EFF, others to Microsoft: Who's requesting our Skype data?

EFF, others to Microsoft: Who's requesting our Skype data?

Summary: A coalition of privacy and advocacy groups, including Electronic Frontier Foundation (EFF), have published an open letter to Microsoft regarding Skype transparency--or lack of.

SHARE:
2

The Electronic Frontier Foundation (EFF), along with dozens of other privacy and advocacy groups, have published an open letter to Skype's owner Microsoft, asking the company to be more transparent over requests for user data.

Screen Shot 2013-01-24 at 09.32.48
(Credit: Skype)

The letter--published today--called Microsoft out on the "persistently unclear and confusing statements about the confidentiality of Skype conversations," and in particular, the "the access that governments and other third parties have to Skype user data and communications."

Considering that Microsoft is switching over its tens of millions of Windows Live Messenger users to Skype in mid-March, the EFF and others want answers sooner rather than later.

Though the software giant has only owned Skype for a little over a year after it was acquired by Microsoft for $8.5 billion in 2011, much mystery surrounds the software and how secure it is for calls and conversations.

Exactly who is requesting Skype user data, and when?

In the letter to Skype President Tony Bates, Microsoft Chief Privacy Officer Brendon Lynch and General Counsel Brad Smith, the coalition asks the company to "release a regularly updated Transparency Report," similar to how Google responds to such requests, which includes:

  • Quantitative data regarding the release of Skype user information to third parties, including which governments have requested the data, what kind of data, and the proportion of requests that were complied with. The group also wants to know why certain requests may have been rejected

  • The data collected by Microsoft and Skype on users, along with how long that data is stored for--so-called "retention policies"

  • Skype's best understanding of what data can be intercepted, particularly through technologies such as deep-packet inspection, which may include details of how secure the network is to send voice-over-IP traffic and conversation data

  • Skype's policies on assisting law enforcement, including how it responds to "gagging orders," such as National Security Letters (NSLs), and how itresponds to law enforcement and intelligence agencies when data is requested on Skype customers.

One of the concerns for users relates to Skype--TOM, a co-branded version of the Internet calling service for users in China.Looking and working almost exactly like Skype, one question was raised that suggests Skype users in China may be monitored and have their communications intercepted by the Chinese government.

The coalition wants to know exactly what the "current operational relationship between Skype with TOM Online in China and other third-party licensed users of Skype technology" is, in order to understand the surveillance and censorship capabilities that users may be subject to.

According to Skype, the China-only version that is offered by its joint-venture partner TOM contains a chat filter "in accordance with local law."

In July,ZDNet's Ed Bott explained, following the controversy over the possibility that the Internet calling service may be recording conversations and other allegations, in which Skype Chief Operations Officer Mark Gillett took to writing a lengthy blog postto state that the allegations were "false."

The group concluded the letter that for those who use Skype in particularly hostile areas of the world, "this data is vital to help us help Skype’s most vulnerable users, who rely on your software for the privacy of their communications and, in some cases, their lives."

We've put in questions to Microsoft, but did not hear back at the time of writing. If we hear back, we'll update the piece.

Topics: Privacy, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Probably the safe assumption to make is...

    ...Skype retains everything it possibly can and hands it over to the government of any state in which MS does business upon demand (except to the extent it says otherwise). The same assumption probably applies to any commercial service provider (not just Skype or MS).

    Ergo, if you're worried about privacy, you should probably be using a service that explicitly guarantees it, or do it yourself.
    John L. Ries
  • Common sense applies

    Compliance with government data demands is how the whole world works, not just internet services. Skype is no exception. How much more can it be spelled out?

    On some watchlist and needing to communicate privately? Figure out some P2P protocol or loose network for secure chat. Make sure the encryption is end-to-end not "encrypted" in the cloud. Not every single thing on the internet has to be done through google chrome in conjunction with some facebook, google or microsoft server. There are such things as protocols besides http.

    Post data to major corporate webservers all day then send a bunch of letters demanding to know who has access to it. Postcard analogy applies to stuff posted online, are new users not told that anymore?
    ldecoursey