Skype weighs in on Clinton's response to China Internet freedom

Skype wasn't a target of the recent attack on Google and thirty other companies. Google is considering leaving China, where they believe the attacks originated. The United States government has not adopted a position until today's speech by Hilary Clinton on Internet Freedom. Here is Skype's official response to the Secretary's speech. I'll comment below.

SKYPE LAUDS U.S. STATE DEPARTMENT FOR PROTECTING INTERNET’S FREEDOM TO CONNECT PEOPLE ACROSS BORDERS

WASHINGTON, January 21, 2010 – Skype, the global internet communications company whose mission is to enable the world’s conversations, applauds Secretary Clinton, her senior adviser for innovation, Alec Ross, the State Department and the U.S. government for embracing and defending the principles of freedom of expression, privacy, and the freedom to connect to the Internet, as well as for their use of Web 2.0 tools for 21st century statesmanship.

“Conducting international relations by encouraging online interaction is an example of the Internet’s power to change the way governments and people around the world engage as part of one global community,” said Staci Pies, Skype’s Director of Government and Regulatory Affairs. “Secretary Clinton’s concerted effort to transform the State Department’s role from traditional ‘government-to-government diplomacy’ to ‘people-to-people diplomacy’ is a clear recognition that more and more people around the globe are turning to technologies like Skype to freely connect with one another across borders and to increasingly facilitate diplomacy, interaction and understanding.”

It seems State heard Rebecca MacKinnon's guidance on how not to save the Internet by focusing on human rights to connect. How will these high minded aspirations become policy? Can we expect tariffs on goods from censoring countries? "This product made by people with a censored Internet" product labels?

tags: skype, clinton, china, freedomtoconnect, freedom, freespeech, us, usa

Call me at +1-510-316-9773, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private technologist roundtable, one of the longest running public Skype chats.

Skype Journal Glossary: Blocking

Blocking. Intentionally stopping Skype from working over a network.

Countries, internet service providers, and companies have blocked Skype. How do you block Skype?

1. At the edge, keep Skype clients limited or turned off through contracts or other controls. For example, AT&T Mobility forbids the use of Skype over its US cellular network. Some financial service enterprises forbid Skype as part of internal security measures.
2. In transit, make Skype ineffective by detecting Skype traffic on a network and slowing or stopping that traffic. You can buy software like NarusInsight to throttle or block Skype traffic.
3. Block the mothership, cut off Skype clients from Skype.com so they no longer download software updates, get help, manage accounts, or buy Skype credits. Etisalat, the UAE’s national ISP, blocks access to Skype.com. Many of the same tools used for censorship and for network operations and administration can also be used to block access to Skype.com or to block Skype traffic.
4. Last, governments can use market forces to restrict Internet access in general through pricing and taxes. When communicating over the Internet becomes a "sin", you apply a "sin tax" to reduce "bad" behavior. This is unconfirmed.

tags: skype, blocking, block, censorship, narus, narusinsight, etisalat, uae

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Q. What are the Skype TechPolicy issues?

I'm heading out to a technology public policy conference today. Tuning my ear to listen for new issues. Some already on the Skype plate...

• Mobile Carterfone – freedom to use the device of your choice on a mobile network
• Mobile Net Neutrality – US mobile carriers are blocking Skype voice calls from data services. See iPhone and Windows Mobile store policies written by carriers.
• Net Neutrality – ISPs banned Skype. Should that be OK?
• P2P Freedom – As Skype shows, p2p has legitimate uses yet copyright industry groups draft laws banning the technology.
• Rural Access – Skype users needs cheap, capacious, ubiquitous, expandable broadband to the home and office.
• Telco Antitrust – The big mobile, landline, and cable carriers are very profitable, even in a horrid economy. Evidence of undue market power?
• Privacy – The US government is funding research to intercept Skype calls and uncover your Skype contacts
• E911 – When does Skype become responsible for helping people call emergency services?
• Unwanted Attention – Telemarketing, spam, spim, spit – we hate it all. What is government's role?
• Carbon Footprint – Can Skype-like communication lower our personal and national environmental impact? What can Skype engineers do to lower it further?

See today's Free Press analysis Dismantling Digital Deregulation: Toward a National Broadband Strategy (pdf). DDD suggests the US:

• Review every major FCC decision since the 1996 Act and reverse those that failed to promote broadband competition, openness and access. Congress should aid this process with a series of oversight hearings.
• Develop a data-driven standard to identify local areas where broadband providers are abusing their market power, and use the tools in the 1996 Act to promote competition.
• Expand and codify the FCC's "Internet Policy Statement" into permanent Net Neutrality rules. Congress should pass a Net Neutrality law to place these protections in the Communications Act.
• Reclassify broadband as a "telecommunications service," which will allow the FCC to promote competition by reinstating open access rules where appropriate.
• Transition the Universal Service Fund from supporting telephone service to supporting broadband infrastructure. Congress should aid this transition through oversight and legislation to provide a clear path for FCC action.
• Produce an honest assessment of whether broadband is being deployed to all Americans in a timely fashion, as required by the 1996 Act.
• Conduct a thorough review of policies governing competition and pricing in the "special access" and "middle-mile" or "enterprise" markets -- the broadband lines that connect cell phone towers and local area networks to the Internet.
• Open more of the public airwaves to unlicensed use and promote shared spectrum for both low-power urban and high-power rural uses. Congress should instruct the FCC and the NTIA to identify spectrum that could be utilized.

Offline for a the afternoon, the better to pay attention and mingle.

tags: public policy, skype, carterfone, Mobile Net Neutrality, iPhone, apple, microsoft, netneutrality, p2p, fcc, access, broadband, monopoly, antitrust, privacy, e911, telemarketing, spam, spim, spit, deregulation, competition, openness, spectrum, NTIA

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

NGN IMS Forum continues making dump pipes smarter with billing interop

The Internet was designed to be dumb pipes with smarts at the edge. The telecommunications industry hates that. So the industry has been building smarts into the network with services like IMS (IP Multimedia Subsystem) since 1999. IMS is the phone industry's middleware between the transport layer (where data moves) and the application layer (where services like voicemail run on phone company servers). 

