Microsoft’s about to buy Skype, everyone read about it. And, inevitably, Microsoft is already getting blamed for every sneeze/cough/outage/weirdness of Skype there is (specifically that little Easy Bits Games Go fiasco that let users to believe they just caught some trojan or a virus and outage that made some thing it’s a sabotage).
But there is at least one little controversy that was really caused by Microsoft itself. Gazeta.ru has reported that Microsoft Russia is ready to provide Skype’s encryption algorithm to Russia’s Federal Security Service (FSB). In fact, Microsoft Russia’s president Nikolay Pryanishnikov “would love to do it” as company’s policy is “cooperation and partnership with the State”.
A large wave of “KGB will tape our Skype calls” comments followed. Especially as users remembered that FSB already voiced displeasure at inability to wiretap Skype calls and messages in April of this year. Heck, Skype could be outlawed and blocked completely in Russian segment of the internet until there’s a capability of wiretapping built-in. And here Microsoft is talking about giving to the secret service “keys to the kingdom”.
Microsoft tried to calm fears down by issuing a correction — their president meant sharing of the source code, which they already do for their current products, and Skype will fall into that category soon. Plus they need “regulatory approval” and that, of course, is quite difficult if FSB opposes certification of this new acquisition.
However, I am not quite sure why PR people think that sharing “source code” versus “algorithms” are any different (well, it takes a bit of thinking to reconstruct the algorithm from the source code, but not much), and so far attempt to calm the fears has been unsuccessful.
Frankly, in many cases knowing algorithm won’t help that much — if security is well thought-out, keys are generated in secure manner, peer-to-peer element of the network is “uncontrollable”, but it certainly would make life much easier to whomever tried to circumvent the Skype call. Even more alarming is a general tone of the conversation, where people can easily conclude that in the spirit of that very same “cooperation and partnership” Microsoft could simply “tweak” the Skype client just a little bit, to make wiretapping easier.
Plus in that correction they simultaneously claim that “protecting private information is paramount and censuring or monitoring of it is not provided” yet “in accordance with laws of every country where the service is available, including Russia, company provides requested private information when supplied with subpoena”. So, all FSB will need is a court order? Not a very high burden.
I know doing business in Russia is hard. But in this case Microsoft made quite a poor choice of words, and it has nobody but itself to blame for scaring Russian users. Will US customers start to worry about a chance of “KGB listening in”? We’ll see.