Surveillance a la Skype: EFF, others seek answers

January 11th, 2013 by admin Leave a reply »

Microsoft needs to open up about the trustworthiness of its Skype software for confidential conversations, according to an open letter to the company posted today.

The letter, from an array of privacy advocates, Internet activists, journalists, and others, calls on Microsoft to provide public documentation about the security and privacy practices around Skype, which facilitates video and voice communications over the Internet. Microsoft completed its $8.5 billion acquisition of Skype in October 2011.

The authors of the letter say they’re worried in particular about the access that governments have to both Skype conversations themselves and to the user data generated by those communications. Among the groups that have signed the letter are the Electronic Frontier Foundation, Reporters Without Borders, the Egyptian Initiative for Personal Rights, and the Tibet Action Institute. The letter states, in part:

Many of its users rely on Skype for secure communications — whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends.

It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications.

Back in 2008, Skype had told CNET that it couldn’t comply with wiretap requests “because of Skype’s peer-to-peer architecture and encryption techniques.”

Anxiety about how Skype may be used for government eavesdropping heated up after the Microsoft acquisition. According to a July 2012 story on Slate, hackers were alleging that a just-completed change to Skype’s architecture could make “lawful interception” of calls easier to conduct.

Meanwhile, Microsoft has been working to integrate Skype more tightly into its product lineup. For instance, the company plans to replace its Windows Messenger Live instant-messaging client with Skype worldwide in March, except in mainland China.

The letter calls on Microsoft to release a “regularly updated Transparency Report” — similar to those issued by Google — that touches on these points:

  • Quantitative data regarding the release of Skype user information to third parties, including number of requests, type of data requested, and how often those requests are honored.
  • Specific details of all user data Microsoft and Skype currently collects, and retention policies.
  • Skype’s best understanding of what user data third parties may be able to intercept or retain.
  • Documentation regarding the operational relationship between Skype with TOM Online — a mobile Internet company in China that offers a government-approved version of Skype — and other third-party licensed users of Skype technology.
  • Skype’s interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA) and in response to subpoenas and National Security Letters (NSLs).

The letter was addressed to Skype division president Tony Bates, Microsoft chief privacy officer Brendon Lynch, and Microsoft general counsel Brad Smith.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Enhanced by Zemanta

Leave a Reply