The Next Generation Network (NGN) and IMS Forum announced last Tuesday a new standards effort to inject IMS with business (billing, charging, policy control) and operations (provisioning, security, and reliability) services.  "The train has left the station; now we're jumping on the moving train" said the Forum's Michael Khalilian. The first deliverables are new functional requirements and architectural documents due later this year.

The telecom industry brought together Internet Protocol (IP) voice and data systems from regional phone companies, long distance carriers, mobile operators, cable companies, ISPs,  and others. Now that IP at the low end works, all the high end stuff is now a problem for interoperability, partnership and M&A.

Pulling together all this app functionality onto servers that live in phone company data centers will let carriers sell smartphone apps (think Apple + Skype + AT&T) and reconcile costs and revenue (walled garden 2.0). These IMS services will also replace the "best effort" approach of the Internet with the "quality of service" for streaming audio and video.

This project will be closed, limited to members of NGN IMS Forum, but you can email admin@imsforum.org for access to the listserv. 

So, my take:

1. Control. Telcos want to own the whole value chain. IMS is the walled garden's map. These extensions to IMS pull control over customer experiences, business models, and functionality from developers to carriers, from the application layer to the control layer.
2. Monetization. These particular standards will be used to meter every last bit customers use. After deployment, you won't be able to use "unlimited broadband" and "flat rate" in the same sentence.
3. Privacy. While intended for inter-service interop, there's a surveillance society element to this. Social consequences are not on the agenda.

Meanwhile, folks like Skype are building "over the top" services running on the edge, independent of pipes made smarter by NGN or IMS.

 

News release:

IMS Forum^® Launches BSS/OSS & Security Technical Working Group

To Establish Architectural Requirements for NGN BSS/OSS and Security

in Real-time Service Environments

Las Vegas, NV– April 14, 2009 -- The NGN and IMS Forum^®, the only industry associations dedicated to interoperability and certification of IP Multimedia Subsystem (IMS) and Next Generation Network (NGN) applications and services, announced today at the Billing & OSS World Conference & Expo the creation of its BSS/OSS & Security Technical Working Group.

The working group will help guide industry momentum for an integrated BSS/OSS framework to enable cost-effective transition to IMS/NGN environments. NGN IMS Forum members have demonstrated billing interoperability in the past six Plugfests™ and through commercial deployments. This new working group will focus on the billing and charging, policy control and security functions required by service providers to capture the value promised by NGN networks. HP will chair the working group with support from vice-chairs, Comverse and Mu Dynamics. Other industry leaders such as, Acision, Aricent and Tekelec are also founding members.

“We have learned through the course of our last 6 Plugfests that billing OSS and security play an integral role in the successful implementation of integrated communications services utilizing NGN and IMS,” said Michael Khalilian, Chairman and President NGN and IMS Forum. “We look forward to including the input from this Technical and Business Working Group in our Plugfest 7 interoperability test event and in future Plugfests.”

“Service providers can re-use existing resources, lower costs, and increase revenue opportunities through an integrated BSS/OSS," said Nigel Upton, Director, Communications and Media, Solutions, HP. "With interoperability already demonstrated, our working group will strengthen the business and technical foundation that service providers need for a smooth transition to IMS and next-generation services.”

The Working Group will develop guidelines on the business and technical aspects of BSS/OSS and security in IMS and NGN services and will define the architecture and requirements for network interoperability and reliable real-time IP service application deployment. It will focus on the operational and management of converged IMS/NGN applications and services delivered over wireless (3G, LTE), wireline (DSL, optical) and cable broadband. The group will ensure that converged applications and services will have timely and complete support from provisioning, billing and management systems. A whitepaper describing BSS/OSS considerations of NGN will be the group’s first deliverable and is planned by mid-year. 

“This working group underscores the importance of ‘smart monetization’ approaches in creating successful business models to leverage the full potential of Next-Generation Networks,” said Gabriel Matsliach, General Manager, Billing & Active Customer Management at Comverse, who will serve as the Group’s vice chair. “The group will draw on our experience in supporting any combination of network, service and payment types, including true quad-play offers.”

“As a two-year veteran of the IMS/NGN Forum and their Plugfest events, Mu Dynamics is pleased to see the increased industry interest in secure Next-Generation Network deployments that prevent unexpected weaknesses in real-time networked applications,” said Adam Stein, vice president of Marketing for Mu Dynamics who will also serve as the group’s vice chair. “Many of our operator and vendor clients play an integral role in this important ecosystem with a high percent of their revenue dependent upon resilient, reliable and secure product development and continuous service deployment.”

About Plugfest 7

IMS OSS/BSS & Security Working Group will be an integral part of the IMS Forum’s Plugfest™ 7 interoperability test that will take place in June 1-5, 2009 at the InterOperability Lab (UNH IOL) in Durham, NH.  Participation in NGN IMS Plugfest 7 is open to all companies. For online registration and info contact the forum at: info@IMSforum.org or visit event at www.NGNforum.org.

About the NGN Forum™ and IMS Forum^®

The NGN and IMS Forum are the only global telecommunications associations devoted to Next Generation Networks (NGN) service delivery and interoperable IP Multimedia Subsystem (IMS) services architectures and solutions. The Forum’s mission is to enable delivery of M-play™: rich multimedia, mobility and fixed services over wireline, cable, GSM, UMTS, Wi-Fi, WiMAX, LTE and fiber broadband networks. The Forum is the creator and organizer of the IMS Plugfests™ and NGN Plugfests™, the industry's only events focused on verification and certification of IMS and NGN service interoperability through the IMS Certified™ and NGN Certified™ programs.

Through organized Plugfests, technical working groups and other activities, Forum members develop cost-effective technical frameworks for revenue generating converged IP NGN solutions.  The combined organizations include over 2000 executives and technical, business development and marketing professionals from global and emerging equipment vendors, solution providers, integrators, service providers, and governmental agencies. For additional information or to join the NGN Forum, IMS Forum the IMS Plugfest, and/or the NGN Plugfest, please visit www.IMSforum.org or www.NGNforum.org.

tags: ngn, ims, plugfest, gsm, umts, wi-fi, wifi, wimax, lte, ngnforum, imsforum, bss, oss

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Skype's Crypto Revolution

Mass encryption. 1.15 billion downloads. Hundreds of millions of people are using Skype's strong cryptography to talk. Encrypted for the very first time. Thanks to Skype. This is a notable achievement.

