• Welcome! The TrekBBS is the number one place to chat about Star Trek with like-minded fans.
    If you are not already a member then please register an account and join in the discussion!

Microsoft Wins Patent for Internet Spying Technology

CuttingEdge100

CuttingEdge100

Commodore
Commodore
Microsoft Wins Patent for Internet Spying Technology
URL: http://www.informationweek.com/news/government/security/231000643

Microsoft has been granted a patent for technology that acts as a wiretap of sorts for Internet communication, allowing governments or other law-enforcement authorities to record the data without detection.
Dubbed "Legal Intercept," using the technology means "data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent" that silently records the data, according to a filing with the U.S. Patent and Trademark Office.

In other words, the technology intercepts Internet communications data so it can be recorded for the purposes of reviewing it later by, presumably, government or law-enforcement officials.
Click to expand...

Does anybody see a problem with this?

CuttingEdge100
 
How could anyone see a problem with this?


I of course am joking. The idea of the makers of OS's having this kind of technology scares me. Not to mention it could probably open up other kinds of security problems.
 
What, Microsoft invented man-in-the-middle attacks? I'm sure nobody else has done this thing before. Well, now that Microsoft have a patent on it, it's illegal for anyone else to do it.
 
CuttingEdge100 said:
Isn't there something wrong with the fact that Microsoft is doing this?
Click to expand...
I have the opinion that there is something wrong with any software idea patents, because they limit the use of the patented idea by granting a monopoly to the idea. Especially when the idea is something obvious and a pretty much established technique.

But with patenting MITM attacks? No, Microsoft are simply patenting as much as they can so they have more legal ammunition to fight patent wars. This happens to be just one of the patents, it doesn't mean that Microsoft have any plans to actually develop such technology. It was their legal team thinking, “Oh, hey, let's expand our patent portfolio, what could we patent? Oh, MITM attacks, we haven't got a patent on that, let's get one. What is it anyway?”

If you're suggesting that after their recent purchase of Skype it is possible that they are considering to snoop on the peer-to-peer connections using man-in-the-middle attacks, yes, that's bad. However, I would be very surprised if they aren't doing it already and if Skype haven't done it in the past. Studies on the protocol have shown that it is rather trivial to do [1], and the governments have shown a huge interest in doing it [2,3], some are claimed to be already doing it [4]. So, it is easy and governments are willing to pay money for it, it would be quite a surprise if this isn't happening already.

If you do not want someone to listen to your conversations, use VoIP software that offers you proper end-to-end encryption and allows inspection of the method of encryption used (preferably the source code of the source code too). An example would be Jitsi, it offers end-to-end encryption for SIP calls using ZRTP, and end-to-end encryption to chat with OTR. Both are safe from man-in-the-middle attacks as long as the attacker doesn't come between the peers before they make their first conversation.

[1] Silver Needle in the Skype, Skype Voice Interception - Feasability of a man in the middle attack
[2] Indian Government Demands Right To Spy On Skype, Gmail, Blackberry Messages
[3] Skype encryption stumps [German] police
[4] Yes, China Is Spying On Skype Conversations
 
Last edited:
YellowSubmarine

I have the opinion that there is something wrong with any software idea patents, because they limit the use of the patented idea by granting a monopoly to the idea.
Click to expand...

So your issue is that they're patenting an idea, a thought, a concept and not a technique? I could understand that.

But with patenting MITM attacks? No, Microsoft are simply patenting as much as they can so they have more legal ammunition to fight patent wars.
Click to expand...

Uh, as I understand it, a man in the middle attack is illegal. Crimes shouldn't be patentable...
 
CuttingEdge100 said:
So your issue is that they're patenting an idea, a thought, a concept and not a technique? I could understand that.
Click to expand...
Not a simple technique, the entire invention, complete with how it works. The purpose of the patent is to publish how the invention works so it can be recreated by everyone once your patent expires. You give your invention to the public domain with an exchange for a limited monopoly over it.

Uh, as I understand it, a man in the middle attack is illegal. Crimes shouldn't be patentable...
Click to expand...
I don't agree. MITM attacks are pretty much illegal, yeah. But that doesn't make the technology itself illegal.

In the very least, it has legal uses. Interception by the government could be legal in some cases, you could legally intercept yourself for some reason (e.g. to learn how to protect yourself against such attacks), you can run competitions for compromising a given encryption protocol (e.g. to prove that the protocol is safe, or to prove that it isn't safe, or just to test how safe it is).

