Privacy advocates, journalists, others ask Microsoft about privacy and security of Skype in open letter
By Madison Ruppert
Editor of End the Lie
In a new open letter penned by a massive coalition of groups ranging from privacy advocates like the Electronic Frontier Foundation (EFF) to journalism groups like Reporters Without Borders and more, Microsoft is asked about the security and privacy of Skype.
Interestingly, the United Nations called for worldwide internet surveillance last year, specifically mentioning Voice over IP (VoIP) services like Skype.
The EFF is well known for crusading against illegal surveillance, exposing how drones are already used in the United States and in general fighting illegal government surveillance by filing lawsuits and exposing everything from rapidly growing warrantless surveillance to the U.S. military using drones in the United States and sharing data with law enforcement.
Based on the EFF’s previous work and their involvement in this particular project, it is that much harder to ignore the concerns raised in the open letter.
Skype, a popular voice and video communications service, was acquired by Microsoft for $8.5 billion in October 2011 and since that time has come under increased scrutiny.
The groups and individuals who signed the letter said that they are particularly concerned about how much access governments have to private user data along with the private conversations of Skype users.
“Many of its users rely on Skype for secure communications — whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends,” states the letter.
Back in 2008 Jennifer Caukin, Skype’s director of corporate communications, told CNET, “We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of Skype’s peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request.”
However, in July of 2012, reports emerged stating that hackers alleged a new change to the architecture of Skype could make call surveillance much easier.
While Skype denied the charge in response to Extremetech, Slate pointed out that when they “repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming.”
“Citing ‘company policy,’ Skype PR man Chaim Haas wouldn’t confirm or deny, telling me only that the chat service ‘co-operates with law enforcement agencies as much as is legally and technically possible,’” wrote Ryan Gallagher.
Gallagher pointed out that just one month after acquiring Skype, Microsoft was granted a patent for so-called “legal intercept” technology which is designed to be used with services like Skype in order to “silently copy communication transmitted via the communication session,” although it is impossible to know if it was actually integrated into the Skype architecture.
As CNET points out, Microsoft has been hard at work integrating Skype into their product lineup with plans to “replace its Windows Messenger Live instant-messaging client with Skype worldwide in March, except in mainland China.”
The open letter calls on Microsoft to release a regularly updated Transparency Report – which might look something like those released by Google – including the following points:
- Quantitative data regarding the release of Skype user information to third parties, disaggregated by the country of origin of the request, including the number of requests made by governments, the type of data requested, the proportion of requests with which it complied — and the basis for rejecting those requests it does not comply with.
- Specific details of all user data Microsoft and Skype currently collects, and retention policies.
- Skype’s best understanding of what user data third-parties, including network providers or potential malicious attackers, may be able to intercept or retain.
- Documentation regarding the current operational relationship between Skype with TOM Online in China and other third-party licensed users of Skype technology, including Skype’s understanding of the surveillance and censorship capabilities that users may be subject to as a result of using these alternatives.
- Skype’s interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA), its policies related to the disclosure of call metadata in response to subpoenas and National Security Letters (NSLs), and more generally, the policies and guidelines for employees followed when Skype receives and responds to requests for user data from law enforcement and intelligence agencies in the United States and elsewhere.
Microsoft has responded to a few news outlets about the open letter, with some responses being much more detailed than others.
A Microsoft spokesperson told CNET, “We are reviewing the letter.” The same statement was issued to the Verge.
The Register, however, received a more detailed response from Microsoft.
“Microsoft has an ongoing commitment to collaborate with advocates, industry partners and governments worldwide to develop solutions and promote effective public policies that help protect people’s online safety and privacy,” a spokesperson said in an emailed comment.
The open letter was signed by a total of 45 organizations including groups as diverse as the AIDS Policy Project, the Egyptian Initiative for Personal Rights, the Thai Netizen Network, DotConnectAfrica, Cyber Arabs and the Tibet Action Institute along with 61 individuals.
It will interesting to see how Microsoft responds to this. Do you think they will implement any kind of transparency report or make an actual effort to protect the privacy of users over the demands of governments? Let us know in the comments section of this post or on our Twitter or Facebook.
Did I forget anything or miss any errors? Would you like to make me aware of a story or subject to cover? Or perhaps you want to bring your writing to a wider audience? Feel free to contact me at [email protected] with your concerns, tips, questions, original writings, insults or just about anything that may strike your fancy.
Please support our work and help us start to pay contributors by doing your shopping through our Amazon link or check out some must-have products at our store.