The last successful mass distribution of cryptography was SSL (secure sockets layer). Browsers alert you are talking securely to a web site by the little closed padlock icon. SSL let the world feel safe to share secrets. Banking. Taxes. Voting. Medical records. Divorce. School.

Skype's encryption gives people the same freedom to talk.

Most people don't know Skype safeguards their calls. There is no "padlock" to show that the other people in your conversation are also using secure Skype clients.

America's "founding fathers" would have liked cryptography a lot.  They would have viewed it as protected under the Second Amendment where "the People" are guaranteed the right to bear arms, not just for personal defense (which was obvious to them), but also because politicians prefer unarmed peasants. An unarmed populace is much easier to dominate. And so is a populace without the ability to have privacy.

— Hudson Barton

What data does Skype keep?

Clearly Skype has call records from SkypeIn and SkypeOut, so they can bill for time according to their tariffs and charge appropriate taxes. They also have records of when you log in through a client or the web to the authentication service.

Skype may keep a copy of the material in your account that's backed up onto Skype servers (profile, contacts, history, preferences like call forwarding). However that data may be encrypted so Skype wouldn't have the burden of sharing the data under a subpoena or be exposed to financial risks in the event of a security breach.

While it's not impossible for Skype to have engineered tattle-tale features into the client, reporting on p2p activity, there is no evidence of spyware in research done by independent researchers or by anyone else.

Skype has compelling business interests to assure customer privacy. Unless you're from China, you don't load Skype with the assumption your government, your employer, your priest, your ex's private detective, your insurance company, your political party, your local police department, or anyone else has the ability to know who you talk with or what you say to each other. You trust your phone company and Skype to keep your confidences as much as physically and legally possible. Unlike your phone company, Skype has done more to encrypt conversations.

Skype is legally better off not keeping any data it does not absolutely need to keep. And there is no technical reason for Skype to keep a log of your in-Skype-network chats or calls.

Power, Freedom And Money: Skype, Apple, and the Carriers

Power, Freedom And Money

View more presentations from evanwolf.

My thoughts on Skype's political strategy at CTIA 2009. It builds on my Monday post, Apple, AT&T hobble Skype for iPhone 3 Ways (Skype Journal), Robert Miller's Is Deutsche Telekom playing an April's Fool joke at the expense of Skype users in Germany? (Skype), Rob Topolski's AT&T Quietly Updates its Wireless Plans (Public Knowledge), Lesley Cauley's Skype's iPhone limits irk some consumer advocates (USA Today).

Maybe a three minute read, flip quickly Lessig style.

del.icio.us tags: skype, apple, iphone, att, regulation, carterfone.

Call me at +1-510-455-4384, Skype me, follow @skypejournal and @Phil Wolff.
Visit our Skype Journal private roundtable, one of the longest running public Skype chats.

Freedom Wins Down Under

The Australian Communications Ministry's censorship scheme died in the senate today. Good on ya, Senator Nick Xenophon. Only you know if it was an open mind or reading the polls, but you stood up for civil liberties and the freedom to communicate against the Right Evil Stephen "Cleanfeed" Conroy.

Eurojust coordinating anti-Skype project

In response to evildoers trusting Skype encryption and police seeking more power, Eurojust, the Europe's Union's judicial cooperation unit, set three goals last week:

1. Overcome technical obstacles to intercept Skype calls
2. Overcome judicial obstacles to intercept Skype calls
3. Prevent criminals from using Skype

"Skype remains interested in working with Eurojust despite the fact that they chose not to contact us before issuing this inaccurate report," a Skype spokesperson told TechRadar.
Skype's Brian O'Shaughnessy told National Journal Online "It is unfortunate that Eurojust chose to release this inaccurate report without first contacting us. Skype has extensively debriefed Eurojust on our capabilities and programs. Skype cooperates with law enforcement where legally and technically possible."
Heise Online reports a "trojan is one of the solutions being discussed for intercepting internet telephony before it is encrypted." 
From the Eurojust news release:

NOTE: This is an update of the press release issued on Friday 20 February 2009. Some of the information in this press release was issued prematurely and is therefore incorrect, as there is not yet an official case reported to Eurojust.

Ms Carmen Manfredda, acting National Member for Italy, will take the lead in coordinating a Europe-wide investigation on internet telephony (VoIP).
At the request of Direzione Nazionale Antimafia in Rome, the Italian Desk at Eurojust will play a key role in the coordination and cooperation of the investigations on the use of internet telephony systems (VoIP), such as “Skype”. Eurojust will be available to assist all European law enforcement and prosecution authorities in the Member States. The purpose of Eurojust’s coordination role is to overcome the technical and judicial obstacles to the interception of internet telephony systems, taking into account the various data protection rules and civil rights.
Background
Criminals in Italy are increasingly making phone calls over the internet in order to avoid getting caught through mobile phone intercepts. Police officers in Milan say organised crime, arms and drugs traffickers, and prostitution rings are turning to Skype and other systems of VoIP in order to frustrate investigators. Skype's encryption system is a secret which the company refuses to share with the authorities. Investigators have become increasingly reliant on wiretaps in recent years. Customs and tax police in Milan have highlighted the Skype issue. They overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg drug consignment. Investigators are convinced that the interception of telephone calls have become an essential tool of the police, who spend millions of Euros each year tracking down crime through wiretaps of landlines and mobile phones.
Following a meeting with the judicial authorities in Milan, Italy, Ms Manfredda commented: “The possibility of intercepting internet telephony will be an essential tool in the fight against international organised crime within Europe and beyond. Our aim is not to stop users from taking advantage of internet telephony, but to prevent criminals from using Skype and other systems to plan and organise their unlawful actions. Eurojust will make all possible efforts to coordinate and assist in the cooperation between Member States”.

tags: skype, eu, europa, eurojust, police, mafia, privacy, security, events, voip, freedom

Tweet with Phil Wolff on @evanwolf, talk on FriendFeed, or Skype me to join the Skype Journal private chat room.
Follow @skypejournal on twitter

Evildoers trust Skype encryption, Cops seek more power

BBC News reports:

Officers in Milan say organised crime, arms and drugs traffickers, and prostitution rings are turning to Skype in order to frustrate investigators.

