The BBC today has reported that Italian crooks are using Skype to avoid detection by police who use traditional wiretapping to monitor phone calls. The Skype signaling and media path is encrypted which makes it very difficult to tap into. Also because, as a Peer to Peer protocol Skype doesn’t use any centralised servers that might be able to be monitored it adds to the difficulty for law enforcement agencies.
The whole problem is then compounded by the fact that because VoIP/Skype is a very nomadic service, ie you can use it from any internet connection anywhere, it becomes difficult to track the location of a caller.
This is a problem being looked at by Ofcom as part of the process of caller location identification for the emergency services. Currently if someone makes a 999 call from an unknown address, it is difficult to pin down where that call is being made from, at least in a timely manner.
There was a high profile Canadian case where someone dialled for an ambulance and it went to a location three thousand miles from where the call was actually being made from because the address held by the operator was not the address from which the call was being made.
When a VoIP call is made the details of the call logged by the Internet Telephony Service Provider include the IP address of the originating party. If you are an Internet Service Provider (note the distinction between ITSP and ISP – an ITSP often does not provide the underlying broadband service) you can correlate this IP address with a physical address (ie house number and street).
The problem is that this is a manual process and would likely take hours at best and potentially a couple of days. This is a process that could be automated but it is something that would probalby cost billons to implement universally in the UK.
I’m sure there will be more to say on this subject in 2009. As a final note it is often said that the security forces, aka GCHQ and CIA et al have not cracked the Skype encryption technology. I find this difficult to believe.