Skype ditched peer-to-peer supernodes for scalability, not surveillance

Summary:Before Microsoft acquired Skype in 2011, the voice calling service was already ditching its "near impossible to wiretap" peer-to-peer model in favor of the cloud.

Skype_WP8_IncomingCall 2
Image: James Martin/CNET

Skype's principal architect explained in an email on Sunday why the company redesigned its backend infrastructure, which many have claimed made it easier for governments to wiretap calls. 

Skype principal architect Matthew Kaufman took to an email list to refute some of the claims made by one commentator, who claimed that Microsoft's "really dumb" move to run Skype through Microsoft-owned servers once it was acquired in 2011, made him "suspicious," especially in light of recent news of massive U.S. government surveillance.

Kaufman, now a Microsoft employee following the acquisition, did not directly discuss surveillance and the ability to wiretap, but he did "take issue" with the decision to switch to a datacenter model as being described as "really dumb."

...the Skype peer-to-peer network architecture elected certain nodes to be "supernodes", to help maintain the index of peers as well as handle parts of the NAT [network address translation]/firewall traversal for other peers. This election algorithm chose only machines with open Internet connectivity, substantial uptime, and which were running the latest version of our peer-to-peer code.

He also explained that "twice a global Skype network outage was caused by a crashing bug in that client," with  one of those instances being in 2010 .

[T]hat is in part why Skype has switched to server-based "dedicated supernodes"... nodes that we control, can handle orders of magnitudes more clients per host, are in protected data centers and up all the time, and running code that is less complex that the entire client code base. 

He also confirmed that, "this conversion [away from peer-to-peer] started well before the Microsoft acquisition was even announced, during the Silver Lake era," in 2009.

The exchange began after an article by The New York Times last week claimed that a small handful of Skype employees established Project Chess, a system designed to explore the legal and technical issues behind handing over Skype user data to law enforcement agencies.

Only a few executives at the company were made aware of the project, which was reportedly set up in 2008. Project Chess is also said to have continued when eBay sold Skype to Silver Lake Partners for $2.75 billion in 2009

But an interesting tidbit from the email came from professor emeritus Dave Farber, who claimed in the thread, "...the fact is that the management of Skype — even when they were owned by eBay — told the U.S. government to stick it, and got away with it."

Kaufman said he was "not in a position to comment on what Skype can and cannot log or intercept."

Read this

PRISM: Here's how the NSA wiretapped the Internet

The National Security Agency's "PRISM" program is able to collect, in realtime, intelligence not limited to social networks and email accounts. But the seven tech companies accused of opening 'back doors' to the spy agency could well be proven innocent.

Security expert Bruce Schneier confirmed in 2006 that National Security Agency (NSA) could not intercept Skype calls because of its then-infrastructure setup. According to CNET in 2009, Skype confirmed it was unable to fulfil any government request to wiretap calls, "because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request."

Skype has in recent weeks and months denied that Microsoft's acquisition made it easier for police and intelligence agencies to access user data, despite a leaked NSA slide claiming that its PRISM program  allowed the agency "direct access" to its servers

If the Times' article is to believed, Skype's statement regarding law enforcement requests following acquisition would be true. 

The revelations of the NSA's widespread spying programs come only months after Skype denied that it was "playing Big Brother," according to ZDNet's Ed Bott , by listening in on your voice conversations. Earlier statements  by Skype in mid-2012  state that, "Skype to Skype calls do not flow through our data centres," adding: "These calls continue to be established directly between participating Skype nodes (clients)."

It remains unclear whether or not the NSA can wiretap Skype calls or access them after the fact with a valid warrant. However, metadata relating to Skype calls can be collected under a broad warrant issued by the Foreign Intelligence Surveillance Court (FISC), a secret court governed under its namesake statute, the Foreign Intelligence Surveillance Act (FISA).

Kaufman continued his technical reasons as to why Skype converted to a cloud-based datacenter model for its ever-growing user base, away from its peer-to-peer infrastructure.

He explained that with a rise in mobile and tablet users, these devices rapidly became "a battery-powered hand warmer," because it was participating as a full node on its peer-to-peer network. This would drain the battery faster than "any other well-known application out there," he said.

He also championed feature changes as a result of the cloud-based model, such as missed instant message delivery. "Servers. Lots of them," he said, "and more and more often in the Windows Azure cloud infrastructure."

In the case of instant messaging, we have merged the Skype and Windows Messenger message delivery backend services, and this now gets you delivery of messages even when the recipient is offline, and other nice features like spam filtering and malicious URL removal. [...] And over time you will see more and more services move to the Skype cloud, offloading memory and [processor] requirements from the mobile devices everyone wants to enjoy to their fullest and with maximum battery life.

While Kaufman he did not directly address the issue of wiretapping — he referred back to Microsoft's statements — or even acknowledge the existence (or non-existence) of Project Chess, there were technical reasons behind the move to the cloud-based datacenter model, not limited to growth and scalability.

He said the transition had been "difficult" and took the hard work of "hundreds of developers." 

Whether or not it made wiretapping easier for the NSA and its domestic law enforcement and global intelligence agency counterparts, so be it. But in Kaufman's words, at the time the move made "strategic and business sense."

Topics: Privacy, Cloud

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.