Skype has long been a quintessential bad actor for the privacy community--one that not only refuses to make promises about protecting user data from government surveillance, but won't even reveal basic facts about how and when it hands user conversations over to the government. Now, eight months after the voice-over-IP company was officially integrated into Microsoft, a critical mass of privacy activists are demanding answers.
On Thursday a group of 44 privacy and free expression groups along with 61 individual academics, activists and entrepreneurs signed their names to an open letter to Microsoft, demanding that its Skype division detail its government surveillance policies and practices. The petition, which includes everyone from Reporters Without Borders and the Electronic Frontier Foundation (EFF) to the Tibet Action Network and the hacktivist group Telecomix, calls on Skype to release a "regularly updated Transparency Report" that reveals what data it retains about individuals and for how long, as well as how and when it hands over user data to government agencies.
"We believe that this data is vital to help us help Skype’s most vulnerable users, who rely on your software for the privacy of their communications and, in some cases, their lives," reads the letter.
"Skype has become one of the world’s biggest telecommunications companies, essentially; People all over the world rely on it for international and domestic phone and video calls. It’s being used heavily by some of the most vulnerable populations," says Eva Galperin, international freedom of expression coordinator at the EFF and one of the drafters of the letter along with Nadim Kobeissi, the privacy activist and founder of the encrypted chat program Cryptocat. "So the lack of clarity around privacy after Microsoft's acquisition of Skype has become a major issue."
Specifically, the petition asks Skype to spell out its compliance with the Communications Assistance for Law Enforcement Act and National Security Letters, both of which can require the handover of private user data to government agencies.
In 2008, Skype claimed that it couldn't comply with CALEA, which requires communications firms to provide a method of allowing access to content to law enforcement, because of the distributed nature of its peer-to-peer technology--what's more, it argued it didn't need to given its European headquarters.
But since then, Microsoft's integration of Skype has moved the company to American soil, the letter posits, raising questions about whether Skype is now subject to CALEA and other American government surveillance. The EFF's Galperin also says that changes to the service's architecture may mean that its data is more centrally collected and vulnerable to governments' requests.
Galperin says she's equally concerned about Skype's cooperation with foreign government surveillance and other third parties. She points to Syrian government surveillance of the use of Skype by activists and rebels in the country, for instance, and also notes reports of the company handing over data on a WikiLeaks supporter to a private security firm hired by PayPal.
Skype's opaque privacy practices came under fire in July of last year when it refused to answer the question of whether it can and does eavesdrop on users' conversations on behalf of law enforcement.
"Until it is more transparent, Skype should be assumed to be insecure, and not safe for those whose physical safety depends upon confidentiality of their calls," wrote privacy activist and now principal ACLU technologist Chris Soghoian at the time.
The company's silence on the issue only contributed to its abysmal reputation in the privacy community: The Electronic Frontier Foundation, whose "Who's Got Your Back" scorecard grades companies on their efforts to protect user data from surveillance, awards the company zero stars out of four.
Now the petitioners are calling on Skype to create a reporting system for its cooperation with government surveillance modeled on the Transparency Reports issued by tech firms like Google, Twitter, and the California broadband provider Sonic.net. Google, for instance, released its latest report Wednesday, showing 8,438 government requests for its data in the second half of 2012, a 70% increase since it began releasing the reports in 2009.
Read the group's full open letter to Microsoft here.
—
Follow me on Twitter, and check out my new book, This Machine Kills Secrets: How WikiLeakers, Cypherpunks and Hacktivists Aim To Free The World’s Information.
