Want to Avoid GCHQ Snooping? It’s As Simple As Using Skype

The government has come under heavy fire this week for its overbearing proposed surveillance legislation, which will see email communications and website visits monitored. Whilst GCHQ won’t be given a licence to view the actual content end users see, the update to the law still amounts to a seemingly egregious piece of privacy invasion.

But privacy is not the only thing that makes these measures absurd. What makes them truly crazy, is how easy it is to avoid detection on the Internet. Indeed, it dawned on me during a briefing with Skype last night that just using the Microsoft-owned voice and videoconferencing service would help people cover their tracks.

Anonymity via Skype

It all lies in the way Skype works. Skype itself doesn’t actually hold any of its customers’ communications data. None of its servers have any user interaction on them, nor do they keep records of conversations or details on who contacts who. It operates over a peer-to-peer system and the data sits on the client. Furthermore, all calls are anonymous from Skype’s point of view. 

It appears that if the government wanted to find out what people were doing on Skype, it would not be able to get much at all from the VoIP company. It would need to get hold of customer devices and it would need a warrant to do that.

Of course, if Skype moves into doing more analytics work, as it indicated last night when it revealed it was going to be carrying out some big data projects, this would change things. But with the current architecture, Skype users should not have to worry about their communications details being intercepted by GCHQ.

Skype’s official line was rather more diplomatic than my own assertions: “We comply with legislation in all the countries in which we operate. This is a proposal and we have not had the opportunity to review it in depth,” the company said.

Hiding as Skype

There are numerous other ways to get around surveillance, one of the most innovative relating to Skype. Some clever computer scientists in the US have created a tool that disguises communications over the Tor anonymity service as Skype video calls. The SkypeMorph tool covers up the identifiable characteristics of data packets being sent over Tor, according to Ars Technica. Developed at the University of Waterloo, it effectively blends Tor user traffic into normal traffic. Tor was already good at cloaking internet activity, but now, with this add on, it’s even better.

There are more ways to remain unseen if the government legislation comes in, as Martino Corbelli, chief customer officer at Star, told TechWeekEurope. “For organisations or individuals with something to hide, it is relatively easy to dodge the reaches of this bill – by using pre-paid mobiles, foreign web-servers or existing systems that route traffic in such as way as to ensure user anonymity,” Corbelli said.

“The proposed bill would push terrorists and criminal gangs to use more secure and innovative methods of communication. Anti-crime and anti-terrorism agencies do not have the funding or the technical skills to start a technology war with criminal gangs or terrorists. We would be giving up our civil liberties just to make it harder to track real terrorists.”

When faced with such arguments, the government’s defence of these measures does not stand up. Any serious criminal organisation can leverage free technologies and avoid detection, making these extra measures wholly unnecessary. Outside of invading people’s privacy, they will do little to smash the “conspiracies and terrorist plots”, regardless of home secretary Theresa May’s polemics in the Sun yesterday.

May claimed similar use of data has already helped catch murderers like Ian Huntley and “gangland thugs who gunned down Rhys Jones.” Why does GCHQ need more powers then? The technology and available data is evidently useful enough already. The government’s excuses simply do not wash.

Think you know security? Test yourself with our quiz.