Web

‘Open Letter to Skype’ demands Microsoft come clean about user privacy

Skype privacy

How private is Skype? We don’t know, and that’s a serious problem.

This is the message put forth in an “Open Letter to Skype,” which was published today and carries the signatures of more than 100 Internet activists, companies, and organizations. The signatories hope the letter will urge Microsoft, Skype’s parent company, to issue bi-annual Skype “transparency reports” similar to those published by Google, Twitter, and Sonic.net.

“Many of its users rely on Skype for secure communications – whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends,” the letter reads. “It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications.”

Cybersecurity researcher Nadim Kobeissi, known for developing the encrypted Web chat client Cyrptocat and the original author of the letter, says Microsoft has refused to come clean about Skype user privacy for too long. In 2008, prior to the Microsoft buyout, Skype said that its peer-to-peer infrastructure made it impossible for the company to spy on users’ communications. And, because it was based in Europe, Skype asserted it had no obligation to comply with U.S. wiretap laws. Since Microsoft’s purchase of Skype in 2011, however, the company has remained mum on whether its new-found U.S. base of operations changes its legal obligations, and its policy toward eavesdropping on users.

“Many organizations and Internet activists have been trying to get straight information from Skype for years,” said Kobeissi in an email with Digital Trends. “We’re simply putting it together now because we collectively decided it was time to get a real, transparent answer from Skype, that benefits all of its users, including those who may be operating from danger zones.”

The letter, which was originally drafted by Kobeissi and revised with help from the Electronic Frontier Foundation and other activists, lays out a list of five broad criteria that the activists want Microsoft to provide in a Skype Transparency Report. The list includes details about which third-parties have access to Skype user data, including Microsoft’s compliance with governments’ request for user data; details about what user data Skype collects; documentation pertaining to Microsoft’s “operational relationship” with China’s mobile Internet company TOM Online; and an explanation of the company’s procedure “when Skype receives and responds to requests for user data from law enforcement and intelligence agencies in the United States and elsewhere,” specifically Skype’s compliance with the Communications Assistance for Law Enforcement Act (CALEA) and its “response to subpoenas and National Security Letters (NSLs).”

In the U.S., Skype’s compliance with CALEA is of particular concern. Originally passed in 1994 and updated in 2004, CALEA requires telephone companies and broadband Internet service providers (PDF) to build in “backdoors” to allow law enforcement to secretly monitor suspects’ communications.

Last year, the FBI reportedly began pushing for an update to CALEA that would move social networks like Facebook, and VoIP services like Skype, under the CALEA umbrella. Because ISPs are already required to allow government wiretaps, however, it’s possible – even likely – that Skype communications are already being intercepted.

For Skype users living abroad, the issue is further complicated by the Foreign Intelligence Surveillance Act (FISA), which allows the U.S. government to monitor communications between foreign nationals, or between Americans and citizens of other countries.

While many of these nebulous privacy issues may cause some Skype users to tune out, supporters of the letter say the matters at hand are quite simple – and vital for all users to get behind.

“Most people wouldn’t be too comfortable with someone looking over their shoulder while they video chatted with friends or family, yet that’s what’s happening – digitally – with Skype,” said Sarah Downey, a privacy attorney for Abine, in an email with Digital Trends. (Both Downey and Abine have signed the Skype letter.) “Your Skype profile information, chats, and videos are being shared for advertising and handed over to law enforcement without even a warrant.

“If you’re trusting an app like Skype to communicate, you deserve to know how Skype is using your personal information – or what risks it’s exposing you to,” she adds.

“I believe Skype users in the U.S. should be aware of the contradictory statements and lack of transparency that surrounds Skype’s service,” said Kobeissi. “All of Skype’s users would be better off if Skype could be more transparent about what it can and can’t promise.”

Whether Microsoft will agree to the letter’s demands remain to be seen – but there’s reason for the letter’s signatories to be hopeful. Microsoft has become a leader in the movement to implement “Do Not Track” technology by making the setting on by default in its Internet Explorer 10 Web browsers – a move that caused outrage across the online advertising industry. And on Wednesday, the Redmond, Washington-based computing giant released the results of a survey it commissioned, which found that users are increasingly concerned about their online privacy, and want ways to protect it.

