Why Doesn't Skype Include Stronger Protections Against Eavesdropping?

Skype has long claimed to be "end-to-end encrypted", an architectural category that suggests conversations over the service would be difficult or impossible to eavesdrop upon, even given control of users' Internet connections. But Skype's 2005 independent security review admits a caveat to this protection: "defeat of the security mechanisms at the Skype Central Server" could facilitate a "man-in-the-middle attack" (see section 3.4.1). Essentially, the Skype service plays the role of a certificate authority for its users and, like other certificate authorities, could facilitate eavesdropping by giving out the wrong keys.

This security limitation has concerned us for a long time. Last year, Chris Soghoian argued that, for this reason, "Skype is in a position to give the government sufficient data to perform a man in the middle attack against Skype users." Soghoian argued that Skype should change its design to eliminate this ability, or else disclose the risk more prominently. One way of limiting man-in-the-middle attacks would be for Skype to introduce a way for users to do their own encryption key verification, without relying on the Skype service. As Soghoian notes, that's what many other encrypted communications tools do—but such a verification option is missing from Skype. (Users may independently verify the authenticity of the keys presented by people they're talking to in encryption systems such as PGP, OTR, HTTPS, and ZRTP.) Back in 2011, we publicly asked Skype to introduce this feature, at least as an optional way for users to check they weren't being spied on. To date, no key verification feature has been introduced.

Why is this security dialog (present in other encrypted messaging tools) missing from Skype? [image from cypherpunks.ca]

Prior to its acquisition by Microsoft, Skype maintained some ambiguity about its interception capabilities, but occasionally indicated that the existing encryption prevented any and all wiretapping; in 2008, for example, Skype said it "would not be able to comply with" a request to wiretap a Skype user, partly due to encryption. (However, there was convincing evidence earlier this year that the company now has access to the decrypted text of users' instant messages, even though the 2005 audit report named "text" as a category of information that should be protected by Skype encryption.)

A Guardian report now seems to show the situation has changed drastically from the company's former claims on this point, stating that Microsoft has turned over Skype conversation contents to the U.S. government since at least February 6, 2011.

Microsoft's response to the Guardian contains a particularly interesting tidbit:

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues.

What could Microsoft mean by this? Why would Microsoft be legally required to "maintain the ability" to spy on users, for reasons it doesn't feel at liberty to tell us about?

It's not clear whether this statement refers directly to Skype, but it raises interesting questions, some of which Julian Sanchez ponders at Ars Technica. There's no known basis in U.S. law for forbidding Internet technology developers to create communications systems without the ability to spy on users, so it's fascinating to see Microsoft's suggestion of "legal obligations [that] require that we maintain the ability to provide information". In other contexts, the law specifically does not require technology developers to have an ability to do so. Even the Communications Assistance for Law Enforcement Act (CALEA), which requires some companies to develop wiretap capabilities,