The police say Skype's encryption system is a secret which the company refuses to share with the authorities.

Investigators have become increasingly reliant on wiretaps in recent years.

http://en.wikipedia.org/wiki/Milan have highlighted the Skype issue.

They overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg (4.4lb) drug consignment.

So:

1. Get your friends to use Skype!
2. Police don't like to tap PCs – harder, more dangerous for officers.
3. Police should enjoy intercepting Skype Lite for mobiles and Skypephones since gateways run by Skype or iSkoot should be convenient and safe.
4. Police and intelligence agencies in the UK (explained more recently), Germany, the US,  and now Italy are trying to pressure the public to give them more surveillance power, using Skype's encryption as the pretext.
5. Word Of Mouth Works!

tags: encryption

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

NSFW: Skype, sex, and the sex industry

OK, all the sex stuff's a been a bit much. But I wanted to let you get a feel for yourself. 

We've never really covered Skype in the bedroom. So, in the run up to this weekend's Valentine's Day, I've been sharing first hand accounts from twitter and the blogosphere about Skype and sex.

I wanted to show the healthy, relationship-positive side to Skype and sex. So I went and found it.

In Skype Sex Will Turn Software Hard a college student explains how Skype video supports her long distance relationship with her boyfriend. And in The Dangers of Skype-Sex.. a true story a woman laughs about a hangnail injury during video sex with more casual lovers. Emiliey checks with two budding lovers did u have skype sex? because she heard a rumor.

When the phrase "phone sex" becomes "skype sex," you're hearing a cultural phenomenon go mainstream.

This is great for Skype.

Nearly every technology gets used for sex when it becomes

• cheap or free,
• reliable, and
• many people have access.

Skype is far past that tipping point.

What attracts lovers to Skype are the very things that make Skype attractive to a grandmother vidding her grandkids. Free, high audio quality, video quality at full screen, chat and presence for arranging calls, agile bandwidth management, privacy, and interruption management.

The bedroom is the last part of the home to get technology, and Skype is winning its way through that door.

Downsides.

• Skype Spam. I'm tired of sex spam in Skype chats, IM adverts for webcam sex sites. Beyond the rude interruptions of SPIM (messaging spam), they cheapen the world's perception of my favorite conversation channel.
• Skype Prime limits. Skype forbid selling "adult, sexual or pornographic" services through its Skype Prime terms of service.  Skype's own brand is cute and wholesome. Prime's beta protects that image and avoids criminal issues by keeping the service family friendly.
• Harassment. Women often "decline to state" their sex in Skype profiles. This sometimes prevents unwanted attention. Dina Mehta's landmark report, SkypeMe Eve, showed the dramatic difference between the number of stranger approaches received by men and women.

Opportunity.

I occasionally follow adult industry information technology. In many respects they lead the Internet by a year or two.

• They drove the inventions of payment systems for phone calls and for Internet commerce, long before Skype Prime, PayPal and Amazon.
• They drove innovation in video distribution and cheap video production back in the VHS days and later in the early webcam and pre-torrent download days.
• They pioneered bandwidth management and traffic analysis.

If you talk with young adult performers today, so many of them have sysadmin skills and talk about Ruby on Rails and CDNs and SEO and all the other geekery that boosts the right traffic, keep operations up, and keep site costs down.

Skype's technology doesn't offer the right connections for integration into today's commercial sex services. Skype would need to offer:

• Pseudonymity. Privacy is important in commercial sex services.
• Voice, video, and IM gateways. To pipe video between Skype users and the hosted media-stream management systems that route stored and live video.
• Payment system integration. So you can pay, confidentially but reliably, with Skype credits.

Talking dirty pays well, as you'd expect in an US$18 billion industry. I expect to see the Skype network interop with adult businesses as the technologies and markets mature. If landline and mobile phone companies, ISPs, web hosting and payment services do business with adult service providers, why not Skype?

People using Skype for sex among themselves affects the sex industry. It raises expectations for quality and personal engagement. It lowers expectations for cost and redefines speed and convenience of setting up a video call. Perhaps most important: Skype sex is market evidence that adult IT providers trust, spurring entrepreneurship in two-way video chat technology.

Summing up.

So people's love lives are joining the rest of their onlives. And Skype is just the latest utility to bring people closer together. Saint Valentine would be proud that Skype serves Cupid.

Have a lovely Valentine's Day weekend. Skype someone you love.

tags: skype, sex, love, valentinesday, usage, video

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

China requires real names of online gamers

Online gamers have to give real names (China Daily), eroding the privacy that comes with anonymity and pseudonymity. How long until TOM-Skype is required to compel its users to give up their identities too?

Anonymous communication is a right. It allows political free speech. It protects people who blow the whistle on evil. It lets people call for help without retribution. It empowers people to explore their wild sides. Privately.

So anonymity in Skype is important. Skype users can be anonymous on Skype up to the point they spend money. Will Skype comply when China asks for your real name? Will Skype require TOM-Skype users to give real names too?

That's Skype's next moral challenge.

tags: skype, china, tom-skype, privacy, security, freedom, identity, id, regulation, anonymity, pseudonymity

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

photo: Scott Beale / Laughing Squid

die... now

tags: skype, spim, spam, spit

Talk with Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

Would you trust Skype with your vote?

I've been wracking my brain for the defining Skype moments of 2008.

It comes down to Skype's identity. The marketing, psychology, defining oneself sense; not the login, badge sense.

Brand marketers may talk of lovemarks, but trust comes before love. We trust Coke products to be Coke-like in taste, feel, fragrance, color, and packaging, for example. We trust products not to hurt or endanger us (unless you're into that kind of thing). We trust brands to keep their promises.

The people of Estonia trust their electronic voting systems with the fate of their nation. In a country that recently survived cyberwar, that's a lot of trust.

