Report: Skype Helped China Snoop on Users

Companies hoping to dial up international business with China may have yet another reason to think twice about privacy concerns, following new revelations that the Communist country has been spying on Skype-based phone calls and text messages.

Citizen Lab, a University of Toronto-based security and human rights research group, partnered with several other international agencies to release a report this week detailing flaws within TOM-Skype, the Chinese version of the popular Internet protocol (IP) communications company. The company has apparently been monitoring personal information generated by phone calls, focusing on keywords in messages and storing all text messages on publicly accessible servers that were discovered by Citizen Lab.

The keywords contain words known to raise the hackles of Communist party leaders: Falun Gong, Taiwan independence, criticism of China’s government.

“These findings raise key questions,” the report states. “To what extent do TOM Online and Skype cooperate with the Chinese government in monitoring the communications of activists and dissidents as well as ordinary citizens? On what legal basis is TOM-Skype capturing and logging this volume and detail of personal user data and communication, and who has access to it?”

Privacy Implications

“For users of Skype, this is not good news,” Marc Rotenberg, executive director of the Electronic Privacy Information Center, told the E-Commerce Times. “Skype was supposed to enable more secure communications. It’s largely prevented this kind of interception from occurring.”

Indeed, the Citizen Lab report states that not only were TOM Skype messages monitored, some texts containing the keywords were blocked. The group found a network of eight servers in China involved in the system. Although the content of voice calls were not stored, landline phone numbers, IP addresses and user names were found on the servers.

That development could be particularly worrisome. “Security problems appear to be endemic at TOM Online,” the report said. “It is possible that a malicious attacker could exploit vulnerabilities in the system and access the millions of logged communications and, possibly, detailed user profiles. In fact, evidence suggests that the servers used to store captured data have been compromised in the past and used to host pirated movies and torrents (for peer-to-peer file sharing).”

“From our perspective, it’s a real concern,” Rotenberg said. “And it also poses a real challenge for businesses that are operating in China. That country has used surveillance techniques that many people think are objectionable. We want those practices to change. We’ve been talking to big companies about this. They are placing their customers at risk.”

Olympic-Sized Privacy Concerns

The revelations point to the reasons why EPIC warned travelers to the Beijing Summer Olympics that their laptops could be searched and telephone calls could be monitored while they were in the country, Rotenberg said.

The online auction giant eBay, which owns Skype and has partnered with a Chinese telecommunications company to create TOM Skype, has said that the security flaws would be dealt with in a matter of days. A phone call to eBay’s media relations department from the E-Commerce Times had not been returned by press time.

The Citizen Lab report brought up the specter of trust and credibility that is now magnified for eBay, Skype and other companies doing business in China, which has a long history of suppression of freedoms and privacy invasion.

It asks: “Can we rely on the assurances of the service providers and technology companies who tell us they are secure and private? Should we trust the assurances of a well-known global brand?”