The Akron Legal News

Login | March 28, 2024

Skype is changing. Is it secure for attorneys?

RICHARD WEINER
Technology for Lawyers

Published: August 19, 2016

Skype’s fundamental technology is changing, moving from a platform based in individual users’ devices to the cloud.

A number of experts are asking questions about how these changes will affect the security of the platform going forward.

In this column, we always ask: How will that affect attorneys?

Skype is a platform that lends itself to accomplishing long-distance interviewing of clients and witnesses and may be used for depositions.

The company was acquired by Microsoft in 2011 for $8.5 billion. At the time, and from its inception, Skype operated on a peer-to-peer (p2p) platform. Peer-to-peer means that each individual device—laptop, desktop, smartphone, etc.—was connected to the other user’s personal device without an intermediary.

In other words, If I Skyped you, Skype would connect our two computers. Our conversation would not be gate kept or stored anywhere, unless one of us had software to do that on our own devices.

Because of that, Skype was relatively secure and safe from random hacking, as a hacker would have to figure out when the conversation was going to happen, which devices it would happen between and then somehow get in the middle of it. It was still subject to wiretaps and other forms of bugging as well as the occasional crash.

That was mostly secure and convenient, but difficult to scale. Microsoft is about scaling up. So, in order to scale Skype, MS first established a sort of super-p2p network in 2012 to help stabilize the system.

But now, the software giant is taking Skype platform centralization all the way. Microsoft is transitioning Skype to the cloud, meaning that the old p2p system will cease functioning at some point.

Apparently, according to an Ars Technica article, the implication is that Skype in the cloud will not be able to be encrypted, or really secured in any private way, leaving Skype conversations far less secure than they were on the p2p platform.

The article calls this security gap “the elephant in the room” on the topic, stating that “Microsoft has been consistently silent on this...the system is a black box.”

So, once again—be careful out there!


[Back]