by Andy Patrizio
Privacy and freedom advocacy groups are pushing Microsoft to disclose whether it allows for backdoor access or shares data on user activity with third parties. More than 40 groups, including the Electronic Frontier Foundation (EFF) and Reporters Without Borders have signed a letter asking the firm to reveal details about what information is stored, shared and government efforts to access it.
A Microsoft spokesperson told DesktopReview, “We are reviewing the letter. Microsoft has an ongoing commitment to collaborate with advocates, industry partners and governments worldwide to develop solutions and promote effective public policies that help protect people’s online safety and privacy.”
For her part, Eva Galperin, international freedom of expression coordinator at the EFF, said she can be patient. “We understand Microsoft is a large corporation and it takes a while for the wheels to get set in motion, so we are giving them some time to respond before taking further steps,” she said. What further steps may be depends on their response, she added.
More than 600 million people use Skype for text, voice chat and video conferencing worldwide, and Microsoft is currently migrating users from its Windows Live Messenger and MSN Messenger products to the service, which it bought in 2011 for $8.5 billion.
The group has asked Microsoft to disclose a number of details, including:
- Details of how many requests for data each country’s government has made and the percentage that the firm complies with.
- Information about exactly what information Microsoft keeps itself.
- The firm’s own analysis about the current ability of third-parties to intercept conversations.
- The policy its staff has for dealing with disclosure requests.
- Skype’s interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA).
Galperin said the request isn’t a mere fishing expedition, the EFF and other groups have reasons to be concerned. First, Microsoft has applied for a patent on a way to do interception of Skype calls. That does not mean that they are doing it but it cert indicates that it’s something they are thinking of doing, she notes.
Second, over the past year Microsoft has changed Skype’s architecture to be centralized to deal with a security problem that made it possible to enter user name and get the person’s IP address. Under Skype’s old structure, calls were directly peer-to-peer and there was no central hub, so Microsoft argued there was no way to intercept the calls. Now it had the central hub to do it.
“They were trying to do a good thing, but in doing that, they invalidated their defense of interceptions of Skype calls, that the nature of Skype made it impossible to intercept calls,” she said.
Microsoft also gave the groups good reason to be concerned when researchers at the University of Toronto uncovered that the China-only version of Skype service was blocking or storing certain chats being stored and sharing them with local authorities, which was in compliance with the country’s laws.
It sounds like Microsoft has to prove its innocence, but Galperin said this isn’t a court of law. “This is about privacy and security of hundreds of millions of Skype users, some of which use Skype for private and sensitive uses, including Syria, where it’s used by the Syrian government opposition. So clarifying this issue is vital to the safety and security of Skype users,” she said.