How Microsoft lets the Chinese government spy on its citizens via Skype

Skype is one of the biggest players when it comes to communication services on the internet. As such, it's very important for its users to know that their data is secure and their privacy is respected. However, there have been numerous rumors and allegations that Skype is not as secure as it should be, especially in places such as China where the government monitors online communications. 

Thanks to the work of Jeffrey Knockel, a science graduate at the University of New Mexico, we now have a much better understanding of how the Chinese government uses Skype to spy on its citizens. His work focuses on text sent via Skype and has nothing to do with VOIP. The regular version of Skype is not available in China but a different, modified, version called TOM-Skype is. This modified version is a joint venture between TOM Online, a Chinese telecommunications company, and Microsoft.

Bloomberg reports that the young graduate has been delving deep into TOM-Skype's code and has managed to reveal that the program uses a list to search for keywords within users' texts. If a keyword is found, the entire communication is recorded and sent back to TOM's servers along with the user's identifying info as well as the receiving user's info. Suspicion that this was happening has been hovering around Skype and Microsoft for quite a while now, with privacy and freedom advocates demanding that Microsoft publicly disclose such practices.

Knockel actually managed to break the encryption around the list of keywords that the program would search for. These include terms such as " Amnesty International" and "Tienanmen" but the list gets updated periodically to keep up with current events.

When asked to comment on the situation Microsoft distanced themselves from TOM-Skype saying that TOM Online is the majority stakeholder and as such they have altered he program to comply with local laws. This stance comes in conflict with Microsoft's official position on freedom of information and speech. The company is a founding member of the Global Network Initiative, a group that promotes corporate responsibility in online freedom of expression.  

What's even more worrying, says Knockel, is that recent changes to TOM-Skype's code have made it so that even users of regular Skype outside of China have their info recorded when they communicate with someone using TOM-Skype.

Source: Bloomberg Businessweek  | Image via MaximumPC

Report a problem with article
Previous Story

"iWatch" could come with iOS and make Apple $6 billion a year, says analyst

Next Story

Microsoft axes Xbox Live Gold Family pack, doesn't love your offspring

24 Comments

Commenting is disabled on this article.

the difference between the google stuff and Microsoft is, Microsoft is not spying on you, the Chinese government is. Microsoft is not getting your data. The Chinese government needed a mature VOIP product and Skype fit the bill. They modified it and it is legal to do what they want to do in their country.

It's not Microsoft's fault... each countries' governments have particular set of requirements. If they want Skype to remain dominate in China, then they have to abide to what their government is requiring them to do. It doesn't mean they agree with it.

Actually they're not. Google's doing their thing because they want to for their own personal gain and creepiness. Microsoft has to do this in China because the Government is requiring them to do so if they want to provide the Skype service there. It's the government, not Microsoft who uses or requests that information.

Really re-enforcing the fact that Microsoft in the last year or so, have turned into a bunch of *******s.

Absolutely they are. That's just part of it. The other part is the fact that they are releasing products that are ****ing with people.

But hey. This is my opinion. Clearly not yours.

I don't know why this is a surprise, I am sure just about any big communications company operating in China would be doing something similar that we would be disdained to hear about.

At least with China you know where you stand. I find their version of big brother less worrying then the insidious one creeping across the western world at the moment where we bash china but are delussioned to thinking our governments that legislated far reaching spy and communications powers, extensive cctv networks and executive powers are all squeaky clean and haven't built an apparatus similar to that anyway.

The Chinese are probably basing their approach to communications monitoring on the western model, where eavesdropping happens and then a law comes along to legitimise it. They just don't need to worry so much about adverse media coverage and privacy rights groups to govt snooping plans.

This just proves that NOTHING is secure and if someone wants to, they will get your data/info. Funny really since MS seems to have a close relationship with Skype.

Edited by techbeck, Mar 8 2013, 1:33pm :

techbeck said,
This just proves that NOTHING is secure and if someone wants to, they will get your data/info. Funny really since MS seems to have a close relationship with Skype.

Yes, one might think they even own Skype.

siah1214 said,

Yes, one might think they even own Skype.

