Called out

By G.F. | SEATTLE

SKYPE has always appealed to the privacy-conscious. From its humble beginnings in 2003, the Scandinavian and Estonian developers behind the service, which routes phone and video calls, instant and text messages over the internet, put much store by encryption and decentralisation, which together make for a robust and secure network. Now it has emerged that the company, which Microsoft bought last year from the previous owner, eBay, has become less decentralised. In the process, its users' privacy may be undermined, too.

The reason Skype has won over nearly 700m users is its relatively smooth connection even where networks are patchy. This was in part by routing calls through so-called "supernodes". By installing Skype software, a user agrees that his computer might serve as one of these hubs. This, Skype insists, uses only a sliver of bandwidth while dramatically improving connectivity across the network. Whether a computer is chosen to host a supernode depends only on where it happens to sit within the skein of active users; supernodes' locations are constantly adjusted to optimise all the concurrent connections.

By farming supernodes out to users, Skype needed to run fewer servers of its own, reducing overhead, as well as delays by having supernodes as close to clusters of users as possible. In May, however, Microsoft confirmed reports that Skype had re-engineered its network to replace user-hosted supernodes with servers operated by the company. A specialised operating system and software are meant to ensure that these are "hardened", a term borrowed from the days of nuclear bunkers, to withstand attacks and interception.

Many observers fear that the result might be just the opposite. Generally, the more decentralised the network, the harder it is to bring down. And while hardened servers may make life harder for outside snoopers, it might make it simpler for someone eavesdropping on the inside. An article in the Washington Postalleges that Skype's changes might make surveillance by law-enforcement agencies easier. Skype has denied this claim, though some researchers point out that the company appears to have had a limited ability to do this all along.

As with most services, Skype users create passwords to access their accounts (which are administered on the firm's servers). The passwords themselves provide no encryption of account data, however. Skype can access all the user information stored on its servers, including profile and credit-card details used to pay for calls placed to traditional phone operators.

But when a user—call him Bob, in keeping with cryptographic tradition—creates an account with Skype, the software installed on his computer also generates a pair of unique cryptographic keys. The "public" key is sent to Skype, along with Bob's user name and a scrambled version of the password. For complicated mathematical reasons, anyone can use the public key to encode data, but not to decode them. That can only be done with a numerically twinned "private" key, which is stored on Bob's hard drive. Niftily, the same private key can also be used to stamp Bob's signature on a message. In order to do this, he encrypts a plain text signature using the private key. This time, anyone can use the public key to decrypt the plain text. If the decryption spits out gibberish, a different private key must have been used, suggesting something is amiss. If it matches Bob's signature, he is who he claims to be.

With Bob's identity confirmed, the next step is to initiate a secure link. Alice, as cryptographers call the second party to an exchange, can do this by using Bob's public key to encrypt a different, one-time cryptographic key. This key is only known to Alice, whose computer generates one randomly whenever she wants to establish a secure connection with anybody, and to Bob, who can decrypt it using his private key. As a result, Bob and Alice can be confident that no eavesdropper (dubbed Eve in the jargon) is listening in on their exchange.

The last niggle is that a public key ostensibly belonging to Bob might in fact have been generated by Eve pretending to be him. A match between the bogus public key and the private key used in the digital signature would be guaranteed by the fact that the private key Eve used would be equally bogus. To prevent such "man in the middle" attacks from happening, internet services use digital certificates issued by independent certificate authorities (CAs). These certificates, which assure users that a CA vouches for a website's identity, are signed with the CA's own private keys. Just as with Bob's digital signature, the certificate can be verified using the authorities' public keys. In the case of recognised CAs, these public keys are preinstalled in operating systems, internet browsers and other software.

Skype acts as its own CA. The company's public keys are etched into its user software. When a user registers, Skype's servers issue a certificate to the user which incorporates his public key and unique username. In principle, then, if not in practice, Skype seems capable of issuing any combination of public key and username, including the bogus sort that make man-in-the-middle attacks possible.

With supernodes scattered across the web this possibility was circumscribed. As they are moved onto its own kit it may indeed become easier. This is not, of course, to say that Skype would use this newly gained ability to eavesdrop on its users—or let others, like government agencies, do so. But in the internet's more security-minded quarters Skype's increasingly tight hold on all aspects of its users' security is cause for concern. Such fears would be allayed if, for example, Skype allowed recognised CAs to countersign user certificates, or to let users choose their own CA. So far, the company has shown little willingness to lift the veil that enshrouds its security machinery.

Seven years ago Skype let an independent security researcher examine its system's vulnerabilities. The unedited report, available on its website, was positive, though it only assessed outside threats. It is becoming increasingly apparent that time has come for a comprehensive update.