Has there been any confirmation of the very juicy rumor about Skype and the NSA? Brieftly it is this:
The NSA put out a $1 billion RFP to crack the encryption of skype - their inability to listen in on this huge communication channel was really a bummer for the NSA. Microsoft says "Hmm" and buys Skype for $8 billion, re-engineers the archtecture of Skype so that it is centralized rather than P2P and easily decrypted by Law Enforcement.
Or is this only another juicy rumor? Is there any citation for this RFP from the NSA, for example?
Skype has always relied on a central authentication server, which means that anyone with control of that server would be able to MITM any conversation. The recent changes of ownership and centralization of the service have nothing to do with this. Presumably the US government has been able to tap into any Skype conversation they want for a long time.
Sure, in theory. In practice, eavsdropping on two Skype users required presence on a network route between the callers, which might have been entirely in some random country's Internet segment.
Not really -- the directory server can just direct a user to connect to a MITM server. There's no need to control the entire network, you only need access to Skype's servers.
Skype's architecture is changing to match the changes in user base. As more and more tablets, phones, televisions and other devices which can't act as a supernode are added - and will be added in future - Skype needs to run more servers to pick up the slack. The notion that this is for eavesdropping purposes at the behest of the NSA is best left to the tinfoil hat brigade.
That said, you'd be ill advised to depend on Skype being more secure than a regular phone call. As a commercial service it is subject to all the kinds of pressures telco's face.
Not quite - CALEA legally requires telcos to cooperate with law enforcement and implement infrastructure for wiretapping. As far as I'm aware, no such law applies to Microsoft as they aren't a carrier under said law.
So any eavesdropping Microsoft lets law enforcement do is voluntary, whereas telcos have a legal requirement in this regards.
Metadata (call logs and such) is another story and are equally unprotected in practice.
The NSA put out a $1 billion RFP to crack the encryption of skype - their inability to listen in on this huge communication channel was really a bummer for the NSA. Microsoft says "Hmm" and buys Skype for $8 billion, re-engineers the archtecture of Skype so that it is centralized rather than P2P and easily decrypted by Law Enforcement.
Or is this only another juicy rumor? Is there any citation for this RFP from the NSA, for example?