Tom-Skype, a joint venture in China between eBay's Skype unit and Tom Online, has been known to operate a text filter on text chats, but a new report says that the data is stored insecurely and the text messages and records containing personal data can be easily accessed.
Tom-Skype regularly scans text chat messages for politically sensitive keywords, and stores them insecurely, according to a study by researchers in Canada.
Read the latest WhitePaper - Network Seismology: How Metcalfe's Law Is Driving the Demand for a New Breed of Network Monitoring Probes
If the keywords are present, the text messages and records containing personal information, are stored on insecure publicly-accessible servers together with the encryption key required to decrypt the data, according to a joint report by The Citizen Lab at the University of Toronto, and The SecDev Group in Ottawa.
The report, called "Breaching Trust: An analysis of surveillance and security practices on China's Tom-Skype platform", does not directly implicate the Chinese government, though it suggests this surveillance is yet another instance of corporate complicity with the Chinese authorities.
It raises troubling questions regarding how these practices are related to the Chinese government's censorship and surveillance policies, said the report by Nart Villeneuve, a fellow at the Citizen Lab. The captured messages contain keywords relating to topics considered sensitive to the Chinese government such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
Villeneuve was able to view, download, and archive millions of private communications, ranging from business transactions to political correspondence, along with their identifying personal information, according to the report.
Besides being driven by keywords, the surveillance system may also be capturing messages using other criteria, such as user names, the report said.
A Skype spokeswoman said in an e-mail statement on Thursday that the security flaw had been fixed, after Skype informed Tom about the flaw. The flaw did not affect the vast majority of Skype users outside of China, she added.
Tom Group did not not respond to an e-mail requesting its comments on the new report.
The idea that the Chinese government might be monitoring communications in and out of the country shouldn't surprise anyone, and in fact, it happens regularly with most forms of communication such as e-mails, traditional phone calls, and chats between people within China and between people communicating to people in China from other countries, the spokeswoman said.
more info-->>Skype messages being monitored in China, group says - Network World
No comments:
Post a Comment