In most of the world Skype is used to make it easier for people to communicate with each other. But in China, it has another purpose: To spy on Chinese citizens, gather information about their political beliefs, and censor what they can say to one another. And Microsoft so far has refused to do anything about it.
All that came to light thanks to research done by Jeffrey Knockel, a computer-science graduate student at the University of New Mexico, who has cracked the encryption that Skype uses to hide what information it's gathering from Chinese citizens, reports Bloomberg Business Week.
Unlike throughout the rest of the world, people in China must use a special version of Skype, called TOM-Skype, which is a joint venture between Microsoft and Tom Online, a Chinese wireless Internet company. TOM-Skype has almost 96 million users.
Knockel's research covers Skype being used for chats, not voice calls. TOM-Skype servers send keyword lists to every Skype user's machine. Skype then monitors every message sent and received by that machine, and scans them for words in the keyword list. When it finds one, it sends the entire message in which the word is contained to TOM-Skype servers. And it sends much more than just the message. It also sends "the account's username, time and date of transmission, and whether the message was sent or received by the user," according to Bloomberg. Sometimes, the message is also blocked from being sent. The keyword list is constantly updated.
Knockel wasn't able to find out what happened to the information after it's sent to the servers. But you can be sure it's then sent along to spy agencies and police departments.
This isn't the first time TOM-Skype has made the news, or that Microsoft has come under fire for how Skype is being used worldwide. Back in January, the Electronic Frontier Foundation (EFF) and dozens of privacy groups asked Microsoft to release a Transparency Report which would detail exactly what kind of Skype information is being sent to third parties, including governments.
Many of its users rely on Skype for secure communications-whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends.It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications.
Microsoft never released a transparency report.
When Bloomberg Business Week asked Microsoft to comment about Knockel's research, the company issued a statement that it attributed to an unnamed Skype spokesperson:
"Skype's mission is to break down barriers to communications and enable conversations worldwide. Skype is committed to continued improvement of end user transparency wherever our software is used..."...in China, the Skype software is made available through a joint venture with TOM Online. As majority partner in the joint venture, TOM has established procedures to meet its obligations under local laws."
Microsoft is as wrong as wrong can be in this. Google has already taken a principled stand against Chinese censorship. Microsoft should follow suit. Enabling Chinese spying and censorship is flat-out wrong.