Even something is illegal, that doesn't always make it wrong, and it doesn't always warrant taking the means to do it from the people. Imagine that you get kidnapped and get locked with your laptop in a place with no cellphone coverage. You crack the encryption of the kidnapper's wireless and use it to call the police. Now, cracking the wireless is illegal, but the tools to do it aren't, and I don't think that anyone would have any issue with the use of them, would you?
 
JarodRussell said:
What could Microsoft's spy tech discover that Google doesn't already know?
Click to expand...
Google doesn't have access to supposedly encrypted personal chat communications between small parties. And Skype has much bigger market share than Google Talk, so even if Google were sniffing Google Talk communications that don't use OTR encryption, they wouldn't hear too much. Now, Gmail on the other hand...
 
YellowSubmarine

Not a simple technique, the entire invention, complete with how it works. The purpose of the patent is to publish how the invention works so it can be recreated by everyone once your patent expires. You give your invention to the public domain with an exchange for a limited monopoly over it.
Click to expand...

Isn't that the last thing we need? Somebody creating and patenting an invention that is used solely for the purpose of spying on other people, then publishing it so everybody can do it?

It's amazing how Obama goes on and on about Cyber-Security, and we have computer companies publishing how to do shit like this. It's almost like they want to endanger cyber-security so they can develop solutions to combat it.

I don't agree. MITM attacks are pretty much illegal, yeah. But that doesn't make the technology itself illegal.

In the very least, it has legal uses. Interception by the government could be legal in some cases
Click to expand...

The government already has the means to intercept calls through cooperations with telecommunications companies, through ESCHELON, through planting worms in people's computers. That's a bad argument.

you could legally intercept yourself for some reason (e.g. to learn how to protect yourself against such attacks)
Click to expand...

This is already done to test computer security.

you can run competitions for compromising a given encryption protocol (e.g. to prove that the protocol is safe, or to prove that it isn't safe, or just to test how safe it is).
Click to expand...

Already done

Even something is illegal, that doesn't always make it wrong
Click to expand...

In this case it pretty much is. The only exceptions are if it's done with a warrant by a government with actual probable cause (and that's already done), and if a person is doing it to reasonably evaluate their own security.
 
CuttingEdge100 said:
Isn't that the last thing we need? Somebody creating and patenting an invention that is used solely for the purpose of spying on other people, then publishing it so everybody can do it?

It's amazing how Obama goes on and on about Cyber-Security, and we have computer companies publishing how to do shit like this. It's almost like they want to endanger cyber-security so they can develop solutions to combat it.
Click to expand...

A man-in-the-middle attack is not something new or previously unknown. The concept is taught in every computer networks class. Ways to defend against it have already been devised (digital signatures). Frankly I'm surprised a patent was granted in the first place.
 
Last edited:
Lindley

A man-in-the-middle attack is not something new or previously unknown. The concept is taught in every computer networks class. Ways to defend against it have already been devised (digital signatures).
Click to expand...

Then why the need for a patent?
 
Allowing someone to patent something that isn't actually new, just because no one else has? Sure, that sets a bad precedent.
 
CuttingEdge100 said:
Isn't that particularly dangerous?
Click to expand...
The software patent situation that currently exists is dangerous. But this is only a one patent out of a zillion, it doesn't matter either way.

What matters is that software patents aren't issued to people who have invented something new to encourage innovation, instead patents are acquired in bulk to fight patent wars against your competition and for extortion, as happens with Android right now. Android is accused to infringe on numerous patents and the companies shipping it are required to pay for a license. Most probably it doesn't infringe on a half of those patents, and a half of the rest are invalid, and a half of the rest of that are valid but shouldn't be, while the remaining ones are fine but are not owned by whoever invented the technology behind them. That doesn't matter much when somebody is holding a lawsuit gun loaded with a dozen of them to your head though.

Issues with software patents:
http://en.swpat.org/wiki/Arguments#List_of_ideas

In particular, I was referring to the danger of patent trolls:
http://en.swpat.org/wiki/Patent_trolls
 
You must log in or register to reply here.

Similar threads

A
B5's Deconstruction of Falling Stars, Trek-ified (Part 2)
Replies
0
Views
130
Allah Gold
A
A
[REUPLOAD] Some stuff i made about Star Trek: Lower Decks.
Replies
3
Views
1K
cooleddie74
cooleddie74
If you are not already a member then please register an account and join in the discussion!

Sign up / Register


Back
Top