In a new press release dated the 25th February which again mentions Skype directly, EUROJUST state their position as having had their first strategic meeting on internet telephony in 2006 which had included Skype SA as participants.

“There was a positive message from the Skype representatives during the meeting, showing their commitment to cooperate with the law enforcement authorities in the fight against serious, cross-border organised crime. The participants took into consideration that new VoIP technologies could offer a possible communication channel to criminals and criminal networks.”

Whether Skype’s level of co-opertation extends to handing over the encryption keys to their proprietary voip protocol is a good question. As with most proprietary systems, it is usually impossible for the end-user to tell whether there are any back-doors built-in by the manufacturer.

It may also mean that EUROJUST wants to avoid frightening off the fledgling European Voice over IP industry which, in the current recession, could prove extremely valuable to the European economy.

EUROJUST, the European Union’s judicial cooperation unit, is to examine the possibilities of bugging voip calls within the EU.

This comes after news that Italian law-enforcement agencies have requested help from EUROJUST in tapping voip calls made by criminals in Italy.

EUROJUST mention Skype by name but also include their intention to examine other voip systems in their press release. In the case of Skype which uses a proprietary protocol and encryption system, EUROJUST would presumably need to coerce Skype who are incorporated in Luxembourg to hand over encryption keys or create a ‘back door’ in their software to allow government wiretapping.

In the alternate case of SIP or similar VoIP communications, many calls may currently be transmitted ‘in the clear’ and be easy to intercept by simply capturing the packet stream for later playback. In cases where encryption is employed either in the protocol or the connection level, wiretapping may prove to be considerably more difficult as even the fact that a call is being made over a normally-encrypted data connection may be difficult or impossible to detect.

The issue lies in the way the ‘sounds’ of a conversation are compressed.

…the sampling rate is kept high for long complex sounds like “ow”, but cut down for simple consonants like “c”. This variable method saves on bandwidth, while maintaining sound quality.

Simply by analysing the encrypted stream for the difference between the sizes of the packets, researchers at John Hopkins university say they can identify entire words with a high degree of accuracy.

The John Hopkins team hope that they have caught this threat in time but I think it will take a good deal of shouting about it for the ISPs to take notice and change their planned deployments.