Estonia conducts elections online.  Building on successes in 2005 and 2007 they recently approved voting with mobile phones by 2011. The Estonian National Electoral Committee (VVK) will provide SIM chips to Estonian voters for free. The special chips from AS Sertifitseerimiskeskus (SK) will authenticate voters and keep vote transmissions secret using public key encryption.

Would you trust Skype's technology and Skype's business with your vote?

If you asked me in 2007, I'd have said yes. Skype's brand promises privacy and safety. Outside security experts applauded Skype's authentication, strong encryption, and ability to bypass most obstacles. Skype is an eBay company (though few people know this) and borrows some of our trust of eBay and PayPal.

I'm unsure now, as 2009 starts.

Skype's technology is strong but incomplete. Skype's encryption is end-to-end, from Skype client to Skype client. Nobody can listen in. So the weak points are the end points: a user's PC or Skype-enabled device and the gateway to the the voting system. Secure those end points and you'd have a pretty secure system.

That's not the whole story, though. We learned in 2008 that Skype shared a copy of their desktop source code with the TOM-Skype joint venture in China. That includes Skype's authentication (proving who you are) and encryption (foiling eavesdroppers) code.

We don't know how many people, including TOM-Skype former employees, contractors, and members of Chinese security services, have access to that code. (Hypothetically, if I offer a $1000 bounty, would someone sell me a copy?) Many people have the means to interfere with an election conducted through Skype. Given time, we know a way finds itself in the hands of those with a will. 

Speaking of intent, let's return to the joint venture. Skype's founding executives traded code for access to China. China is now Skype's largest market. The new executive team tightened up operational security, minimizing unauthorized access to log files, surveillance, and source code.

Despite Skype's 2008 policy review, the original deal stands:

• TOM-Skype gets a copy of Skype's source code with each major release,
• TOM-Skype modifies the Skype software to comply with China's government agencies,
• TOM-Skype shares data collected with users with Chinese agencies,
• TOM-Skype does not disclose that privacy breach to customer before or after sharing. 
• Skyper's talking with a TOM-Skype users are surveilled like TOM-Skype users

This is the arrangement we know of. We don't know if Skype agreed to similar arrangements with, for example, EU law enforcement or USA intelligence agencies.

Landline and mobile phone companies have long given keys to their networks to law enforcement and communications intelligence agencies. We're accustomed to the rule of law applying to our phones. We hope, we assume, we believe, perhaps naïvely, that our phone company keeps our secrets.

It is sad to let go of those illusions regarding Skype.

So this goes back to Skype's brand promise of privacy and security.

Do you trust Skype? 

Would you trust Skype's corporation with your vote?

With your country? With your liberty and freedom?

I'm less certain.

 

photo: Coca-Cola Blāk by The Rocketeer

TOM-Skype Breach: Nart's Recommendations to Skype

This is the fourth and final of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

Having discussed some background to Nart's research, the activities of the Citizen Lab and answers to Phil's questions, Nart had a couple of recommendations for Skype going forward. As background, the Citizen Lab is a affiliated with the BerkmanCenter for Internet & Society's "Principles on Free Expression and Privacy" initiative"to protect and advance individuals' rights to free expression and privacy on the Internet through the creation of a set of principles and supporting mechanisms for ICT companies".

The goal of this project is:

Through the articulation of a broad set of common principles, the development of resources for implementation and a compliance structure, this collaborative effort is working to formulate an industry-wide response to guide businesses when they encounter laws and practices that may contravene international human rights standards or be at odds with law or culture in their home jurisdiction.

Participants in this project include Microsoft, Google, Yahoo along with several human rights organizations. It is hoped that having a joint industry-activist initiative would help companies avoid situations similar to the one which Skype has encountered in its TOM-Skype relationship.

Update: as I was writing this post today, a New York Times story on this initiative, now called the Global Network Initiative, broke and has more details.

An initial draft document (update: final document to be released tomorrow) is under review amongst the participants but Nart brought out three recommendations for Skype that would be consistent with the guidelines in the draft document:

1. Include in Skype and/or the TOM-Skype client, as appropriate, an ability to provide notification to all participants in a conversation that a contact is participating in the conversation via the TOM-Skype client. In effect, this could be included in a more general identification of the version of Skype that other participants in a conversation are using. The reasoning for the providing version information was to let other participants know, via the version number, which feature set a participant can use in their Skype client installation.
   
2. When a user types a message that is diverted via the TOM-Skype filter, a message, indicating that the recipient is missing content due to government regulations, comes back to the initiating party. For example: "To comply with local laws, this message has not been displayed to your contact." Often Nart found conversations where someone would type a message repeatedly when it was apparent the receiving party was not understanding the message being sent, yet the sender did not realize that the message was being filtered.
   
3. Become a participant in the Global Network Initiative and its dialogue.

The hope is that, through an industry-wide initiative, foreign companies entering the Chinese market would have more negotiating power and a protocol for addressing issues that are raised in the process of establishing a business relationship in countries where the climate for free expression and human rights is restrictive. In an Opinion piece today, Om has other thoughts on the morality of this approach.

Tags: TOM-Skype, Skype, Nart Villeneuve, Citizen Lab, Global Network Initiative

Powered by Qumana

great googly moogly

(have you seen non-sexual skype spam?)

