Skype admits China privacy breach

WASHINGTON — Skype on Thursday became the latest US firm embroiled in controversy over its operations in China, acknowledging that its Chinese partner had been archiving politically sensitive text messages.

Skype, the online text message and voice service owned by auction giant eBay, said it had been unaware that the Internet chat of users in China was being stored on computer servers by Chinese mobile firm TOM Online.

Citizen Lab, a group of computer security experts at the University of Toronto, revealed Wednesday that TOM Online was spying on TOM-Skype users in China and collecting messages with specific keywords .

Citizen Lab said the messages, with words such as "Tibet," "Communist Party" or "Democracy," contained Internet addresses, usernames and other information which could make the senders and recipients easily identifiable.

Skype president Josh Silverman said in a statement that TOM Online "just like any other communications company in China, has established procedures to meet local laws and regulations.

"These regulations include the requirement to monitor and block instant messages containing certain words deemed 'offensive' by the Chinese authorities," Silverman said.

"It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years," he said.

He recalled that in April 2006, Skype admitted that TOM Online "operated a text filter that blocked certain words in chat messages" and unsuitable messages were to be "discarded and not displayed or transmitted anywhere."

"It was our understanding that it was not TOM's protocol to upload and store chat messages with certain keywords, and we are now inquiring with TOM to find out why the protocol changed," he said.

"We are currently addressing the wider issue of the uploading and storage of certain messages with TOM," he added.

In a 16-page report, Citizen Lab said "TOM-Skype is censoring and logging text chat messages that contain specific, sensitive keywords and may be engaged in more targeted surveillance.
"These logged messages contain keywords relating to sensitive topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China," it said.
"These text messages, along with millions of records containing personal information, are stored on insecure publicly accessible web servers," Citizen Lab added.

The researchers said they gained access to eight TOM-Skype servers.

"With just one username it is possible to identify all the users that have sent messages to or received messages from the original user," they said.

The Citizen Lab team said there was no evidence the captured data had been used by the Chinese authorities.

But they asked: "To what extent do TOM Online and Skype cooperate with the Chinese government in monitoring the communications of activists and dissidents as well as ordinary citizens?

"What is clear is that TOM-Skype is engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users."

The monitoring by TOM-Skype is not the first time concerns have been raised about surveillance and censorship in China, most recently during the Beijing Olympics.

China exercises strict control over the Internet, blocking sites linked to Chinese dissidents, the outlawed Falun Gong spiritual movement, the Tibetan government-in-exile and those with information on the 1989 Tiananmen massacre.

A number of US companies, including giants Microsoft, Cisco, Google and Yahoo, have been hauled before the US Congress in recent years and accused of complicity in building what has been called the "Great Firewall of China."

Yahoo in particular came in for heavy criticism after it provided Chinese authorities with information about the email account of a Chinese journalist, Shi Tao, sentenced to 10 years in prison in 2005 for divulging state secrets.

Yahoo defended its actions on the grounds that it had to comply with China's laws in order to operate there.

The Citizen Lab report, "Breaching Trust," was published on Wednesday on the website of Information Warfare Monitor, a joint project between Citizen Lab and the SecDev Group, a think-tank on security issues based in Ottawa.

No comments: