Skype standards

Privacy Campaigners Call On Microsoft For Skype Transparency

Post-Microsoft acquisition changes continue to pique privacy advocate interest in Skype

On by Thomas Brewster 1

Skype is facing calls to start providing transparency reports on what it is doing with user data, as privacy advocates sent a letter to Microsoft executives issuing a number of demands.

The hugely popular VoIP service has been undergoing a number of changes since it was acquired by Microsoft for $8 billion in 2011, which have caused concern in pro-privacy circles.

It is believed that, contrary to what went on before, Skype is now storing user data on servers, ostensibly for mining purposes to provide better services for customers.

Another significant change saw Microsoft take control over the Skype supernodes – the nodes that effectively power the Skype system along and act as a distributed directory of Skype users.  Those supernodes used to consist of regular users who had enough processing power to help keep the system up for other users, but have now been moved to Microsoft. That change did not allow Skype to hold onto the content of communications, but meant it did have certain communications data held in a centralised manner.

Skype has repeatedly denied claims it is making changes to support law enforcement. It has not been clear about whether it is now feeding more data to police than before, however.

Skype privacy worries

Some are worried the infrastructure changes and the new management could open Skype up for more work with law enforcement. As with any service provider, police can ask for user data during investigations, or gain a court order to acquire that information.

Google produces regular transparency reports – the most recent this month showing another rise in government demands for private information of citizens. Twitter also delivers similar reports.

Privacy advocates, including the Electronic Frontier Foundation and Reporters Without Borders, want Skype to do the same and clarify its position.

“It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications,” read a letter sent to Microsoft’s chief privacy officer Brendon Lynch, and two other company execs.

“The time has come for Microsoft to publicly document Skype’s security and privacy practices.”

The letter calls for Skype to produce data on the release of information to third parties, showing the differentiation between nations and the nature of requests for data. It also asks for details of all user data Microsoft and Skype currently collects, as well as documentation on the relationship between Skype with TOM Online, a Chinese mobile Internet company that exclusively offers Skype in the country, and other third-party licensed users of the VoIP technology.

Microsoft is currently reviewing the requests. “We are reviewing the letter.  Microsoft has an ongoing commitment to collaborate with advocates, industry partners and governments worldwide to develop solutions and promote effective public policies that help protect people’s online safety and privacy,” a Microsoft spokesperson said.

Respect privacy? Try our privacy quiz!

Thomas Brewster
Author: Thomas Brewster
Security Correspondent, TechWeekEurope
Thomas Brewster Thomas Brewster Thomas Brewster
Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




One reply to Privacy Campaigners Call On Microsoft For Skype Transparency

  • On January 25, 2013 at 3:33 pm by Lincoln

    Skype is not some disruptive little P2P rogue anymore, it’s integrated to the Microsoft platform. Folks on some watchlist should not need any “transparency report” to know that today’s Skype isn’t for them. Compliance with government data demands is how the whole world works today, not just major internet services. Skype is no exception. How much more can it be spelled out?

    Instead of being willfully ignorant, EFF types should turn their focus to developing and evangelizing some useful A/V chat platform where the provider (if there is one) has zero data visibility, and then don’t sell it out.

    Google started this thing with publishing disclosure stats and a few US companies have jumped aboard, but it’s no major trend and certainly not anything you can just demand.

    I get tired of people saying it’s impossible to have online privacy. The Internet is just a communications network and how you use it is up to you. If you spend all day posting to social networks and using cloud services from major corporations, keep in mind that the postcard analogy applies. Please do not bother sending a bunch of letters after the fact demanding to know who possibly has access to which data and under what circumstances.

    Not every single thing on the Internet must be done via Google Chrome pointing at some Facebook, Google or Microsoft server. There are such things as protocols besides HTTP. Particularly if you are some sort of dissident or paranoid with need of secure communications, please check out a P2P protocol for encrypted chat, it’s not like there aren’t several decent options. Just be sure whatever you do involves full-on end-to-end encryption. Run your own server. Setup a VPN. Tunnel over SSH. Take your pick. Just do something besides relying on Skype for privacy, please.

    People complain about a lack of easy to use alternatives to Skype, but how did the Internet become so dumbed down? Unless some functionality is packaged and delivered as a corporate-owned web application, it seems out of the question. When you rely on corporate web sites to provide all of your services and store all of your data, it’s outside of your control.

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>