Skype privacy called into question
Microsoft is under fresh pressure to disclose information about how confidential its Skype user data is.
Reporters Without Borders, the Electronic Frontier Foundation and 43 other campaign groups have signed a letter asking Microsoft to reveal details about what information is stored and government efforts to access it.
Google, Twitter and others already provide such transparency reports.
Microsoft is to consider the request.
“We are reviewing the letter,” a spokeswoman said.
“Microsoft has an ongoing commitment to collaborate with advocates, industry partners and 2,112 governments worldwide to develop solutions and promote effective public policies that help protect people’s online safety and privacy.”
More than 600 million people use Skype to make voice and video calls and send text and audio messages. Microsoft is currently in the process of migrating users from its Windows Live Messenger product to the service.
The US firm took control of Skype in 2011. Since then, the letter alleges, it has issued “persistently unclear and confusing” details about how confidential conversations on the service were.
Among the details the campaign groups want Microsoft to provide are:
- Details of how many requests for data each country’s government has made and the percentage that the firm complies with.
- Information about exactly what information Microsoft keeps itself.
- The firm’s own analysis about the current ability of third-parties to intercept conversations.
- The policy its staff has for dealing with disclosure requests.
Skype last commented in detail about privacy issues in a blog post last July.
It said that Skype-to-Skype calls between two participants did not flow through its data centres meaning it would not have access to the video or audio.
It also noted that calls made between two devices using its software would be encrypted – limiting the ability of anyone to make sense of the data even if they could listen in.
However, Microsoft acknowledged that group calls using more than two computers did pass through its servers which were used to “aggregate the media streams”, and that text-based messages were also stored on its computers for up to 30 days in order to make sure they were synchronized across users’ various devices.
“If a law enforcement entity follows the appropriate procedures and we are asked to access messages stored temporarily on our servers, we will do so,” it added.
Microsoft also noted that calls which linked Skype to mobile or landline telephone networks would flow through the relevant networks’ equipment, potentially offering an opportunity to tap in.
Furthermore it recognized that a China-only version of its service involved certain chats being stored and uploaded to the local authorities in compliance with the country’s laws.
Beyond China, several governments have signaled they want to have access to Skype data.
The UK’s draft Communications Data Bill suggests internet service providers retain information about their subscribers use of Skype and other internet communications tools.
The Cnet news site reported last year that the FBI had drafted an amendment to US law which would require Microsoft and other net chat tool providers to create surveillance backdoors in their products.
More recently the netzpolitik.org blog published what it said was a leaked document from Germany’s government stating that its Federal Criminal Police Office was working on surveillance software to allow it to track Skype and other data communications. It said the agency hoped to have it ready by 2014.
An expenditure report by the country’s Ministry of Home Affairs suggests the local authorities have already spent money to try to monitor Skype using third-party software.