No, Microsoft and Skype are not playing Big Brother

If all you have is tinfoil, everything looks like a conspiracy. But it's hard to work up even a mild case of paranoia about your personal communications if you actually read Skype's Privacy Policy from start to finish.
Written by Ed Bott, Senior Contributing Editor

My colleague Steven J. Vaughan-Nichols wants you to be afraid of Skype. Very afraid.

“Big Brother Microsoft,” he says, “listens in to your Skype IMs.”

Oh my goodness, this is simply awful. Or at least one would think so, unless you read the parts of the Skype Privacy Policy that Mr. Vaughan-Nichols conveniently omitted from his inflammatory report.

I’ve read that document carefully. You can too. When you do, you'll see that there's not much to fear.

The ginned-up controversy involves two sections. First is the preamble to section 1:

Skype may gather and use information about you, including (but not limited to) information in the following categories…

That’s followed by a long list of data types that you must, by definition, share with a communication service of which you are a member. Things like your name and e-mail address, which you enter into your profile. Your list of contacts. The payment information you’ve stored with Skype (your credit card number, for example) so that you can make international calls at a few cents per minute.

And then there’s the item in section (n), which is conveniently bold-faced in Steven’s post so that you know exactly what he wants you to be scared about:

(n) Content of instant messaging communications (please see section 12)

Wait, what? Someone at Microsoft is reading your instant messages in Skype?

Well, no.

Let’s ignore the fact that the only reason most ordinary people uses Skype IMs is to coordinate the audio and video portion of the call with the person on the other end. My Skype IM history mostly contains messages like “Hey, plug in your webcam so we can talk, OK?”

But it’s a reasonable question to ask. Why on earth would Skype want to “gather and use … the content of instant messaging communications” by its subscribers?

That question is answered, directly, in Section 2, which immediately follows the list in section 1. It is headlined, in bold: HOW DOES SKYPE USE THIS INFORMATION AND FOR WHAT PURPOSE?

Our primary purpose in collecting information is to provide you with a safe, smooth, efficient, and customized experience. Skype collects and uses, or has third party service providers acting on Skype’s behalf collecting and using, personal data relating to you, as permitted or necessary to…

That in turn is followed by a list of 14 reasons, none of which are controversial. In fact, the very first item on the list answers the question thoroughly. Skype gathers and uses that information to “provide internet communication, video sharing and other products in particular to convey the communications and videos you and others make by means of the Skype software and/or the Skype products.”

Right. When you type words into a communication service, those words have to be "gathered and used" as they are passed from node to node along the network of computers that make up Skype’s network. It’s the same reason that you have to give an online storage provider the right to copy and use files you store in the cloud—because they need that right in order to provide you with the service you signed up for.

In Steven’s post, he highlights a small part of section 12:

Skype currently keeps your instant messages “for a maximum of 30 days unless otherwise permitted or required by law. Voicemail messages are currently stored for a maximum of 60 days unless otherwise permitted or required by law.”

So let’s be logical here. Why on earth would a service want to retain this data for 30 days?

Perhaps it would make more sense if we read the section in its entirety instead of selectively editing it. Maybe that will answer the question:

Retention of Instant Messages (Skype internet communications software application only)

Your instant messaging (IM) communications-content may be stored by Skype (a) to convey and synchronise your messages and (b) to enable you to retrieve the messages and history where possible. IM messages are currently stored for a maximum of 30 days unless otherwise permitted or required by law. Voicemail messages are currently stored for a maximum of 60 days unless otherwise permitted or required by law. Skype will at all times take appropriate technical and security measures to protect your information. By using this product, you consent to the storage of your IM communications as described above. [emphasis added]

Oh. So the service needs to store my messages in order to synchronize my messages and allow me to retrieve them on different devices. So if I have a conversation with you on my desktop PC and then go on the road with my notebook or iPad or mobile phone, I can sign in to my Skype account and we can pick up where we left off? Even if that last conversation was two or three weeks ago?

That doesn’t seem so nefarious.

Skype also discloses that it will store voicemail messages. Well, of course they will. That’s how voicemail works.

This whole controversy started last week when a writer at Slate tried to spin gold out of the stuff you find on the floor of a barn. No, not straw. The other stuff:

[W]hen I repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming. Citing “company policy,” Skype PR man Chaim Haas wouldn’t confirm or deny…

Hello? Spokespersons for big companies aren't normally allowed to comment on sensitive legal issues. If I had a nickel for every time someone at Microsoft or Apple or Google or Facebook gave me a boilerplate official response and declined further comment, we could have one very lavish party.

Look, if you are concerned about the privacy or security of any kind of communications over the Internet, you should think twice about using a widely available commercial service designed for consumers. That’s true of email, any voice-over-IP service, and any form of instant messaging. (Microsoft does offer a business-class secure messaging service called Lync.)

If you are worried that any of those communications might be of interest to a law enforcement agency, then you should invest in a secure, encrypted channel. You should not use Skype or Facebook chat or Google Voice. That's Privacy 101.

On the other hand, if you want to chat with your grandkids who live across the country, or you want to catch up with an old friend who moved to Thailand, or you want to have a face-to-face chat with your spouse from your hotel room after a long day of business travel, you should feel completely comfortable using Skype. You certainly shouldn't be afraid.

Meanwhile, in the interest of telling the rest of the story, I’ve asked Facebook, Google, and Microsoft for an update on their specific privacy policies for their chat services and will do a follow-up post after I hear back.

Editorial standards