TOM-Skype Breach: Answers to Phil's Questions from 2006 SJ Post

This is the third of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".
Two weeks ago Phil republished an April 2006 Skype Journal post with about sixteen questions related to the TOM-Skype security breach discovered by Nart. My interview provided answers to several of these questions but I ran them by Nart for more completeness, where an answer or response was feasible.
1. Is TOM only filtering chats where at least one of the callers' accounts were signed up by TOM Online?
A: One party must have the TOM-Skpe client installed. For example, if you (a normal skype user) sign in via a friends Tom_Skype client you'll be filtered. If you (tom user) sign in on a normal Skype client, you won't be filtered.
2. Will TOM filter chats if both parties are Chinese nationals but outside the PRC, say traveling in the US?
A: It is all dependent on which client software is installed. If you are using TOM-Skype you'll be filtered no matter where you are (although the degree to which you are filtered may be dependent on your IP address). TOM-Skype would definitely have the Call Detail Record associated with the call.
3. Is TOM only filtering conversations where at least one of the parties are using the custom [TOM-Skype] version of the Skype client written for the joint venture?
A: Yes
4. Will TOM filter conversations using the TOM client being used by non-PRC nationals who are outside of China?
A: Since you have a TOM-Skype client here, Yes.
5. Does TOM's contract with Skype provide for disclosure to Skype and Skype users when their information is provided to a government official? Not at this time.
A: I don't know. It would be nice to have a Chinese speaker read the EULA you agree to on the install.
6. Are records of what the filter does kept? If so, by whom? Does Skype have or keep copies of those records?
A: Yes: TOM-Skype’s servers: unknown.
7. Does the filtering mechanism use a list of keywords? If so, is the list public? May I have a copy? Who has the list? How often does it change?
A: There is an encrypted keyfile that the TOM-Skype client downloads that I believe contains the keywords. There are also a few entries from the keyfile hardcoded in skype.exe (TOM-Skype version)
8. Are the keywords only in Simplified Chinese or are they in other languages too?
A: All languages but 60% English and 40% Chinese for the majority of conversations. English appears to be swear words, Chinese appears to be political.
9. Is China the only country where Skype and Skype's partner have set up filtering? Have you done any testing for any other countries?
A: I haven't tested any others.
10. Do all Skype chats have the potential for a hidden participant, whether human or a robot? ??
A: I don't know.
11. Are filenames for transfer subject to filtering?
A: There are logged messages that are essentially the "this file was shared with participants of this conversation" message.
12. Are people's names among the keywords?
A: Possibly SkypeID's (but not real names), but also names of Chinese political people e.g. Hu Jintao
13. Are the content of files transferred via Skype also subject to filtering?
A: Unknown.
14.. Does Skype encrypt end-to-end the IMs that are subject to filtering? ??
A: Yes. TOM added an addition layer to the client that uploads the messages.
15. In a multiparty, multinational chat, can I as an American citizen have my text to a British subject filtered if someone from Shanghai is in that chat too?
A: I am not sure about it being filtered (such as not to be displayed in the recipient's chat window) but it can be logged.

16. Are audio conversations, where at least one party is in China, being listened to, filtered or recorded?

A: Only the Call Detail Record, there appears to be no interception of the voice stream.
17. Are all calls filtered, or only if users meet certain criteria, or are conversations selected for filtering randomly?
A: Other than the call detail record I don't have evidence that suggests the content of voice calls were being filtered or monitored, but I wouldn't rule it out as a possibility.
Bottom Line: If your chat conversation includes someone using TOM-Skype, you can assume there may be filtering of chat messages and/or logging of Call Detail Records. Conversations where all participants are using the normal Skype client cannot be filtered or logged.
Next post: Nart's recommendations to Skype.
Tags: Skype, Citizen Lab, Breaching Trust, TOM Online, TOM-Skype, Nart Villeneuve, china, privacy, security, regulation

Powered by Qumana

Monday reading

Gear

Cute. Minoru from Novo 3D stereoscopic webcam, works with Skype. Anthropomorphism intended. They may be competing with IPEVO at the CES I-Stage in Vegas this weekend.

CNET reviews the Sony PSP 3000 (black). Skype inside.

Nokia N810 WiMAX starts shipping in the US. Skype inside.

Business

3 orders a campaign for the new Skypephone S2 from glue London. Glue explains their approach. Online ads "Poke" and "Beard." 

Pike & Fischer predicts US may have 25 million Vonage-like households by 2010.

7300 Family Mart stores are selling Skype credit tokens throughout Japan.

Joonathan Mägi, Skype web front end team lead, now leads Edicy user interface development. More vested Skype alumni finding startup homes. CORRECTION: "web front end team lead", not "UI designer"

Freedom

UK Home Secretary to roll back privacy, blames Internet phone calls like Skype for crippled fight against terrorism

Life

Charleston, West Virginia, high school teacher Skypes her AP English class from home while recovering from injury.

Atlanta Journal-Constitution columnist lists Skype as one of five ways to use your PC to save money.

Slate's Barack Obama & John McCain Crank-Call Generator.

Dan Benjamin explains How to Record a Podcast with People in Multiple Locations. In short, talk on Skype, but record locally and mix together in post-production. Hardware recommendations for podcasters.

Communicating in military families. Skype one option among many.

TOM-Skype Breach: The Citizen Lab

This is the second of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

After discussing the report itself and some of the follow up activity, we went on to talk about The Citizen Lab, its mission and its activities. From their own website they are "focusing on advanced research and development at the intersection of digital media and world civic politics". Nart described their activity as research on the politics of technology.
Under the leadership of Professor Ronald Diebert, their activities are carried out by graduate students with an undergraduate degree in either computer science or political science who join the lab to build up expertise in the other discipline while carrying out their research. They explore issues using their strong understanding of technology to "lift the hood" behind various politically and/or economically motivated intervention of web-based information exchange by governments and other agencies.
Assisted by a worldwide network of volunteers and a check list of relevant websites, they can develop a sense of the content that governments are censoring. According to Nart, all governments do some form of surveillance but definitely not to equal levels of resulting actions. At one extreme one finds outright blocking of content but the UAE has economic motivation to block Skype to protect a local communications monopoly. Apparently the Saudis are most interested in blocking porn. China obviously allows "uncensored" content to pass through but we are aware that Skype Journal is often blocked.
They will look at filtering techniques used by various countries, the type of content being blocked and try to determine the "local" government's policy environment in which filtering is taking place. At this point in time most filtering addresses websites but gradually some countries are moving into screening applications (as we have seen with TOM-Skype). There is also "social filtering" censorship activity that involves blocking of porn, drugs and gambling.
At this point companies, such as Google, Microsoft and Yahoo, are modifying their products to address various "local" issues. For instance, Google has modified their process for enquiries from designated countries to "pre-filter" results delivered from their own servers in the U.S.. But then they put out a notification for "filtered" results with the wording for some search results: "to comply with local law, some results are not displayed". On the other hand Google will not offer GMail accounts with a ".cn" domain name and does not make Blogger available in China.
The Citizen Lab also participates in a broader effort to develop guidelines for Internet companies operating in China. But, given that has much broader implications, it will be the subject of another post.
Next post: Answers to Phil's Questions

Tags: Citizen Lab, censor, filter, Nart Villeneuve, Ronald Diebert

Powered by Qumana

TOM-Skype Breach: Meeting the Primary Investigator

This is the first of four posts resulting from an interview with Nart Villeneuve, principle investigator of the Citizen Lab report "Breaching Trust".

