In an open letter posted to Microsoft, many online privacy advocates, Internet activists, journalists, and others are asking Microsoft to be more open about the trustworthiness of its Skype software for confidential conversations, in an open letter to the company posted Thursday. “We are reviewing the letter,” a spokesperson for Microsoft said.

The letter points questions at the co-branded Chinese variant of Skype, TOM-Skype, in particular. TOM-Skype applies a text filter and automatically blocks messages deemed “unsuitable for delivery.” Because of the co-branding, TOM-Skype looks and behaves exactly like the U.S. version of Skype, leading to concerns that users may not realize they are communicating through Chinese servers and protocols. The level of state surveillance on TOM-Skype calls remains unclear.

The authors of the letter say they’re worried in particular about the access that governments have to both Skype conversations themselves and to the user data generated by those communications. Among the groups that have signed the letter are the Electronic Frontier Foundation, Reporters Without Borders, the Egyptian Initiative for Personal Rights, and the Tibet Action Institute.

The letter calls on Microsoft to release a “regularly updated Transparency Report” that touches on these points:

  • Quantitative data regarding the release of Skype user information to third parties, including number of requests, type of data requested, and how often those requests are honored.
  • Specific details of all user data Microsoft and Skype currently collects, and retention policies.
  • Skype’s best understanding of what user data third parties may be able to intercept or retain.
  • Documentation regarding the operational relationship between Skype with TOM Online and other third-party licensed users of Skype technology.

“People are still unaware,” said Martin Johnson of Greatfire.org, “and Microsoft hasn’t moved to improve the situation, so publishing this letter matters a lot…If we can make Microsoft move just an inch it’s all worth it.”

Microsoft has plans to replace its long-standing Windows Live Messenger service with Skype as of March 15th, a probable replacement with Xbox Live voice chat, and other integrations with additional services, increasing the severity of these privacy concerns.

  • http://twitter.com/ZackKennedy Zack Kennedy

    I love how every other tech blog seems to try and make Microsoft look incredibly bad with FUD, yet I see nothing but facts in this article.

    • http://www.trutower.com/ Josh (TruTower.com)

      Thanks Zack! Facts are what makes news “news” ;)

  • Jenny

    Skype is not some disruptive little P2P rogue anymore, it’s integrated to the Microsoft platform. Folks on some watchlist oughtn’t require any “transparency report” to know that today’s Skype isn’t for them. Compliance with government data demands is how the whole world works, not just major internet services. Skype is no exception. How much more can it be spelled out?

    Instead of being willfully ignorant, EFF types should turn their focus to developing and evangelizing some useful A/V cypherpunk chat platform where the provider (if there is one) has zero data visibility, and then don’t sell it out.

    Google started this thing with publishing disclosure stats and a few left-coast companies have jumped aboard, but it’s no major trend and certainly not anything you can just demand… not when you’re a bunch of twitter nobodys with zero real-world clout.

  • http://twitter.com/usefulagenda Chris@UsefulAgenda

    Nice post.

    • http://www.trutower.com/ Josh (TruTower.com)

      Thank you :)

  • decourl

    I get tired of people saying it’s impossible to have online privacy. The Internet is just a communications network and how you use it is up to you. If you spend all day posting to social networks and using cloud services from major corporations, keep in mind that the postcard analogy applies. Please do not bother sending a bunch of letters after the fact demanding to know who possibly has access to which data and under what circumstances.

    Not every single thing on the Internet must be done via Google Chrome pointing at some Facebook, Google or Microsoft server. There are such things as protocols besides HTTP. Particularly if you are some sort of dissident or paranoid with need of secure communications, please check out a P2P protocol for encrypted chat, it’s not like there aren’t several decent options. Just be sure whatever you do involves full-on end-to-end encryption. Run your own server. Setup a VPN. Tunnel over SSH. Take your pick. Just do something besides relying on Skype for privacy, please.

    People complain about a lack of easy to use alternatives to Skype, but how did the Internet become so dumbed down? In the 90s not everybody was on the Internet but the folks on it had some clue. Now unless some functionality is packaged and delivered as a corporate-owned web application, it seems out of the question. When you rely on corporate web sites to provide all of your services and store all of your data, it’s outside of your control.

    • http://www.trutower.com/ Josh (TruTower.com)

      Some people don’t seem to realize that personal privacy is personal. It doesn’t matter what services you use; it’s up to you to keep your own information private.

      Thanks for your comment! :)