Staying Silent, I Serve Freedom


Note: again a post made before Edward Snowden's confirmation of things many "knew" or strongly suspected.

Big Brother is watching you!

Legal interception (i.e. spying of communications done by the instances of the government, with a permission) is coming soon to an ISP near you. Unless it's already there, of course. Basically, if you are one of the Bad Guys(tm), all your communications would be spied upon and examined in detail. Of course, even if you are one of the Good Guys(tm) your communications would need to be spied upon and examined in detail, but that would surely be for your own protection and safety.

"But what about Skype - surely they can't eavesdrop on Skype, I heard it's secure and encrypted"

Well...

There has been speculation of a Skype backdoor, which would allow any sufficiently technically knowledgeable party to eavesdrop on the communications of any user. (These parties include, but are not limited to, your government.) In Germany, Skype-snooping was achieved by placing a trojan horse (manufactured by DigiTask GmbH) to the target's computer.

However, according to Heise Online, a representative of the Austrian Ministry of Interior said it is not problematic for them to listen in on Skype. No details were given, so it is not known if it's the same Trojan horse approach used in Germany.

The backdoor speculation itself has gone on for a long time. Due to the proprietary closed-source nature of the Skype program, it is hard to know exactly what goes on behind the scenes. Also, the Skype program is made to actively resist reverse-engineering attempts, and this behavior doesn't exactly ease concerns of potential backdoor(s). However, nowadays quite a few technical details about Skype are known. That paper by Biondi and Desclaux is a very good read. Especially interesting picture is the geographical locations of the Skype supernodes.

So, does or does not Skype contain a backdoor? Maybe, maybe not - maybe it doesn't even need to contain a backdoor as such. The easiest way would be to Skype Inc. to just play nice with the authorities, help with the spying and deny everything (kind of like Crypto AG has done).

In the same Heise Online article, there was an even more scarier note about spying on citizens:

They called for ISPs to allow the interior ministry to install network bridges and Linux computers in their network centres. These would be used to copy and filter data traffic and forward it to the interior ministry via an encrypted connection. To facilitate filtering, ISPs should assign fixed IP addresses to customers being monitored.
it was made clear that should ISPs oppose these demands, monitoring legislation would be revised at some future time-point to prescribe the use of the ETSI ES 201 671 Version 3.1.1. monitoring standard. This would be legally binding and would require significantly more time and effort and be more expensive to implement. The reason given for not updating the legislation right away was that, in view of the present absence of terrorist activity, it would not currently be possible to mobilise political support for such a move.

In other words, the ISPs are being blackmailed to either implement a spying solution now, otherwise it will be pushed later through a law and will cost more for the ISPs at that time. Do it now, or else. But the thing which is more scarier is the latter part: legislation will come later as it cannot be updated now, because presently there is an "absence of terrorist activity", thus not enough political support for pushing through such a law.

It seems that there is a big demand to implement these eavesdropping solutions no matter what. So then, what happens if the "absence of terrorist activity" stays like that for a longer time? Will the ones demanding the spying tools grow impatient and orchestrate a false flag operation or two?