Madison Ruppert is a Los Angeles-based independent journalist and researcher as well as the founder, owner, administrator and editor of EndtheLie.com. He has no affiliations with any government agencies, political parties, non-governmental organizations, or economic schools. He is available for freelance writing assignments and appearances or interviews in any format. He can be reached by emailing
Skype is not some disruptive little P2P rogue anymore, it’s integrated to the Microsoft platform. Folks on some watchlist should not need any “transparency report” to know that today’s Skype isn’t for them. Compliance with government data demands is how the whole world works today, not just major internet services. Skype is no exception. How much more can it be spelled out?
Instead of being willfully ignorant, EFF types should turn their focus to developing and evangelizing some useful A/V chat platform where the provider (if there is one) has zero data visibility, and then don’t sell it out.
Google started this thing with publishing disclosure stats and a few left-coast companies have jumped aboard, but it’s no major trend and certainly not anything you can just demand.
I get tired of people saying it’s impossible to have online privacy. The Internet is just a communications network and how you use it is up to you. If you spend all day posting to social networks and using cloud services from major corporations, keep in mind that the postcard analogy applies. Please do not bother sending a bunch of letters after the fact demanding to know who possibly has access to which data and under what circumstances.
Not every single thing on the Internet must be done via Google Chrome pointing at some Facebook, Google or Microsoft server. There are such things as protocols besides HTTP. Particularly if you are some sort of dissident or paranoid with need of secure communications, please check out a P2P protocol for encrypted chat, it’s not like there aren’t several decent options. Just be sure whatever you do involves full-on end-to-end encryption. Run your own server. Setup a VPN. Tunnel over SSH. Take your pick. Just do something besides relying on Skype for privacy, please.
People complain about a lack of easy to use alternatives to Skype, but how did the Internet become so dumbed down? In the 90s not everybody was on the Internet but the folks on it had some clue. Now unless some functionality is packaged and delivered as a corporate-owned web application, it seems out of the question. When you rely on corporate web sites to provide all of your services and store all of your data, it’s outside of your control.
Pingback: Lettera aperta a Skype: quanto sono “private” le conversazioni? | Federico's blog
Excellent points, Lincoln. We are not near suspicious enough of our government’s constant encroachment on our right to privacy.
I don’t know how to express how shocking it is to learn the things that are going on; Our cellphone conversations are being listened to by Google (and God knows who else) in order to provide the advertising content we see on the pages we visit. Don’t believe me? Mention within earshot of your cellphone that you need to look up a particular grocery store in your area, or locate some specific item like clothing or home goods. Within 24 hrs ads for that item will appear as if by magic! Google is a voyeur, an electronic peeping Tom, and anytime you give them information either directly or by accident, you might as well mail the same info to the government, because that’s where it ens up.
We need to put a stop to this government. We are guaranteed the right to “privacy in our persons our papers and our homes” by the Bill of Rights. The Internet is ours; it should not be used as a tool for surveillance under the ridiculous guise of national security or the idiotic “war on terrorism”. Congress is the real problem, as they have all broken the law, and failed to protect and defend the constitution. Start freezing their assets and putting them in jail, one by one, by filing state criminal charges against them. We need to take our country back NOW.
As soon as it was announced Microsoft was to acquire Skype it was surely obvious — at least to those who have done sufficient research — that strategic political moves were afoot.
Microsoft is not a private company, and has not been since XP. Microsoft is little more than an extension of Corporate Amerika’ + the Pentagon + the US State Department’s global reach and constant meddling. Back doors anybody?
Microsoft’s junk O/S (with its millions of holes) and Microsoft’s plagiarized office applications created — almost single handedly — the entire hacker scene. I suspect that was done deliberately. Larry Ellison once correctly described Gates’ products as “vapour-ware”.
If we were truly intelligent and principled we would have arrested Bill Gates a decade ago and confiscated his ill-gotten $-billions.
Since I converted to Open Source software, while rejecting Amerikan corporate garbage entirely, I have learned to enjoy my daily computer experiences again. We now need an Open-Source alternative to Skype. Skype as we knew it (the European + Luxembourg version) is history.
Everything Amerika touches stinks to high heaven or turns to dust. The entire political edifice comprising Washington DC, Manhattan NYC, and Chicago needs to be wiped out, else humanity will soon be toast.
Pingback: Privacy advocates, journalists, others ask Microsoft about privacy and security of Skype in open letter » Infowars Wexford