<http://arstechnica.com/news.ars/post/20060217-6206.html>
Is Skype a haven for criminals?
2/17/2006 1:10:55 PM, by Nate Anderson
From a law enforcement point of view, digital communication is a two-edged sword. On the one hand, it allows for the simple collection, sorting, and processing of massive amounts of information (such as in the FBI's Carnivore system), but on the other hand, it is much easier for users to encrypt their communications with almost unbreakable codes. Now that VoIP calls are becoming commonplace, governments around the world are struggling to adapt to the new technology, and Skype has found itself under extra scrutiny.
<snip>
The FCC ruled last year that VoIP providers need to offer backdoors into their systems for wiretapping reasons, but Skype isn't based in the US and so is not subject to the rule. It is subject to the EU's new Data Retention Directive, though, which may require them to retain call logs and decryption keys for a period of time. If so, real-time monitoring of Skype calls would still be out, but after-the-fact review of recorded calls from people of interest might well be possible for the government.
My understanding is that encryption between Skype users is through remote key generation and key exchange and that any intermediaries (including Skype) don't have the necessary key information to decrypt the data streams. Can anyone support or refute this assertion? Steve