Re: What's up with Skype in Germany?

On Jan 27, 7:03 am, Peter Pearson <ppear...@xxxxxxxxxxxxxxx> wrote:
Would any German-speaking sci.crypt participant be so obliging
as to visithttp://wikileaks.org/wiki/Skype_and_the_Bavarian_trojan_in_the_middle
and describe the leaked memo?
Well, it is described on that web page pretty exhaustively, and
translated here:
http://wikileaks.org/wiki/Bavarian_trojan_for_non-germans
As far as I can see, the translation is correct.

The phrase "trojan in the middle"
seems confused. I wouldn't expect Skype to be vulnerable
to a man-in-the-middle attack. Does this attack depend on
infecting the victim's computer with malware?
The memo explicitely describes a man-in-the-middle attack. The attack
amounts to installing a sniffing software on the suspect's computer,
which records and transmits the voice data before it gets encrypted.

This memo is of interest because in Germany, there has been a vivid
debate about whether law enforcment should be allowed to install
sniffing software on a suspect's computer - the so-called
"Bundestrojaner". As far as I know, this issue is now under inspection
by the federal constitutional court, but some of the states want to go
ahead and use it right now. Apparently, Bavarian (notorios for its
strict law enforcement) has already gone beyond discussing whether to
use it, but has arrived at the biggest obstacle for any project: who
should pay for it.

Given Germany's dark history in the government spying on the citizens
(Gestapo and Stasi), Germans often feel very threatened by the
government's efforts to gather information (which is limited to judge-
approved cases by now). While this memo should dispel their worries
(given the price of a single surveillance), I expect that the leakage
will rise further fear. The prospect of getting ones computer
infiltrated by governmental spyware raises deepest worries in Germany
(while most people freely give all kind of informations to the private
industry).
.