Last year, Ars documented how Skype encryption posed little challenge to Microsoft abuse filters that scanned instant messages for potentially abusive Web links. Within hours of newly created, never-before-visited URLs being transmitted over the service, the scanners were able to pluck them out of a cryptographically protected stream and test if they were malicious. Now comes word that the National Security Agency is also able to work around Skype crypto—so much so that analysts have deemed the Microsoft-owned service "vital" to a key surveillance regimen known as PRISM.
"PRISM has a new collection capability: Skype stored communications," a previously confidential NSA memo from 2013 declared. "Skype stored communications will contain unique data which is not collected via normal real-time surveillance collection." The data includes buddy lists, credit card information, call records, user account data, and "other material" that is of value to the NSA's special source operations.
The memo, which was leaked by former NSA contractor Edward Snowden and released Tuesday by Glenn Greenwald to coincide with the publication of his book No Place to Hide, said the FBI's Electronic Communications Surveillance Unit had approved "over 30 selectors to be sent to Skype for collection."