Just Plain Cuckoo

According to news in PC Pro magazine, authorities in Switzerland have come up with an unorthodox plan to tackle call tapping of Skype and other VoIP users.  VoIP calls can be end-to-end encrypted, which means that tapping on the Internet itself is often not practical.  For example Skype use an undisclosed encryption algorithm and key exchange system.  Phil Zimmermann’s Zfone employs perfect secrecy so that the conversation cannot even be listened to later offline when the encryption key has been obtained.

So the Swiss plan?  Tap the calls on the PC, by means of installing some kind of trojan to tap into the audio stream before it is encrypted.  It would be installed either by the authorities or remotely by the ISP.

Now, this is a daft idea on so many different levels that it’s hard to know where to begin.  In an ordered society like Switzerland you could expect a high level of compliance with this kind of procedure.  Unfortunately, the ones that won’t comply (for example malevolent hackers; gangsters; terrorists) are probably the ones that you are most interested in gathering intelligence about.  Secondly, it’s a gift for criminals, since if you leave a backdoor open, the PC already compromised, then someone will likely exploit this for criminal purposes.

With the right software in place, audio could be relayed in from elsewhere, allowing criminals to make calls “on your phone”, possibly implicating you in a crime.  Similarly, audio could be relayed out, so that those outside the government service could tap your phone, a boon to tabloid newspapers and blackmailers.

Finally, in a world of ever more mobile users, is this approach even practical?  Mobile users with GPRS in their phone or PDA can connect to the Internet without even touching a Swiss ISP.  Crime doesn’t necessarily stop at borders these days, couldn’t criminals just be in and out of the country before the G-Man sneaks some tapping software onto their laptop?

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>