Does Skype share user data with the feds? Privacy advocates demand to know

Privacy advocates and Internet activists call on Skype and Microsoft to open up on who can access users' communications

Dozens of privacy advocates, Internet activists, and journalists have issued an open letter to Skype and Microsoft, calling on the companies to finally offer clearness and transparency on who has access to Skype user data and how that data is secured.

The letter specifically urges the companies to follow in the footsteps of Twitter and Google and release periodical transparency reports that clarify which parties -- including government agencies and business partners -- can see the data.

"Since Skype was acquired by Microsoft, both entities have refused to answer questions about exactly what kinds of user data can be intercepted, what user data is retained, or whether eavesdropping on Skype conversations may take place," reads the letter, signed by such groups as the Digital Rights Foundation and the Electronic Frontier Foundation.

Noting that users from all walks to life, from political activists to journalists to businesses, rely on Skype for secure communications of often sensitive information, the signers deemed it "unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications."

The letter says Microsoft has had sufficient time since acquiring Skype to come up with answers to questions surrounding lawful access, user-data collection, and the degree of security of Skype communications.

For example, the group notes that back in June 2008, Skype had said it could not eavesdrop on user conversations due to its peer-to-peer architecture and encryption techniques. The company also asserted it was not required to comply with expanded CALEA (the Communications Assistance for Law Enforcement Act) rules on wiretapping as long as it was based in Europe. However, now that a U.S.-based company owns Skype, it may be required to comply with CALEA. Furthermore, "as a U.S.-based communication provider, Skype would therefore be required to comply with the secretive practice of National Security Letters" issued by the federal government, the transparency proponents note.

The group also notes that in 2012, "the FBI stated that it had issued a warrant for chats going back to 2007, and that it had used those chats as evidence as the basis for criminal charges. This contradicts Skype's own policy stating that chats are retained for a maximum of 30 days."

The group proposal is for Skype to release period transparency reports, à la Twitter and Google, that include:

  • Quantitative data regarding what sort of Skype user information is released to third parties, including who is requesting what kind of data and which requests are fulfilled
  • Specific details of all user data Microsoft and Skype currently collects, and the retention policies for that data
  • Skype's best understanding of what user data third parties may be able to intercept or retain, including network providers or potential malicious attackers
  • Details on the relationship between Skype with third-party licensed users of Skype technology, including the surveillance and censorship capabilities users may be subject to if they use these alternatives
  • The company's policies and guidelines for employees insofar as handing requests for user data from law enforcement and intelligence agencies

This story, "Does Skype share user data with the feds? Privacy advocates demand to know," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.