Skype is so secure, police need to actually invade your computer to eavesdrop.

The German police shopped for tools to listen in on Skype calls. Tapping PCs directly is their only option, since they cannot intercept and decrypt Skype calls over the Internet, at least not in real time, per the Federal Criminal Police Office of Germany (Bundeskriminalamts or BKA). Once these low level monitoring tools are on your PC, they can see what any program does, not just Skype. If they can eavesdrop on your PC they can see all your keystrokes, listen to all your music and speech, watch all your video, play your games. 

This latest news comes from a leaked memo from the Bavarian Ministry of Justice (BMJ). You can read a transcript of the memo. heise online reports this tool as a "Trojan horse" but the original letter does not say how the software gets on a PC. 

A rough translation from the DigiTask proposal to the BMJ (pdf):

Encryption of communication via Skype poses a problem for surveillance of telecommunications. All traffic generated by Skype can be captured when surveilling a Dial-in- or DSL-link, but it cannot be decrypted. The encryption of Skype works via AES with a 256-Bit key. The symmetric AES keys are negotiated via RSA keys (1536 to 2048 Bit). The public keys of the users are confirmed by the Skype-Login-Server when logging in. To surveil Skype-communication it thus becomes necessary to realize other approaches than standard telecommunications surveillance.

The concept of DigiTask intends to install a so called Skype-Capture-Unit on the PC of the surveilled person. This Capture-Unit allows recording of the Skype communication, such as Voice and Chat, as well as diverting the data to an anonymous Recording-Proxy. The Recording-Proxy (not part of this offer) forwards the data to the final Recording-Server. The data can then be accessed via mobile Evaluation Stations.

The mobile Evaluation Units can, making use of a streaming-capable multimedia player, playback the recorded Skype communication, such as Voice and Chat, also live. To minimize bandwidth usage special CODECs for strong compressions are used. The transmission of data to the recording unit is encrypted using the AES algorithm.

As of 4 September 2007, DigiTask didn't capture video calls.

Fun facts:

• DigiTask GmbH charges EUR 3.500 monthly for each installation of a Skype Capture Unit. Three month minimum.

• There's a one-time installation and de-installation fee of EUR 2.500. (VAT not included)

• DigiTask gets paid first: Payment is due in 30 days (2 percent discount if you pay in 14 days). Delivery may take four to six weeks.

• Security is not a new line of business for DigiTask. They offer a line of IP-based surveillance cameras, and "monitors" for SMS traffic.

• There's a "Don't blame us when this comes back to bite you" clause.

  • "The usage of the Skype Capture Unit and SSL-decoding is in full responsibility of your department. DigiTask will cannot be held responsible for usage of the software or any damages caused by it."

• DigiTask can read SSL encrypted communications between your browser and a secure web site, like Skype.com. The better to see your Skype and PayPal accounts. 

Bottom lines:

1. Skype conversations are only as secure as the PCs of all parties to a conversation.
      Protect your PC. Don't talk to strangers.

2. Law enforcement is in the market for tools to do for VoIP what they've done for landlines and mobile phones: call logs, call recordings, and listening in live to people talking.
      Lobby for warrants to invade your PC to be just as much a free speech issue as listening to your phone.

3. If legitimate government public servants can buy these tools, there must also be a dark market. You can easily imagine private security, private intelligence, criminals, and militaries - none of which depend on warrants - to use tools to eavesdrop on PCs.
      Invest in the toolmakers. Make laws about privacy apply to PC/IP communications.