A great deal of focus has been put on cracking Skype since it first became available in 2003, he says, and now he's heard rumors that surveillance companies have gear that can capture encrypted Skype voice streams and decrypt them later so they can be listened to.
If Skype can be tapped to accommodate law enforcement, not talking about it may be Microsoft's way of retaining the aura of security, says Matthias Machowinski, an analyst with Infonetics. "My guess is that it has something to do with changes in ownership," he says. "It used to be this scrappy little upstart. To a certain degree, they didn't have to comply with the requests of the U.S. government. Obviously they're in a whole different position now."
Eckersley says Skype users should only expect as much privacy on Skype calls as they do on traditional landline phones. "I think it's broken," he says about its security. "It lasted for a while because it was heavily obfuscated."
If Microsoft wants to promote Skype as a secure communication method, it should re-engineer the technology and make public its architecture and the encryption scheme it uses, he says, because the most secure encryption is that which is public yet can't be cracked anyway. "It's time for Skype to get a proper secure redesign that is open and auditable," he says.
If Skype is not secure, that should be understood by corporate VoIP pros using Microsoft Lync, the communication platform in Microsoft Office. With the upcoming version Lync 2013, Skype calls can be blended into Lync, so Skype can become a factor in determining how to secure corporate calls that include a Skype segment.
Read more about wide area network in Network World's Wide Area Network section.