Last Tuesday afternoon I returned to a University of Toronto building I had last visited in its role as an engineering students' residence in the mid-1960's. Abandoned as a residence in the 1980's, the building was restored in the late 1990's to house the Munk Centre for International Studies, when the university's Centre for International Studies was designated as a strategic priority for future growth. In the basement of the former Devonshire Place South House, I found the Citizen Lab, "an interdisciplinary laboratory focusing on advanced research and development at the intersection of digital media and world civic politics".


I spent 90 minutes with Nart Villeneuve, the PhD student and Psiphon Fellow, who was the principle investigator resulting in the Citizen Lab's recently published "Breaching Trust: An analysis of surveillance and security practices of China's TOM-Skype platform". We covered a wide range of issues related to this report, from the initial contact with New York Times through to the follow up activities as a result of the report's release. We also discussed the broader mission of the Citizen Lab and some recommendations for how Skype should address the challenge of participating in the China market while making all parties aware that their conversation activity may be tracked.

Key points about the report and the follow up activity:

• A major issue to address in dealing with the media has been the confusion resulting because there is a need to separate out the security breach that allowed Nart to gather the data he has gathered and the functionality of the TOM-Skype servers resulting in the capture and logging of chat conversations and Skype calling activity. (There was no evidence of capturing voice calls themselves).
• As a result of reporting this breach prior to release of the document to New York Times, the security breach itself has been closed but there is no evidence that the actual information capture activity has ceased. Nart has been checking periodically to confirm that the security breach remains closed.
• There was a period of several hours between finally establishing contact with someone at Skype who could initiate action to address the security breach and the final close down of the breach. During this time Nart observed blocking of read access to the directories but since he knew the file names he was still able to follow a reconfiguration of the web servers, removal of sensitive files, such as an encryption key, and disappearance of the log files such that they were not accessible.
• While they have captured a significant quantity of call log data going back a year, they are being careful not to expose any of the detailed information which comprised both chat message logs and what amounts to call detail records for voice calls; more details are in the report itself. Basically they don't want to compromise anyone individually.
• While the log files are still under analysis, they have been encrypted while he continues to mine them for any additional information they may expose. Eventually it is his intention to destroy even these files.
• Messages were about 40% Chinese, 60% English with a small smattering of other languages.
• While it would be very difficult to reconstruct an entire conversation thread, as only each individual message was logged with no ready reference to other messages within the thread, they could build social graphs of conversing parties.
• There are at least two versions of the TOM-Skype client: a normal version and a second version with additional features such as a Baidu Toolbar; however, the promote.dll module in this can trigger off anti-virus scanners such as Norton.
• Other evidence that the servers had been compromised was the discovery that the servers were hosting "pirate" movies and had the appropriate software to support Bit Torrent transfers.

Nart had three definite recommendations for Skype; we also covered the broader issue of global enterprises doing business in China. These will be covered in future posts.
Next post: The Citizen Lab: Its broader mission and findings.
Tags: Skype, Citizen Lab, Breaching Trust, TOM Online, TOM-Skype, Nart Villeneuve, Munk Centre for International Studies

Powered by Qumana

Michael Robertson: Use Skype - Go Directly To A Chinese Prison

Reposted with permission from Michael Robertson's blog.

A research firm recently revealed that eBay and TOM are colluding with the Chinese government to spy on users of Skype. Together they monitored user's text chats and stored those containing politically sensitive topics like freedom, democracy, Tibet, opposition to the communist party and Falun Gong. They also track voice call participants. Presumably they turned this data over to the government and it's impossible to track how that data has been used.

“What people have been implicated by their Skype usage and subsequently interrogated, imprisoned or executed?”

If history can be a guide it's logical to assume that the data resulted in prison terms or worse. In 2005, Yahoo was involved in a similar disclosed incident in which it turned over emails to authorities which netted a 10 year prison sentence for a reporter who dared to talk about democracy. I wrote about it when it happened and questioned where one draws the line chasing the almighty dollar (or Yuan). Two years later Yahoo CEO Jerry Yang was in front of Congress explaining the situation and apologizing to the mother of the imprisoned.

In response to the revelation of spying on calls and instant messages a spokesman for Skype incredibly stated that Skype is "the most secure forum of publicly available communication." eBay points the finger at their Chinese partner TOM claiming they had "no knowledge or consent" of this privacy breach. This level of compromise requires access to source code which eBay would have had to provide them. Maybe eBay didn't have direct knowledge of these alterations. However no one can deny China's well known efforts to police and censor their citizens net activities which surely eBay executives know about. To provide the source code with no auditing or oversight shows at best a convenient excuse. One wonders how long this would have continued without the whistleblower and how many other countries Skype cooperates with to allow the same spying.

More likely at least some within eBay/Skype knew exactly what TOM was doing and consented because it gave them access to the enormous Chinese market. Its estimated that nearly half of Skype users are from China. This is why Cisco and others design special networking equipment enabling the Chinese government to snoop and lock down their country's net activities. Similar to Skype they are lured by the dollars awaiting any country that cracks the Chinese market.

I would call on eBay to be forthcoming with information on this situation by publicly disclosing details of this situation which will require tough questions of their partner and Chinese government. This would demonstrate that eBay's publicly stated "concern" is more than a press tactic. Specific questions eBay should answer include:

1. When did this spying start?
2. What users did it affect?
3. When specifically did it stop? Has it stopped?
4. What specific terms were monitored? (Users have a right to know if their messages have been implicated.)
5. What people have been implicated by their Skype usage and subsequently interrogated, imprisoned or executed?
6. What steps will be taken to defend these people or get their convictions overturned?
7. Has previously stored data been deleted? How can users be sure?
8. What will eBay do to insure that this spying isn't reactivated as soon as the press attention subsides?
9. What other companies and countries are monitoring Skype communications?
10. What auditing steps is eBay implementing to make sure this does not happen again?

