Leaked documents sent from the government of the German province of Bavaria have revealed an attempt by the Ministry of Justice to contract out the development of software to intercept encrypted Internet communication, including conversations held over Skype.

The documents, which were leaked by the German political party Piraten, are addressed to a software firm by the name of Digitask and come in two parts. The first is a letter from the Bavarian ministry inquiring about Digitask's ability to develop this interception software, along with a list of suggested monthly rental prices that Digitask could charge the government to rent its interception solution. The second is a reply from Digitask outlining how the company would deploy their solution.

The method outlined involved the installation of malware referred to as the "Skype Capture Unit" that would be delivered in an executable file that "can for instance be attached to an e-mail or directly be installed on the target machine." This software would then transfer unencrypted conversations to a remote Skype Recording Server that can record and replay 10 Skype interceptions in parallel. The Recording Server then sends the conversations through to Skype and their intended destination, a classic "man in the middle" attack that is difficult for the compromised user to detect.





Bavaria isn't the only place where malware is used by law enforcement. Other countries, including the United States, are looking into or are already using so-called "policeware" to conduct investigations. Popular vendors of anti-malware software have given vague responses when asked if they will detect and remove policeware.

This type of malware is the digital equivalent of old-school telephone wiretapping, and whether it is simply a useful tool for police to catch criminals or a terrifying "Big Brother" enabler depends very much on the type of government that is giving the orders. While "wiretapping" evokes images of black-suited investigators attaching wires to physical phone lines, these days a telephone call can be intercepted digitally from the phone company without any manual labor. Tapping of Skype calls is, for now, a more difficult endeavor that requires the policeware to be installed on the target's computer. However, as open source advocate Richard Stallman pointed out in a post on Boing Boing, unless you are using open-source VoIP software you can't necessarily guarantee that a wiretapping backdoor hasn't been built into the software already. This doesn't appear to be the case with Skype at the moment, though.