Skype Admits Joint Venture in China Monitoring Users' Communications
Skype has admitted breaching customer privacy with its Chinese joint-venture.
Several internet companies, including Google and Yahoo, have been criticised in the past for being too helpful in enabling censorship in China.
A group of international internet service companies, including Google, Microsoft and Yahoo, are drawing up a voluntary code of conduct in negotiations with human-rights groups, academics and investors.
Skype has admitted that TOM-Skype, its Chinese venture with TOM Online, has been monitoring and storing some of its users' text messages without Skype's knowledge, Dow Jones reports. Skype apologised after a report by Canadian researchers revealed that its web service monitors text chats for politically sensitive keywords and stores them along with millions of personal user records on computers that can be easily accessed by anybody, including the Chinese government. Jennifer Caukin, a spokeswoman for Skype, the minority owner of TOM-Skype, admitted to the privacy breach in the servers and said it had now been fixed. However, she said that Skype needed to have further discussions with TOM after it found out that the venture had changed privacy policies without Skype's consent or knowledge in order to store certain user messages. According to Caukin, Skype had publicly acknowledged in 2006 that in order to meet Chinese regulations, TOM was operating a text filter that blocked certain words on TOM-Skype chat messages without compromising customer privacy. However, she said that this practice had changed without Skype's knowledge or consent and that the company was extremely concerned.
There are two parts to this affair: the first, a simple design flaw that facilitated the breach of security; the second, the more controversial issue of storage and data mining of communications records. Skype had to partner with TOM to access the Chinese market and must have expected that some form of access to communications would be part of the deal. News.com reported in June 2008 that Skype asserted that voice Skype-to-Skype (only) communications cannot be subject to unauthorised monitoring as it is impossible due to the peer-to-peer and encrypted nature of the communications. However, this certainly does not cover government monitoring and third-party involvement, such as TOM, which provides the Chinese client software and could facilitate such monitoring. TOM-Skype has 69 million registered users. Some Chinese users believe Skype, which advertises itself as having encryption to "protect users from unauthorised eavesdropping", is safe from government monitoring and it has been widely used by dissidents.
The Skype report comes as a coalition of international internet service companies, including Google, Microsoft and Yahoo, is nearing completion of a voluntary code of conduct drawn up in negotiations with human-rights groups, academics and investors. While that initiative is not focused only on China, many companies seeking growth in China's dynamic internet sector have been criticised for being too helpful in enabling censorship in the country. Foreign internet companies say they must abide by local laws to do business in China and that their presence there does more good than harm by giving the Chinese greater access to information and channels of communication. In November 2007, Yahoo was excoriated during a congressional hearing for its role in actions that led to the imprisonment of Chinese dissidents. Chief executive Jerry Yang apologised to the mother of journalist Shi Tao, who was jailed after a unit of the company handed information about him to the Chinese authorities in 2004. China is not alone in courting controversy over communications interception—the warrantless wiretapping controversies that have arisen partly through the U.S. Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001) and subsequent granting of immunity from litigation regarding the telcos' allowance of access to networks by the security services highlights this. The Total Information Awareness project proposed in 2002/03 would have exponentially increased government access to communications data, but this was shot down with the removal of key funding by Congress.
