Wednesday, April 19, 2006

Skype and JSI

Skype recently released a Security White Paper by Tom Berson of Anagram Laboratories that outlines exactly how Skype uses encryption. This paper may be found at the following URL:

Skype uses 256-bit AES encryption for its data stream. The use of encryption also makes it difficult to log the use of Skype, or more precisely, what is being used on Skype or who may be talking using Skype. The use of encryption works for the voice call, any file transfers, and instant messaging.

A potential issue for Skype and virtually any other VoIP messaging application is a set of new rules called the Communications Assistance for Law Enforcement Act (CALEA), which goes into effect in 2007. These rules make it easier for the government to have wiretap access to the media stream. The rules say that any VoIP protocol or company must be wiretap ready, and the list includes SkypeOut, Vonage, Packet 8, and many others. There are crossover worries for other groups offering Internet access, and the Federal Communications Commission (FCC) promises a set of regulations clarifying the first set of rules. The rules can be found at

We highly recommend that any people considering Skype for business use read the upcoming rules and regulations to better understand any impacts these regulations might have on their businesses.


Post a Comment

<< Home