Thursday, 2 October 2008

Skype China JV Monitoring Users' Activity -Researchers

A group of Canadian researchers said they found evidence suggesting that a Skype joint venture in China is monitoring its users' Internet text chats and storing messages that contain politically sensitive content on publicly-accessible servers.

In a report published Wednesday, the researchers allege that the monitoring-and-storage program led to the disclosure of millions of records containing personal information of users of the Chinese service, as well as who participated in voice calls using the service. It said the data was stored on eight servers operated by the service, which is a joint venture between Skype, a unit of eBay Inc. (EBAY), and TOM Online, a unit of Hong Kong-based TOM Group Ltd. (2383.HK)

The report was published by the Information Warfare Monitor and OpenNet Initiative-Asia, and written by Nart Villeneuve, a researcher at the University of Toronto who specializes in Internet censorship and evasion tactics used to bypass it.

Jennifer Caukin, a spokeswoman for Skype, said in an emailed statement that the security problem had been remedied as a result of the new report. The idea that China's government 'might be monitoring communications in and out of the country shouldn't surprise anyone,' Ms. Caukin said. 'Nevertheless, we were very concerned to hear about the apparent security issue' that enabled people to view user information, and 'we are pleased that, once we informed TOM about it, that they were able to fix the flaw.'

In a separate statement, TOM Group said that 'as a Chinese company, we adhere to rules and regulations in China where we operate our businesses.'

The findings, reported on the Web site of the New York Times Wednesday, appears to shed new light on the nature and scope of Internet monitoring in China. Researchers, human rights activists and others have long complained that the government here operates an extensive effort to block politically sensitive Web content and monitor email and other communications - often with the cooperation of Internet companies. But the details of those efforts are largely unclear.

Some users believe that Skype uses encryption that protects users from government monitoring, and the service has been widely used by dissidents in China for that reason.

The report leaves unclear what relationship, if any, the Chinese government may have had with the monitoring and storage effort it describes. But it says the records it uncovered on unsecured TOM-Skype servers included an encryption key that could be used to decrypt the data, and therefore could easily have been accessed by the government.

Personal information attached to those messages, and publicly accessible on the servers, included mobile phone accounts, mobile-phone text messages, and TOM-Skype usage information. The monitored messages included those from Skype users outside China who communicated with Tom-Skype users.

The report said the messages stored on the servers contained keywords relating to sensitive political topics such as Taiwan independence, political opposition to the Communist Party, and Falun Gong, the outlawed spiritual group. The evidence 'confirms that TOM-Skype is censoring and logging text chat messages that contain specific, sensitive keywords and may be engaged in more targeted surveillance,' the report says.

No comments:

Post a Comment