Moving to defuse news that the text messages of Skype users in China, and those who exchange messages with them, are being monitored for communication deemed subversive by Chinese authorities, Skype president Josh Silverman on Thursday defended his company's actions using the same rationale that Google and Yahoo have used in the past: We have to obey Chinese law to operate in China.
"It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years," said Silverman in a blog post. "This, in fact, is true for all forms of communication such as e-mails, fixed and mobile phone calls, and instant messaging between people within China and between China and other countries. TOM [Online], like every other communications service provider operating in China, has an obligation to be compliant if they are to be able to operate in China at all."
TOM Online is a Chinese communications service that partnered with eBay, Skype's owner, to distribute Skype in China.
According to a report released on Wednesday by Citizen Lab, an Internet research group that's part of the University of Toronto in Canada, the text messages of TOM-Skype users, and those that communicate thus with them, are regularly monitored for politically sensitive keywords.
Sensitive words include references to the Chinese Communist Party, the Falun Gong, Taiwan independence, Tibet, and the ongoing tainted milk scandal in China.
When such words are found, the messages and information about them are logged. But this stored data is stored insecurely; it is, or at least it was until recently, publicly accessible.
Nart Villeneuve, CTO of Psiphon and the author of the Citizen Lab report, was able to access the Web servers where this surveillance data was stored. He suggests in his report that TOM's servers have been compromised in the past and have been used to host pirated movies and peer-to-peer torrents.
"The log files obtained during the course of the investigation reveal information such as the IP addresses, usernames (and landline phone numbers) used to place or receive TOM-Skype calls, as well as the full content of filtered messages and the time and date of each message," the report states. "The collected data affects all TOM-Skype users and also captures the personal information of any Skype users that interacted with registered TOM-Skype users. This represents a severe security and privacy breach. It also raises troubling questions regarding how these practices are related to the Government of China's censorship and surveillance policies."
Silverman, in vague terms, said Skye is engaged with TOM regarding its security and business practices. "We are currently addressing the wider issue of the uploading and storage of certain messages with TOM," he said in his blog post.
And he points out that issues in the Citizen Lab report "refer only to communications in which one or more parties are using TOM software to conduct instant messaging. It does not affect communications where all parties are using standard Skype software. Skype-to-Skype communications are, and always have been, completely secure and private."
It's hard to take comfort in such reassurances, however. A U.S. Department of Homeland Security report, issued in June, stated that "Foreign governments routinely target the computers and other electronic devices and media carried by U.S. corporate and government personnel traveling abroad to gather economic, military, and political information." It also said that "travelers should assume that all communications are monitored."