Friday, January 25, 2013

Privacy advocates, journalists, others ask Microsoft about privacy and security of Skype in open letter

Madison Ruppert, Contributor
Activist Post

In a new open letter penned by a massive coalition of groups ranging from privacy advocates like the Electronic Frontier Foundation (EFF) to journalism groups like Reporters Without Borders and more, Microsoft is asked about the security and privacy of Skype.

Interestingly, the United Nations called for worldwide internet surveillance last year, specifically mentioning Voice over IP (VoIP) services like Skype.

The EFF is well known for crusading against illegal surveillance, exposing how drones are already used in the United States and in general fighting illegal government surveillance by filing lawsuits and exposing everything from rapidly growing warrantless surveillance to the U.S. military using drones in the United States and sharing data with law enforcement.

Based on the EFF’s previous work and their involvement in this particular project, it is that much harder to ignore the concerns raised in the open letter.

Skype, a popular voice and video communications service, was acquired by Microsoft for $8.5 billion in October 2011 and since that time has come under increased scrutiny.

The groups and individuals who signed the letter said that they are particularly concerned about how much access governments have to private user data along with the private conversations of Skype users.


“Many of its users rely on Skype for secure communications — whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends,” states the letter.

Back in 2008 Jennifer Caukin, Skype’s director of corporate communications, told CNET, “We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of Skype’s peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request.”

However, in July of 2012, reports emerged stating that hackers alleged a new change to the architecture of Skype could make call surveillance much easier.

While Skype denied the charge in response to Extremetech, Slate pointed out that when they “repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming.”

“Citing ‘company policy,’ Skype PR man Chaim Haas wouldn’t confirm or deny, telling me only that the chat service ‘co-operates with law enforcement agencies as much as is legally and technically possible,’” wrote Ryan Gallagher.

Gallagher pointed out that just one month after acquiring Skype, Microsoft was granted a patent for so-called “legal intercept” technology which is designed to be used with services like Skype in order to “silently copy communication transmitted via the communication session,” although it is impossible to know if it was actually integrated into the Skype architecture.

As CNET points out, Microsoft has been hard at work integrating Skype into their product lineup with plans to “replace its Windows Messenger Live instant-messaging client with Skype worldwide in March, except in mainland China.”

The open letter calls on Microsoft to release a regularly updated Transparency Report – which might look something like those released by Google – including the following points:
  • Quantitative data regarding the release of Skype user information to third parties, disaggregated by the country of origin of the request, including the number of requests made by governments, the type of data requested, the proportion of requests with which it complied — and the basis for rejecting those requests it does not comply with.
  • Specific details of all user data Microsoft and Skype currently collects, and retention policies.
  • Skype’s best understanding of what user data third-parties, including network providers or potential malicious attackers, may be able to intercept or retain.
  • Documentation regarding the current operational relationship between Skype with TOM Online in China and other third-party licensed users of Skype technology, including Skype’s understanding of the surveillance and censorship capabilities that users may be subject to as a result of using these alternatives.
  • Skype’s interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA), its policies related to the disclosure of call metadata in response to subpoenas and National Security Letters (NSLs), and more generally, the policies and guidelines for employees followed when Skype receives and responds to requests for user data from law enforcement and intelligence agencies in the United States and elsewhere.
Microsoft has responded to a few news outlets about the open letter, with some responses being much more detailed than others.

A Microsoft spokesperson told CNET, “We are reviewing the letter.” The same statement was issued to the Verge.

The Register, however, received a more detailed response from Microsoft.

“Microsoft has an ongoing commitment to collaborate with advocates, industry partners and governments worldwide to develop solutions and promote effective public policies that help protect people’s online safety and privacy,” a spokesperson said in an emailed comment.


The open letter was signed by a total of 45 organizations including groups as diverse as the AIDS Policy Project, the Egyptian Initiative for Personal Rights, the Thai Netizen Network, DotConnectAfrica, Cyber Arabs and the Tibet Action Institute along with 61 individuals.

It will interesting to see how Microsoft responds to this. Do you think they will implement any kind of transparency report or make an actual effort to protect the privacy of users over the demands of governments? Let us know in the comments section of this post or on our Twitter or Facebook.

Did I forget anything or miss any errors? Would you like to make me aware of a story or subject to cover? Or perhaps you want to bring your writing to a wider audience? Feel free to contact me at admin@EndtheLie.com with your concerns, tips, questions, original writings, insults or just about anything that may strike your fancy.

Please support our work and help us start to pay contributors by doing your shopping through our Amazon link or check out some must-have products at our store.

This article first appeared at End the Lie.

Madison Ruppert is the Editor and Owner-Operator of the alternative news and analysis database End The Lie and has no affiliation with any NGO, political party, economic school, or other organization/cause. He is available for podcast and radio interviews. Madison also now has his own radio show on UCYTV Monday nights 7 PM - 9 PM PT/10 PM - 12 AM ET. Show page link here: http://UCY.TV/EndtheLie. If you have questions, comments, or corrections feel free to contact him at admin@EndtheLie.com




BE THE CHANGE! PLEASE SHARE THIS USING THE TOOLS BELOW



BE THE CHANGE! PLEASE SHARE THIS USING THE TOOLS BELOW


If you enjoy our work, please donate to keep our website going.

1 comment:

abinico said...

Secure comm will never be allowed by the govt. Years ago developed email product with encryption system that I knew was basically unbreakable. Got a visit from 'men in black' - I kid you not. Told us not to do this and told us what would be acceptable.

Post a Comment