The study, ‘Breaching Trust’, by Nart Villeneuve at the University of Toronto, shows that Skype’s Chinese service, TOM- Skype, is being continually eavesdropped upon. This poses a major problem for business and personal users of the service who had assumed it was secure.
“The log files obtained during the course of the investigation reveal information such as the IP addresses, usernames (and land line phone numbers) used to place or receive TOM-Skype calls, as well as the full content of filtered messages and the time and date of each message. The collected data affects all TOM-Skype users and also captures the personal information of any Skype users that interacted with registered TOM-Skype users,” the report finds.
“This represents a severe security and privacy breach. It also raises troubling questions regarding how these practices are related to the Government of China’s censorship and surveillance policies.”
The report will make worrying reading for those businesses who are relying on Skype for company businesses to avoid using Chinese state telecommunications. During the Olympics the American government issued a warning that state surveillance was targeting business intelligence.
The system scans for certain keywords in conversations, including democracy, Taiwan independence and Voice of America. It also tracks specific user accounts of people under more rigorous surveillance.
Call logs and personal information are then stored on servers owned by TOM, China’s partner in China.
Trust in a well-known brand such as Skype is an insufficient guarantee when it comes to censorship and surveillance. This case demonstrates the critical importance of the issues of transparency and accountability by providers of communications technologies,” the report states.
“It highlights the risks of storing personally identifying and sensitive private information in jurisdictions where human rights and privacy are under threat.”
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
