Comment: EU wants to intercept encrypted VOIP communications
February 25, 2009 2 Comments
By IAN ALLEN| intelNews.org |
Italian authorities are taking the initiative in a European Union (EU)-wide effort to terminate the tacit immunity of voice-over-Internet-protocol (VOIP) communications from authorized interception. Italy’s delegation to Eurojust, an EU coordination body tasked with combating transnational organized crime, issued a statement last weekend, promising to spearhead a project to “overcome the technical and judicial obstacles to the interception of internet telephony systems”. The statement contains several references to Skype, a Luxembourg-based VOIP provider that has so far reportedly refused to share its communications encryption system with government authorities. Because of this, the latter have accused Skype of providing organized crime syndicates with the ability to communicate without fear of their messages being intercepted.
There is some evidence that criminal and militant groups are switching to VOIP communications to coordinate their operations. In November of 2008, the Pakistani militant group, Lashkar-e-Taiba, used VOIP software to communicate with the Mumbai attackers on the ground and direct the large-scale operation on a real-time basis.
The distinguishing feature of VOIP-based communications, which form the technical basis of popular communications software, such as Skype and Vonage, is that audio signals are converted to data and travel through most of the Internet infrastructure in binary, rather than audio, format. Furthermore, they are sometimes encrypted using algorithms of various strengths. Additionally, VOIP data packets often travel through Internet networks looking for unused lines, which may not necessarily be the shortest route to their destination. Consequently, a VOIP source signal from New York to Los Angeles could easily reach its destination through, say, Reykjavik or Bogota. What is more, binary data packets often split, with different parts following different routes to a given destination and only reuniting at a switch close to the end destination. This poses severe barriers to communications interception, as well as to the ability of law enforcement and intelligence agencies to locate the source of target calls.
Companies like Skype point to the technical complexities of VOIP communications and argue that it is often technically impossible to facilitate communications interception requests by government authorities. Skype in particular says it has repeatedly briefed EU law enforcement agencies about these technical barriers, and that its policy is to cooperate with government interception requests “where legally and technically possible”.
Technical issues aside, those in the know are aware of ongoing efforts by intelligence agencies to bypass Internet service providers altogether, concentrating instead on intercepting VOIP messages at the user end. Earlier this month, reports emerged that German authorities are using malicious software installed surreptitiously on targeted computers to capture the content of VOIP-based communications. In January, the EU prompted European law enforcement agencies to resort to computer hacking (termed “remote searching” in official documents) in order to combat cyber crime. Britain’s Association of Chief Police Officers (ACPO) admitted that British law enforcement and intelligence agencies already conduct “a small number” of such operations every year. In 2008, “remote searching” was employed during “194 clandestine searches […] of people’s homes, offices and hotel bedrooms”, ACPO said. More recently, an anonymous industry insider alleged that the US National Security Agency (NSA) is actively soliciting several companies in its search for a way out of the technical challenges posed by Skype’s strong encryption and peer-to-peer network architecture. The unnamed source claimed that NSA is “offering billions to any firm which can offer reliable eavesdropping on Skype IM and voice traffic […]. They are saying to the industry, you get us into Skype and we will make you a very rich company”, said the source.
If accurate, these allegations show that initiatives such as the one by Eurojust, above, which aim at establishing operational interfaces between law enforcement, intelligence and telecommunications organizations, are simply one facet of a broader effort to intercept VOIP communications. While reaching out to VOIP providers, European and American intelligence agencies are simultaneously engaged in projects -often of dubious legality- to circumvent these providers altogether, focusing instead on end-point eavesdropping. These attempts will continue for as long as encrypted, peer-to-peer VOIP remains an attractive option for consumers.