[iDC] Massive Surveillance on Skype's China platform

[Ronald Deibert]

Dear Friends and Colleagues

I am writing to announce the release of the first Information Warfare  
Monitor/ONI Asia major investigative report, Breaching Trust: An  
analysis of surveillance and security practices on China’s TOM-Skype  
platform, written by Nart Villeneuve, Psiphon Fellow, the Citizen  
Lab, at the Munk Centre for International Studies, the University of  
Toronto.

The full report can be downloaded here:
http://www.infowar-monitor.net/breachingtrust/

John Markoff of the New York Times has just released a story about  
the report, which will appear in tomorrow's paper, but can be found  
online here:
Surveillance of Skype Messages Found in China
http://www.nytimes.com/2008/10/02/technology/internet/02skype.html? 
ref=business&pagewanted=print

Major Findings of this report are as follows:

• The full text chat messages of TOM-Skype users, along with Skype  
users who have
communicated with TOM-Skype users, are regularly scanned for  
sensitive keywords, and
if present, the resulting data are uploaded and stored on servers in  
China.
• These text messages, along with millions of records containing  
personal information, are
stored on insecure publicly-accessible web servers together with the  
encryption key required to
decrypt the data.
• The captured messages contain specific keywords relating to  
sensitive political topics such
as Taiwan independence, the Falun Gong, and political opposition to  
the Communist Party
of China.
• Our analysis suggests that the surveillance is not solely keyword- 
driven. Many of the
captured messages contain words that are too common for extensive  
logging, suggesting
that there may be criteria, such as specific usernames, that  
determine whether messages are
captured by the system.

As my colleague Rafal Rohozinski and I say in the foreword to the  
report, "If there was any doubt that your electronic communications –  
even secure chat – can leave a trace, Breaching Trust will put that  
case to rest.  This is a wake up call to everyone who has ever put  
their (blind) faith in the assurances offered up by network  
intermediaries like Skype.  Declarations and privacy policies are no  
substitute for the type of due diligence that the research put forth  
here represents."

Regards
Ron Deibert

Ronald J. Deibert
Director, The Citizen Lab
Munk Centre for International Studies
University of Toronto
r.deibert at utoronto.ca
http://deibert.citizenlab.org/

Ronald J. Deibert
Director, The Citizen Lab
Munk Centre for International Studies
University of Toronto
r.deibert at utoronto.ca
http://deibert.citizenlab.org/




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.thing.net/pipermail/idc/attachments/20081001/989b1648/attachment.htm