Skype‘s own hunt for stability, not clandestine aims for call tapping, forced the significant infrastructure changes that led to speculation Microsoft and the NSA were spying on VoIP, the company’s principle architect has insisted. Matthew Kaufman, now a Microsoft employee following the VoIP company’s acquisition, took to the IP mailing list to address concerns of NSA monitoring collaboration and the so-called “Project Chess” that was revealed earlier this month.
Core to the criticisms of Skype’s service – and its potential for greater monitoring by Microsoft and US government agencies – is the switch from the previous “supernodes” system to a more traditional setup. At launch, Skype used dynamically established “supernode” servers – running on Skype users’ own machines – to control call routing, firewall navigation, and more, with calls themselves piped directly from client to client rather than through a centralized server.
That, along with encryption, led to Skype’s initial boast that calls made on the service were impossible to listen in on. However, Skype then switched to using “dedicated supernodes”, as Kaufman describes them, controlled by the company itself.
While there has been speculation that the architectural change was at Microsoft’s behest, or as part of the Project Chess strategy to make NSA spying more straightforward, Kaufman claims neither is true. For a start, the switch was begun prior to Microsoft’s acquisition, he points out.
However, the main reason is one of stability. Supernode problems caused two significant service outages, he highlights, prior to the more centralized setup. “Twice a global Skype network outage was caused by a crashing bug in that client” Kaufman recalls, and “bootstrapping the network back into existence afterwards was painful and lengthy, and that is in part why Skype has switched to server-based “dedicated supernodes”… nodes that we control, can handle orders of magnitudes more clients per host, are in protected data centers and up all the time, and running code that is less complex that the entire client code base.”
Meanwhile, the rise in mobile Skype use also forced a rethink. The original supernode system was designed for always-on, always-connected PCs with no power concerns; as smartphones and tablets rise in popularity – and become a considerable proportion of Skype’s user-base – new considerations to deal with the limits of background apps and processes in mobile OSes, the limited capacity of batteries, and the inconsistency or expense of mobile data connections had to be made.
“If you’ve tried to use Skype on a mobile device, especially if you have a lot of contacts or a lot of IM conversations, you’ll discover that it rapidly becomes a battery-powered hand warmer, and drains the battery faster that probably any other well-known application out there. And this is because it, until recently, was participating as a full node on our peer-to-peer network… exchanging packets regularly (over your 3G radio, most likely) with every single one of your contacts to keep presence status updated, exchanging packets with everyone in every IM conversation to keep those conversations synchronized, etc.” Matthew Kaufman, Skype principle architect, Microsoft
Kaufman won’t be drawn on specific security issues, such as the allegations that a clandestine team numbering twelve or less within Skype worked on potential ways to unlock more data for the NSA, joining the PRISM program several months ahead of the Microsoft buy. The architect says he is “not in a position to comment on what Skype can and cannot log or intercept, nor how and when that data (if any) is passed on to third parties.”