“As online activities have become a valuable part of daily life, privacy is incredibly important. At Microsoft, we strive to help our customers manage their personal information online by providing easy-to-understand privacy policies, settings and guidance,” said Brendon Lynch, Microsoft Chief Privacy Officer, in a statement. “We take seriously our responsibility to customers by investing in a comprehensive and dynamic privacy program that implements our policies and delivers privacy innovations to our customers.”

Despite this, Microsoft has so far refused to respond to the Skype letter. “We have reached out to Microsoft through the Electronic Frontier Foundation, but so far I have personally not heard from them,” said Kobeissi.

Regardless of whether Microsoft responds now that the letter is public, Kobeissi says it is still important for Americans to be aware of how their communications are being monitored by the U.S. government.

“I think the answer can be summed up by: ‘Always look for real, transparent promises of privacy,'” he said. “So many institutions and companies in the U.S. manage to slip under the radar while offering no promise of real privacy rights, and this needs to change.”

Read the full Skype letter here.

Gaming

Google’s Stadia is the future of gaming, and that’s bad news for our planet

Google’s upcoming Stadia cloud gaming service, and its competitors, are ready to change the way gamers play, but in doing so they may kick off a new wave of data center growth – with unfortunate consequences for the environment.
Computing

George Clooney and Microsoft’s TrialWatch hopes to put a spotlight on injustice

Microsoft and The Clooney Foundation for Justice unveiled the TrialWatch app Thursday during an event at Columbia University — a new tool in CFJ’s ongoing effort to shine a light on injustice in courts around the globe.
Computing

Amal and George Clooney want to change the world. Can Microsoft help?

Microsoft and The Clooney Foundation for Justice (CFJ) unveiled the TrialWatch app Thursday morning, a new tool in CFJ’s ongoing TrialWatch effort to shine a light on injustice in courts around the globe – which too often are simply…
Smart Home

Can new laws protect you from smart home security breaches?

To help combat smart home data breaches, state and federal lawmakers are exploring ways to protect consumers. California, Oregon, and members of the U.S. Senate all have proposals to protect people's data.
Social Media

How to protect yourself from GoFundMe scams before donating

Can you spot a GoFundMe scam? While the fundraising platform says scams make up less than a tenth of one percent of campaigns, some do try to take advantages of others' charity -- like a case last year that made national news.
Computing

House votes to restore net neutrality rules, but effort faces long odds

The U.S. House of Representatives has approved the Save the Internet Act, a measure intended to restore net neutrality rules that were repealed in 2017 by the Federal Communications Commission.
Mobile

The FCC and White House want to bring high-speed internet to rural areas

The FCC and the White House unveiled new initiatives to bring high-speed internet to rural areas, including $20.4 billion in incentives to companies to build infrastructure. The FCC also announced ways to speed up the rollout of 5G.
Web

Search all of Craigslist at once with these great tools on web and mobile

Not finding what you need in your local area? Craigslist can be great for finding goods and services from further afield too. All you need do is learn these tips for how to search all of Craigslist at once.
Computing

Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Evidence of an Internet Explorer zero-day exploit capable of letting hackers steal files from Windows PCs was published online by a security researcher who also claims Microsoft knew of the vulnerability and opted not to patch it.
Business

Buying airline tickets too early is no longer a costly mistake, study suggests

When you book can play a big role in the cost of airline tickets -- so when is the best time to book flights? Earlier than you'd think, a new study suggests. Data from CheapAir.com suggests the window of time to buy at the best prices is…
Computing

Report says 20% of all 2018 web traffic came from bad bots

Distil Networks published its annual Bad Bot Report this week and announced that 20% of all web traffic in 2018 came from bad bots. The report had other similarly surprising findings regarding the state of bots as well.
Computing

Google Chrome will get a Reader Mode for distraction-free desktop browsing

If Google's testing of Reader Mode on the Chrome Canary desktop browser is successful, soon all Chrome users will gain access to this feature. Reader Mode strips away irrelevant content on a webpage for distraction-free browsing.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Computing

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.