Let me be clear about Gizmo5's policy and refute Skype's spokesman's claim that Skype is the "most secure". Gizmo5 doesn't spy on calls and messages and we wouldn't give that info to any government. We encrypt calls between Gizmo5 users and have given no one the decrypt key. We would not allow a partner or government to do wholesale monitoring of communications - no matter how many billions of prospective customers they have. If ordered to take action by a government that defies basic Western freedoms we would do it only under threat of imprisonment and the information would then be disclosed in this blog condemning the action and striving to defend any of those adversely impacted. I challenge eBay/Skype to do the same. Defend their users. Defend their brand. Defend freedom.

-- MR

Michael Robertson is an entrepreneur, co-founder of Linspire, SIPphone, and MP3tunes.

tags: skype, gizmo5, china, freedom, encryption, privacy, censorship

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: Questions from 2006

Reblogging this post from 19 April 2006.

The Financial Times' Alison Maitland scored an interview with Niklas Zennström that ran yesterday. In it Zennström confirms the TOM-Skype joint venture censors text messages on behalf of the Chinese government. He claims: "One thing that’s certain is that those things are in no way jeopardising the privacy or the security of any of the users."

I posed the following questions to Skype but they have no comment beyond trying to insulate Skype from responsibility.

"The Skype offering in China is actively managed by our joint venture in the country; TOM Online. Skype works hard to co-operate with local laws and regulations in all markets where we do business."

1. Is TOM only filtering chats where at least one of the callers' accounts were signed up by TOM Online?
2. Will TOM filter chats if both parties are Chinese nationals but outside the PRC, say traveling in the US?
3. Is TOM only filtering conversations where at least one of the parties are using the custom version of the Skype client written for the joint venture?
4. Will TOM filter conversations using the TOM client being used by non-PRC nationals who are outside of China?
5. Does TOM's contract with Skype provide for disclosure to Skype and Skype users when their information is provided to a government official?
6. Are records of what the filter does kept? If so, by whom? Does Skype have or keep copies of those record?
7. Does the filtering mechanism use a list of keywords? If so, is the list public? May I have a copy? Who has the list? How often does it change?
8. Are the keywords only in Simplified Chinese or are they in other languages too?
9. Is China the only country where Skype and Skype's partner have set up filtering?
10. Do all Skype chats have the potential for a hidden participant, whether human or a robot?
11. Are filenames for transfer subject to filtering?
12. Are people's names among the keywords?
13. Are the content of files transferred via Skype also subject to filtering?
14. Does Skype encrypt end-to-end the IMs that are subject to filtering?
15. In a multiparty, multinational chat, can I as an American citizen have my text to a British subject filtered if someone from Shanghai is in that chat too?
16. Are audio conversations, where at least one party is in China, being listened to, filtered or recorded?
17. Are all calls filtered, or only if users meet certain criteria, or are conversations selected for filtering randomly?

Skype's founders are not strangers to prickly questions of international law and corporate ethics. Their background with file sharing firm Kazaa left them very aware of the business and technology strategies available and their legal and social consequences. This is also a context where phone companies completely block Skype.com and Skype conversations.

Did the ethics conversation ever take place at Skype when they agreed to the Chinese joint venture?

Who was involved and was there a real debate?

And did eBay understand this situation before the acquisition?

See also:

• Jan in Malaysia: "The difference between Asia where Internet is seen as venue for free expression in Asia, unlike China. Thank god I live in Malaysia. Malaysia Boleh ! Wawasan 2020."
• Metafilter thread. "Oh dear, I had high hopes that Skype would hold out. Still, I guess they are telling us. Can anyone find the list of banned words in the TOM client?"
• China Herald: "But on a positive note, unlike Yahoo, Skype does not help to send their users to prison"
• 21talks: "And dear readers, the next time you want to give a call to the holy Dalai Lama, just say you’re trying to reach the smiling guy with glasses and a yellow head cap."
• IP Democracy: "Yeah, well, last I checked, the U.S. and Germany don’t lock up their journalists and throw away the key."

tags: skype, skypejournal, china, chinese, tomonline, tom-skype, filter, filtering, censorship, censor, blocking, ebay inc, ebayinc, ebay, skypetechnologies, policy, strategy, ethics, moral, legal, packetsniffing, surveillance

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter

TOM-Skype Breach: A Promise

Skype made a promise to its users from the very start. Here's a page on their web site, No adware, spyware or malware, where they make that promise to this day.

No adware, spyware or malware

Skype is totally safe from these pesky blighters.

Skype protects and maintains your online security and peace of mind. This means that it will not display unwanted and intrusive advertising, or allow any malware or spyware to operate.

• No adware – no intrusive adverts.
• No spyware – nothing logs your online activity.
• No malware – no programs that could adversely affect your computer.

What is adware?

Adware is a type of software that makes money by automatically delivering unwanted advertisements usually as pop-ups. Normally it is very hard, if not impossible, to turn off the adware causing the problem.

Because you always have the ability to turn advertising messages off on the Skype software, we believe Skype is free of adware.

What is spyware?

Spyware is a type of software that automatically installs itself on your computer, usually without your knowledge, and covertly collects and transmits data about your computer use. For example, spyware may monitor a user’s behaviour and pass on details of a their online activity (for example, their usernames or passwords) to a third party for use in identity theft and fraud.

Skype does not allow any spyware to be included.

What is malware?

Malware (or malicious software) relates to software that is designed to infiltrate or damage a computer operating system or other programs. These are often described as computer viruses, worms, or Trojan horses. They sometimes come combined with other software and load in the background.

Skype never allows any other programs to be installed unless you are clearly informed of their presence.

As of 6 October 2008.

tags: skype, adware, spyware, malware, brand, marketing, behavior

Follow Phil Wolff on Twitter or FriendFeed or on Skype.
Follow Skype Journal on twitter