Microsoft Has to Tell the Truth about Skype Privacy

An open letter to Skype division president Tony Bates, Microsoft chief privacy officer Brendon Lynch, and Microsoft general counsel Brad Smith, was co-signed by 45 organizations and others, requesting Microsoft and Skype to come clean on privacy issues surrounding Skype. 

The letter condemned Microsoft for the company’s “persistently unclear and confusing statements about the confidentiality of Skype conversations,” particularly when it came to addressing whether or not governments and other organizations could gain access to Skype’s user data and conversations. What the organizations and individuals who had co-signed the letter were asking for was a customary statement of accountability, including the following information.

1. Quantitative data that spell out how Skype releases user information to third parties, categorized by the country where the request came from, including the number of requests from governments, the type of data being asked for, the proportion of those requests being granted, and the basis for rejecting requests.
   
   
2. Specific details of user data that Microsoft and Skype collects and the policies regarding their retention.
   
   
3. Skype’s “best understanding” of what user data may be compromised, intercepted, or retained by third parties, including network service providers and malicious attackers.
   
   
4. Documentation pertaining to Skype’s relationship with China’s TOM Online and other licensed third-party users, as well as an explanation of the surveillance and censorship they pose to Skype users.
   
   
5. Skype’s reading of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA) and its policies when it comes to divulging call metadata if subpoenaed and asked to comply with National Security Letters (NSLs).

Why Not Mirror the Transparency Efforts by Twitter, Google, and Sonic.net?

The groups and individuals who had penned the open letter contended that Google, Twitter, and Sonic.net hand out transparency reports. So, Microsoft and Skype would simply be falling in line with customary practices.

Many of Skype’s approximately 600 million users around the world chat using the service instead of a mobile phone in order to evade censorship or discovery. And depending on the standpoint, this can be a dilemma. Skype’s service can be used by insurgents and rebels. On the other hand, people who protest against tyrannical establishments can also use it. Sadly, some recognize those establishments exist within the United States. A Washington Post story claimed that Skype cooperated with U.S. law enforcement to the point that online chats were made visible to the police – although the article remarked that it was not wholly sound to do so. Moreover, The Verge was told by Reporters Without Borders that journalists reported having their calls intercepted.

Another issue was that Microsoft, after the Skype acquisition, tied the VoIP calling to Windows 8 and Windows Phone 8, where the Skype service could not be turned off as evidenced by the initial preview release.

Is Skype Adhering to Microsoft’s Policies?

The open letter came out a day after the publication of Microsoft’s online privacy guides for its products, including Bing, Internet Explorer, and Xbox – minus. The Office of the Australian Information Commissioner, a privacy agency in Australia, expressed reservations about Microsoft’s privacy policies. Some of those privacy-related protections consist of Internet Explorer’s Tracking Protection, which refuses to divulge any third-party information to sites “blacklisted” or blocked by a user.

Microsoft could be asked to do the same thing for Skype, even though coding that level of protection would definitely necessitate development efforts. What the 45 organizations and others who wrote the open letter were asking for was a decent first step.

Presently, even the basic privacy levels within Skype are inherently problematic. Skype makes it readily straightforward to seek out new contacts, even users that one has never connected to before. This leads to spamming, phishing, or monitoring.

The authors of the letter also noted that the Microsoft-Skype merger was announced in October 2011. That gave Microsoft sufficient time to plan Skype’s privacy strategy.

Considering the public statement issued by Microsoft regarding its commitment to privacy, the company may find Data Privacy Day on January 28th as ideal timing to make clear Skype’s commitment to privacy. (KOM) Link