As Salon notes in “Skype sells out to China“, the eBay-owned service has collaborated with a Chinese company to enable spying on the allegedly encrypted messages that Skype users send each other to and from, and within, China. This disgusting sellout should surprise no one.
Skype and its corporate parent, eBay, have been evasive about whether the product is truly secure. There’s ample reason — including this admission attributed to an Austrian law-enforcement agency — to suspect that the company has created backdoors for police.
Skype, for its part, has never outright denied that it has done so. Nor has it shown its encryption algorithms in an open way to outside experts for verification and analysis. I take this as an admission that you can’t trust Skype’s encryption, period.
This is important to citizen-media people for several reasons. First, plenty of regimes make it downright dangerous to indulge in truly free speech. Skype has been a favored tool for many people who believed the built-in encryption somehow would protect them.
Second, it’s another example of the way companies from the West collaborate with the globe’s most dictatorial regimes — and it makes abundantly clear that we need an open-source communications toolset that we can trust.
Skype is better than no encryption at all. But do not imagine for a minute that you can fully trust this company, because you can’t.
on Oct 3rd, 2008 at 5:05 am
Just to clarify – the issues highlighted in the Information Warfare Monitor / ONI Asia report affect only the TOM-Skype software distributed in China, and not standard versions of Skype. Skype-to-Skype communications are, and always have been, completely secure and private.
Josh Silverman, Skype’s President, has blogged about the situation, explaining where we stand and what we’re doing to sort things out.
on Oct 4th, 2008 at 8:30 pm
[…] Octubre 5, 2008 · No hay comentarios Para sumar a mi paranoia con lo online: Dan Gillmor sobre la encriptación de los mensajes en Skype y el tema China: Skype es mejor que no encriptación del todo. Pero no imagines por un minuto que podés confiar en e… […]
on Oct 8th, 2008 at 4:51 pm
Peter, Skype has repeatedly refused to open its encryption to qualified outsiders (other than a few the company has picked) so that they can verify that there are no backdoors. Moreover, as far as I can discover, Skype has refused to say specifically — despite many opportunities — that there are no backdoors, or that the company has not cooperated with law-enforcement people.
Certainly the Chinese situation is different from Skype elsewhere. But the company’s record — and eBay’s well-known willingness to do pretty much anything a law enforcement person asks — gives me no reason whatever to trust Skype.
If there’s a backdoor, as I believe there must be given the company’s non-denial denials, then we have two problems. First, while I trust that almost all law enforcement people are honorable and not prying unreasonably into people’s affairs, I don’t trust that all of them behave that way. The record of abuses where there’s no oversight — and today there’s almost no oversight — is completely clear. Second, if there’s a backdoor for law enforcement, the really bad guys will find it and use it. That means criminals will have access to our communications, too.
As I said, Skype is probably better than nothing, but I still don’t know how much better. But anyone who trusts this software to be protecting conversations that need to be private is foolish.