25 Jan 2013

Privacy advocates, journalists, others ask Microsoft about privacy and security of Skype in open letter

By Madison Ruppert: In a new open letter penned by a massive coalition of groups ranging from privacy advocates like the Electronic Frontier Foundation (EFF) to journalism groups like Reporters Without Borders and more, Microsoft is asked about the security and privacy of Skype.
Interestingly, the United Nations called for worldwide internet surveillance last year, specifically mentioning Voice over IP (VoIP) services like Skype.
The EFF is well known for crusading against illegal surveillance, exposing how drones are already used in the United States and in general fighting illegal government surveillance by filing lawsuits and exposing everything from rapidly growing warrantless surveillance to the U.S. military using drones in the United States and sharing data with law enforcement.
Based on the EFF’s previous work and their involvement in this particular project, it is that much harder to ignore the concerns raised in the open letter.
Skype, a popular voice and video communications service, was acquired by Microsoft for $8.5 billion in October 2011 and since that time has come under increased scrutiny.
The groups and individuals who signed the letter said that they are particularly concerned about how much access governments have to private user data along with the private conversations of Skype users.
“Many of its users rely on Skype for secure communications — whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends,” states the letter.

Back in 2008 Jennifer Caukin, Skype’s director of corporate communications, told CNET, “We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of Skype’s peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request.”
However, in July of 2012, reports emerged stating that hackers alleged a new change to the architecture of Skype could make call surveillance much easier.
While Skype denied the charge in response to Extremetech, Slate pointed out that when they “repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming.”
“Citing ‘company policy,’ Skype PR man Chaim Haas wouldn’t confirm or deny, telling me only that the chat service ‘co-operates with law enforcement agencies as much as is legally and technically possible,’” wrote Ryan Gallagher.
Gallagher pointed out that just one month after acquiring Skype, Microsoft was granted a patent for so-called “legal intercept” technology which is designed to be used with services like Skype in order to “silently copy communication transmitted via the communication session,” although it is impossible to know if it was actually integrated into the Skype architecture.
As CNET points out, Microsoft has been hard at work integrating Skype into their product lineup with plans to “replace its Windows Messenger Live instant-messaging client with Skype worldwide in March, except in mainland China.”
The open letter calls on Microsoft to release a regularly updated Transparency Report – which might look something like those released by Google – including the following points:
  1. Quantitative data regarding the release of Skype user information to third parties, disaggregated by the country of origin of the request, including the number of requests made by governments, the type of data requested, the proportion of requests with which it complied — and the basis for rejecting those requests it does not comply with.
  2. Specific details of all user data Microsoft and Skype currently collects, and retention policies.
  3. Skype’s best understanding of what user data third-parties, including network providers or potential malicious attackers, may be able to intercept or retain.
  4. Documentation regarding the current operational relationship between Skype with TOM Online in China and other third-party licensed users of Skype technology, including Skype’s understanding of the surveillance and censorship capabilities that users may be subject to as a result of using these alternatives.
  5. Skype’s interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA), its policies related to the disclosure of call metadata in response to subpoenas and National Security Letters (NSLs), and more generally, the policies and guidelines for employees followed when Skype receives and responds to requests for user data from law enforcement and intelligence agencies in the United States and elsewhere.
Microsoft has responded to a few news outlets about the open letter, with some responses being much more detailed than others.
A Microsoft spokesperson told CNET, “We are reviewing the letter.” The same statement was issued to the Verge.
The Register, however, received a more detailed response from Microsoft.
“Microsoft has an ongoing commitment to collaborate with advocates, industry partners and governments worldwide to develop solutions and promote effective public policies that help protect people’s online safety and privacy,” a spokesperson said in an emailed comment.
The open letter was signed by a total of 45 organizations including groups as diverse as the AIDS Policy Project, the Egyptian Initiative for Personal Rights, the Thai Netizen Network, DotConnectAfrica, Cyber Arabs and the Tibet Action Institute along with 61 individuals.
It will interesting to see how Microsoft responds to this. Do you think they will implement any kind of transparency report or make an actual effort to protect the privacy of users over the demands of governments?

No comments:

Post a Comment