Skype admits security breach in China
Skype's Josh Silverman admitted yesterday that a security breach enabled Chinese Skype users' instant message conversations to be recorded and made accessible on public Web servers.
"It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years," said Silverman. He went on to cite Skype's public disclosure in 2006 of putting text filters in place to block certain words the Chinese authorities found "offensive."
However, what came as a shock to Silverman, and the rest of the Skype-using community, was that Chinese mobile Internet company TOM Online had been uploading and storing chats containing questionable keywords. Furthermore, a security breach allowed outside users to access and read the intercepted communications.
Silverman's announcement follows the release of a document from University of Toronto Citizen Lab researcher Nart Villeneuve, who discovered that TOM-Skype was not only filtering out swear words and seditious phrases, but also intercepting and saving them on eight servers in China.
Inspection of these servers found that terms related to political issues such as Taiwanese independence, the spiritual practice Falun Gong, and Communist Party of China opposition were all recorded. Further analysis from the group found that it may not even be strictly keyword driven, and it may have been targeting specific users.
These terms and more have been at the forefront of China's online censorship exploits. The Ministry of Public Security has dispatched as many as 30,000 "cybercops" to monitor Web content and activity since 2007.
According to state council decree number 343, which focuses on publishing (including online), all content "shall adhere to the principle of serving the people and socialism, and shall continue to be guided by Marxism-Leninism, Mao Zedong Thought, and Deng Xiaoping Theory. Publishing shall disseminate and accumulate all scientific and cultural knowledge that is beneficial to the elevation of the national character, the development of the economy, and the improvement of society, and shall enhance the outstanding characteristics of the national culture, promote international cultural exchanges, and enrich and elevate the spiritual lives of the people." The government's vigilance is a testimony to how seriously it considers dissenting speech.
Silverman said, "We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach. In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM."
So the messages are no longer visible to just anyone, but the IM-tapping will continue.
Silverman closed his statement by saying "Our challenge is to bring this valuable service to people all over, including China, while being transparent to our users and staying within the boundaries of the local laws. We are committed to meet this challenge."
TOM says that 39.7% of Internet users are signing on primarily to use instant messaging services, making this the number one reason the Chinese go online. It seems unlikely that this realm will ever be untouched by the Chinese government.
BETACHECK
For more:
- Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform by Nart Villenueve. From Citizen Lab, Munk Centre of International Studies, October 1, 2008.
- Skype's response to news: "Skype President Addresses Chinese Privacy Breach" by Josh Silverman. From share.skype.com, October 2, 2008.
- TOM.cn public usage statistics (as of Nov. 2007).
- "Falling Short." From the Committee to Protect Journalists, August 2007.
- "Human Rights Watch Reporter's Guide to Covering the Beijing Olympics." From Human Rights Watch, June 2008.