Skype being investigated in Luxembourg over NSA spying links
Skype could face sanctions
IDG News Service - Luxembourg's data protection authority is investigating Microsoft-owned Skype for its alleged cooperation with the U.S. National Security Agency's Prism spying program, the agency said Friday.
Luxembourg's data protection authority, CNPD, is investigating Skype's links to NSA spying programs after receiving several complaints, said Tom Kayser, a spokesman for the authority. "I can't really talk about the details of the investigation because it is still ongoing," he said.
Skype, which has its European headquarters in Luxembourg, allegedly cooperates with the NSA through a program exploring the legal and technical issues involved in making customer calls available to intelligence and law enforcement agencies. The Guardian newspaper first reported the investigation.
The CNPD has powers to ensure that multinational companies based in Luxembourg respect national law, and often receives complaints from the data protection authorities of other European Union member states.
Privacy campaign group Europe-v-Facebook filed one of the complaints in June. That filing was part of a barrage of complaints filed in various countries against European subsidiaries of tech companies that are allegedly involved in the NSA's spying program, including Facebook, Apple, Microsoft and Yahoo.
However, not all European data protection agencies thought investigations were necessary.
In July, the Irish Office of the Data Protection Commissioner (ODPC) found that the exchange of personal data of the Irish subsidiaries of Facebook and Apple with the U.S. is in line with safe harbor principles and didn't warrant an investigation under the Irish Data Protection Acts.
CNPD will probably publish its findings about Skype's NSA links within the next three weeks, said Kayser, who couldn't comment on possible sanctions.
Under Luxembourg data protection law service providers and operators are required to ensure the confidentiality of communications and related traffic data.
"No person other than the user concerned may listen to, tap or store communications or the traffic data relating thereto, or engage in any other kinds of interception or surveillance thereof, without the consent of the user concerned," reads the law's unofficial English translation.
Violators can face up to a year in prison and/or a fine up to a!125,000 ($170,000). The court dealing with the matter can also order companies like Skype to stop any processing that conflicts with the law on pain of a periodic monetary penalty determined by the court.
"We regularly engage in a dialogue with data protection authorities around the world and are always happy to answer their questions," a Microsoft spokeswoman said in an email. "It has been previously widely reported that the Luxembourg DPA was one of the DPA's that received complaints from the 'Europe v Facebook' group so we're happy to answer any questions they may have."
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Government/Industries White Papers | Webcasts