(Articles on Politics and Society: follow this link)
The fine print on Skype
Security concerns and other issues are pushing organizations to ban Skype from their networks, while some skypers discover a hidden cost.
by Bruno Giussani
First published 29 March 2006 in the "Wall Street Journal Europe"
Everyone loves Skype, the software that enables phone calls for free or
a very low cost -- along with other services such as instant messaging -- using
voice over Internet protocol (VOIP) technology.
The European company has been a wildly successful start-up and a darling of the
media. eBay bought it in September for $2.6 billion, plus another billion dollars or so if they reach some future financial targets. The software has been downloaded some 250 million times.
Yet, we must restate: Almost everyone loves Skype. Consider this text from
CERN's Web site: "Skype [peer-to-peer] telephony software is not permitted on
CERN's computing or network facilities. It violates CERN's Computing Rules by
bypassing firewall protections and offering services to others."
Based in Geneva, CERN -- which, with thousands of employees and collaborators,
is the world's largest particle physics lab -- is one of the best-connected and most
high-tech campuses in the world. It is the place where the World Wide Web was
invented. Such an organization certainly didn't ban Skype on a whim. Nor is CERN
alone. Other big organizations have barred Skype: multinationals such as pharma
giant Novartis, universities from England to Texas, French government labs, and
more.
The issues are a bit complex. Let's try to break them down.
First, the "supernode" question. "Skype can turn user computers into 'supernodes'
which route traffic through CERN," François Grey of CERN's IT communications
team explained in an email exchange: "We have encountered some operational
problems as a result." That's because Skype's design is based on peer-to-peer,
distributed networking principles. This means that the core functions of the
system are decentralized, as is the database of Skype users (the tool that lets you
look up other Sykpers and tells the system where to forward a call). The calls are
set up and passed on among users, flowing through a chain of computers around the world without traversing any
central infrastructure.
That's good for robustness and scalability -- and for Skype, which can avoid massive investments and add new users at
near-zero marginal cost. For the system to work, however, some users have to take over its vital functions: routing
traffic and holding portions of the database. In Skypeville, these tasks are farmed out to those users with the most
powerful computers and the biggest bandwidth, such as CERN. Skype turns them into supernodes.
Only a fraction of users are elevated to this function -- currently some 20,000, according to research presented at a
recent conference in the Netherlands by Philippe Biondi and FaBrice Desclaux of EADS. And only a small portion of
their bandwidth is supposed to be shared. Skype CEO Niklas Zennström explained it to me in an interview last year:
"When you become a supernode you share some of your resources and a little bit of bandwidth, but very little; you
won't notice."
But some do notice. San Diego-based venture capitalist and TV host Paul Kedrosky, for example, complained on his
blog in January that while he was traveling his computer "was sending out enormous amounts of traffic." The IT people
at his firm discovered that the machine was routing Skype traffic as a supernode. Computerworld magazine found that
"in supernode mode, Skype is reputedly able to saturate 100 Mbit/second connections." In layman's terms, those are
fast connections. The average Skype user's PC is much less taxed than this, obviously. The possibility of becoming a
supernode is written into Skype's end-user license agreement, but not explicitly: The word "supernode" is never used.
The license speaks of "permission to utilize the processor and bandwidth of your computer for the limited purpose of
facilitating the communication between Skype Software users."
This brings up two considerations. First: Skype is using some people's computer power and bandwidth at an amazing
rate. Sure, they agreed to it when they installed the software. But since most people pay for their bandwidth, some of
them may ask Skype to share the cost. Second: In the interview, Mr. Zennström -- while acknowledging scaling issues --
said Skype could basically grow indefinitely without the need for a central infrastructure. But as traffic grows, and
should the current scattered grumbling by supernode users turn into more vocal complaints, Skype may have to start
deploying its own supernodes. That would completely transform its business model.
Another concern about Skype has to do with security. Not with the confidentiality of Skype-based phone calls: Though
the company has never released details, it claims that it uses 256-bit encryption (for the layman, that's very strong). So
far nothing has come up that would contradict that, so individual users need not worry. The concerns are rather about a
design feature of Skype key to its success: its ability to pass calls through firewalls. Are employees that install Skype
on their office PCs opening up holes in their company's firewalls? Could hackers use the data stream carrying a call to
infiltrate corporate or other networks? Could a supernode be taken over by a malicious operator?
Skype claims that's not the case, although last October it had to fix some vulnerabilities. And so far no abuse has been
reported. But, as we've already seen, many major organizations are being very cautious and have banned Skype
altogether. Moreover, the Skype software is now being installed into mobile phones and other devices, which opens up
a whole new area for the security discussion: Wireless devices, particularly those with computer-like functions such as
PDAs and smartphones, are already considered weak links in corporate networks.
Along with other operators of VOIP services such as Vonage, Skype is a true disrupter of the old world of
telecommunications. But success draws scrutiny, and size creates new issues. Mr. Grey of CERN adds a third reason why
his organization is keeping Skype out: "We are concerned about possible legal ramifications of routing large amounts
of telecom traffic through our site, as existing or future laws may require organizations that do this to store the data."
Internet service providers in many countries are already requested to do so. For Skype it is still just a distant
possibility. Should it come to that however, it is highly unlikely that the company would be able to "distribute" that
burden among its users.
(copyright 2006 Bruno Giussani)
Back to the articles archive
