Following the discovery earlier this week by researchers from Citizen Lab, based at the University of Toronto in Canada, that users of Skype’s text messaging service in China were unwittingly having conversations which contained certain ‘trigger words’ logged and saved along with their IP address, a spokesperson from the VoIP firm said that its partner in China, Tom Online, was at fault.
Interestingly, it has only been a little over a year since Tom Online went private, and Perry Wu, a writer for ChinaTechNews.com has commented that since the firm struck a deal with Skype, no clear monetisation strategy has arisen as a result.
And this is not the first time that privacy issues have arisen from the deal. Back in 2006, Skype explained that text filtering was part of its deal with Tom Online to provide the Skype service in mainland China, but assured users that these words, once filtered, were not logged but dumped.
“The text filter operates on the chat message content before it is encrypted for transmission, or after it has been decrypted on the receiver side. If the message is found unsuitable for displaying, it is simply discarded and not displayed or transmitted anywhere,” said Jaanus Kase, on Skype’s blog.
Obviously, this did not happen: “The full-text chat messages of Tom Online-Skype users, along with Skype users who have communicated with Tom Online-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data is uploaded and stored on servers in China,” said Citizen Lab.
Furthermore, the text messages were stored on publicly accessible web servers along with the encryption keys needed to decode all this private and personal data, and the keywords used for monitoring included ones relating to topics such as Taiwan independence, the Falun Gong and political opposition to the Communist Party of China.
The full report is available here.
Skype’s reaction to this? Censorship and surveillance happens in China, tough: “It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years,” said Skype president, Josh Silverman.
“This, in fact, is true for all forms of communication such as emails, fixed and mobile phone calls and instant messaging between people within China and between China and other countries. Tom, like every other communications service provider operating in China, has an obligation to be compliant if it is to be able to operate in China at all.”
However, Silverman gave the assurance that Skype-to-Skype communications were safe and secure, and added: “After we urgently addressed this situation with Tom Online, they fixed the security breach.”
So the security breach has been fixed, but will the storage continue? “In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with Tom Online,” said Silverman, which indicates that Skype may be powerless to stop this happening, but will still continue to do business with Tom Online anyway.
By Marie Boran
Pictured:Skype founders Niklas Zennström and Janus Friis