Worried that someone may be eavesdropping on your phone calls? Landlines and cell phones can easily be wiretapped. Some Voice over IP transmissions can be intercepted. But it appears Skype-to-Skype calls may be the most secure means of voice communication, since they’re encrypted with 256 bit keys. This is a good thing for privacy advocates, but may not sit as well with government and law enforcement agents, who see it as an opportunity for terrorists and other criminals to go undetected. Read more here.
Skype was one of the first popular computer-based VoIP services. It’s now owned by eBay, and it allows you to make free voice calls and send Instant Messages from your computer to another computer. You can also pay a per-minute fee to make calls to regular landline phone numbers and cell phones through a service called SkypeOut. And there’s also a service called SkypeIn, where you’re assigned a regular phone number for your Skype account so people can call you from landlines and cell phones. You have to download and install the Skype program, which is available for Windows, Macintosh OS X, Linux and even Pocket PC. You can get the software here.
According to this article, Skype calls are impossible – or at least very difficult – to eavesdrop on (this doesn’t apply when you use Skype to call landlines and mobile phones because the call can be intercepted when it enters the regular or wireless phone system).
Skype uses 256 bit AES encryption, a U.S. government standard, and uses 1024 bit RSA to negotiate the AES keys. But does NSA have a “backdoor” into AES? Some folks think so although there’s no real proof. The ACLU published this interesting article about what the NSA may be able to do; although it doesn’t specifically mention the encryption schemes they can crack, it offers insight into their data mining practices here.
Up until the late 1990s, there were strict laws in the U.S. controlling the export of encryption software to other countries. This software was actually classified as “munitions.” Use of encryption never really caught on with regular computer users, in part because it required installation extra software such as Pretty Good Privacy (PGP) and in part because encrypting your data was seen to call more attention to it, providing a red flag to the government and others that there must be something “juicy” involved.
It’s not just the encrypted nature of the calls that could make Skype attractive to criminal types. As with most VoIP services, you can get phone numbers in any area code no matter where you actually live. So you might live in New York and have a phone number with a San Francisco area code, making it more difficult to determine where you really are. And of course, you can use that number when you’re traveling, from many different places.
In fact, the problem is that just about anything that provides privacy for regular folks also helps the bad guys conceal what they’re doing. And that’s resulting in a lot of laws that are stripping us all of the last remnants of privacy that we had – and that’s not just a matter of concern for those with something to hide. It subjects us all to the risk of identity theft.
For example, we have always used our PO box for credit card correspondence to prevent the possibility of thieves stealing our mail from the curbside box and getting our credit card information from statements or sending in responses to the free offers of new cards without our knowledge. We recently closed our PO box 20 miles away (near our old residence) and opened a new one close to where we live now. But when we went to change the address with our credit card company, they wouldn’t accept a P.O. box. Supposedly this is because of Patriot Act requirements. Now I don’t mind giving them my street address for their records (well, okay, I do mind because of the many times companies have had this sort of customer information hacked, but I understand it). However, to not allow us to have a separate mailing address is ridiculous – and we’re canceling that card because of that, along with the fact that they send us “blank checks” several times a month that anyone could fill in to charge to our card. We have a credit card with another company (AAA) that does allow us to use a mailing address.
This is just one example of how new laws are eroding our privacy. Will Skype be outlawed – or forced to change its technology so messages aren’t encrypted – in the name of fighting terrorism? We’ve got to wonder.
What do you think? Much ado about nothing, or are the current trends dangerous to our well-being? Should we crack back down on the export of encryption, or is that futile since many of those plotting against us may be inside our own borders? When you make a phone call, does it matter to you if the NSA is listening, or do you figure it’s worth the sacrifice of a little privacy if it helps prevent further terrorist attacks or catches a drug dealer?