different than SIP, which is no different than H.323? Why do I get the feeling that I am listening to politicians promising "change"?