Feeds

Activists urge Skype: Tell us who is spying on us

Microsoft mum on privacy, security policies

Combat fraud and increase customer satisfaction

A coalition of activists, privacy organizations, journalists, and others have called upon Microsoft to be more forthright about when, why, and to whom it discloses information about Skype users and their communications.

In an open letter published on Thursday, the group argues that Redmond's statements about the confidentiality of Skype conversations have been "persistently unclear and confusing," casting the security and privacy of the Skype platform in doubt.

"Many of its users rely on Skype for secure communications – whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends," the letter explains.

Among the group's concerns is that although Skype was founded in Europe, its acquisition by a US-based company – Microsoft – may mean it is now subject to different eavesdropping and data-disclosure requirements than it was before.

The group claims that both Microsoft and Skype have refused to answer questions about what kinds of user data the service retains, whether it discloses such data to governments, and whether Skype conversations can be intercepted.

The letter calls upon Microsoft to publish a regular Transparency Report outlining what kind of data Skype collects, what third parties might be able to intercept or retain, and how Skype interprets its responsibilities under the laws that pertain to it. In addition it asks for quantitative data about when, why, and how Skype shares data with third parties, including governments.

As the letter points out, several other companies already provide such reports, including Google, Twitter, and Sonic.net. Google's most recent report showed government requests for user data from online companies have increased 70 per cent in just three years.

Microsoft bought Skype in 2011 for $8.5bn and has since been working to make the service a key pillar of its communications strategy. Most recently, Microsoft announced that it would shut down its Windows Live Messenger service in March and urged all current Messenger users to switch to Skype.

Redmond's strong-arm tactics haven't pleased Messenger fans, but they've impressed privacy advocates even less, given the ambiguity about what information Skype discloses.

"On the eve of Microsoft's integration of Skype into many of its key software and services, the time has come for Microsoft to publicly document Skype's security and privacy practices," Thursday's open letter reads.

The letter is co-signed by a total of 61 individuals and 45 organizations, including such groups as the AIDS Policy Project, Cyber Arabs, DotConnectAfrica, the Egyptian Initiative for Personal Rights, the Electronic Frontier Foundation, Reporters Without Borders, the Thai Netizen Network, and the Tibet Action Institute.

When The Reg reached out to Redmond for comment, a spokesperson said Microsoft was reviewing the letter.

"Microsoft has an ongoing commitment to collaborate with advocates, industry partners and governments worldwide to develop solutions and promote effective public policies that help protect people's online safety and privacy," the company said in an emailed statement. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.