“Sustained Skype collection” of voice, video, and messages started in 2011.
NSA’s PRISM access to Skype keys and PSTN gateways let them reach out and touch calls worldwide.
A National Security Agency document published this week by the German news magazine Der Spiegel from the trove provided by former NSA contractor Edward Snowden shows that the agency had full access to voice, video, text messaging, and file sharing from targeted individuals over Microsoft’s Skype service. The access, mandated by a Foreign Intelligence Surveillance Court warrant, was part of the NSA’s PRISM program and allowed “sustained Skype collection” in real time from specific users identified by their Skype user names.
The nature of the Skype data collection was spelled out in an NSA document dated August 2012 entitled “User’s Guide for PRISM Skype Collection.” The document details how to “task” the capture of voice communications from Skype by NSA’s NUCLEON system, which allows for text searches against captured voice communications. It also discusses how to find text chat and other data sent between clients in NSA’s PINWALE “digital network intelligence” database.
The full capture of voice traffic began in February of 2011 for “Skype in” and “Skype out” calls—calls between a Skype user and a land line or cellphone through a gateway to the public switched telephone network (PSTN), captured through warranted taps into Microsoft’s gateways. But in July of 2011, the NSA added the capability of capturing peer-to-peer Skype communications—meaning that the NSA gained the ability to capture peer-to-peer traffic and decrypt it using keys provided by Microsoft through the PRISM warrant request.
The NSA was then able to “task” any Skype traffic that passed over networks it monitored or by exploitation of a targeted user’s system. “NSA receives Skype collection via prism when one of the peers is a (FISA Amendments Act Section 702) tasked target,” the Skype collection guide stated. Because Skype has no central servers, the guide explained, for multiparty calls, “Skype creates a mesh-network, where users are connected together through multiple peer-to-peer links. Instant Messages sent to this group of meshed participants can be routed through any participant.” If any participant in a chat was monitored, the NSA could capture all of the IM traffic in the shared chat.
Initially, NSA analysts had to piece together voice communications between peers because they were carried over separate streams, but a service added by August of 2012 by the NSA’s Cryptanalysis and Exploitation Services (CES) automatically stitched both audio streams of a conversation together. As of 2012, however, analysts still had to search for associated video from a call session to match it up with audio in a tool called the Digital Network Intelligence Presenter (DNIP).