Yea, forget they bought them a couple years ago. So basically MS is bashing Google and creating these ads claiming Google is stealing users data and Google is not secure. MS should look at their own programs and worry about themselves as they look to be not much better.

problem is, this is a policy of a government, you can either comply or not do business on their turf (changing a foreign governments' policies is not the job of a corporation, not for MS, not for Apple or not for Google)... on the other hand, the stuff MS bashes Google for is NOT a government issue, it's a business method used by a data mining company; like facebook gets so much heat for their business politics for profiling users and clogging their website full of uninteresting ads while fronting as a free-to-use social network providing communication, online storage etc. for the user

google is the same with two mayor differences: people doesn't seem to understand their business method and they do services you cannot even opt out of completely (or YOU need to do the walk to canossa: i don't remember requesting my properties' presence on for example street view - would you mind if zuckerberg register you on facebook just like that? even if you don't want to use the service? i would, because i like to choose which company i provide with payment - with money, data, content for me it's the same, just different food for different animal)

Edited by deleted_acc, Mar 8 2013, 3:50pm :

morden said,
problem is, tis is a policy of a government, you can either comply or not do business on their turf... on the other hand, the stuff MS bashes Google for is NOT a government issue, it's a business method used by a data mining company;

Except this can be used outside of China as well with Tom Skype. So it is not limited to a government or country. And MS apparently doesnt seem to worried about it.

that may be true but again, that would be that governments' choice - or if used by a natural or legal person it's a law enforcement issue and a case of privacy violation

however it would be nice to prompt the user of Skype if connectiong to a TOM-Skype user, i admit that

techbeck said,

Yea, forget they bought them a couple years ago. So basically MS is bashing Google and creating these ads claiming Google is stealing users data and Google is not secure. MS should look at their own programs and worry about themselves as they look to be not much better.

Microsoft Is not stealing your data, the Chinese government is. its their country,and those are its local laws.

Nice try though,but if this is your way of trying to defend googles actions,then you failed. totally different things.

vcfan said,

Microsoft Is not stealing your data, the Chinese government is. its their country,and those are its local laws.

Except it goes against what Microsoft complains on others about. Its a big issue especially since others outside of China can access info from people using the Tom-Skype and it looks like MS just shrugged their shoulders. So its a security/privacy issue and I never said Microsoft was stealing data. If this was contained in China, then yea...local laws and no big deal there.

Nice try though,but if this is your way of trying to defend googles actions,then you failed. totally different things.

Dont assume what I mean or intended to do. Google's actions are not as bad as what others think. Its the paranoid anti Google Microsoft zeolots that have an issue with what Google is doing. Google PUBLICALY announced what they were doing ahead of time so it was no secrete and Google as not trying to pull a fast one. If pepole didnt switch from Google then and are still complaining, then its their problem.

I use Macs, Androids, and Microsoft products every day all day. Each have their faults/flaws but everyone of them has their fare share of privacy/security issues.

well, there were some issues concerning privacy, eulas, services like buzz, gathering data, not deleting requested data etc.

i would never characterise a company "bad" per se, it's nothing to do being good or evil - however if people get tinfoil hats and start to run amok with hands above heads because of facebook then google would OBJECTIVELY deserve not less, but much more awareness and concern

long story short i can understand your concerns about microsofts' business policy in China but the sroogle campaign and this is just not in the same leage, it's apples and oranges - but even if these things would be comparable not means that it's okay for one company to do crap if the other does it too: they BOTH should be kicked in the nuts; but MS gets hundreds of millions fine while google gets away almost everything (what, the wifi-data collecting fiasco cost them $25.000? even i would be capable of paying that if i won't eat for a while - and i did not collect data from millions of unaware people then deny governmental request for deletion and alltogether acting like some supranational entity)

morden said,
but MS gets hundreds of millions fine while google gets away almost everything (what, the wifi-data collecting fiasco cost them $25.000? even i would be capable of paying that if i won't eat for a while - and i did not collect data from millions of unaware people then deny governmental request for deletion and alltogether acting like some supranational entity)

$7 million apparently, and $22.5 million for spying via Safari exploit. Still disgustingly low for a repeat offender of privacy. (not that I condone excessive fines, but it depends on what we're talking about here)

Exactly. It's not their fault. Because unfortunately, if Microsoft wants to provide Skype there, they have to abide to what their crappy government is requiring. Then again, I highly doubt China is the only government that requires this.