Evidence of Skype Monitoring in China

By Michael Santo
Editor-in-Chief, RealTechNews

Shades of the “Great Firewall of China.” But rather than blocking of outbound Internet access to certain, er, sites China would prefer its populace to avoid, what has been found is monitoring of Skype usage.

A report (.PDF) by researchers at Citizen Lab, a research group that focuses on politics and the Internet at the University of Toronto, has the following major findings:

• The full text chat messages of TOM-Skype users, along with Skype users who havecommunicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting information is uploaded and stored on servers in China.

• These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.

• The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.

• Analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

The investigation revealed found eight servers that are part of the TOM-Skype surveillance network. Researchers also found one server hosting a special version of TOM-Skype designed for use in cybercafes. Given this, researchers asked the following question:

To what extent do TOM Online and Skype cooperate with the Chinese government in monitoring the communications of activists and dissidents as well as ordinary citizens?

Cooperation by U.S. corporations with the Chinese government has been highlighted previously, including the infamous incident in which Yahoo! turned over data to China, which resulted in the jailing of a Chinese dissident.

For those who don’t know, Skype is a popular VOIP software program that lets users make free P2P calls over the Internet. In 2004 Skype formed a relationship with TOM Online, a leading wireless provider in China. TOM-Skype is a special version of the software for use in China, and while by 2006 it was clear that TOM-Skype was censoring text chats, it wasn’t clear that monitoring was also in play. eBay purchased Skype in 2005.

The report states that researchers analyzed content filter log files containing censored messages from August and September 2008. The log files contained 166,766 unique messages from 71,237 unique IP addresses and 44,254 unique usernames. After removing messages with English language obscenities, the remaining 102,196 messages we looked at.

Of the 96,499 messages that were successfully translated with machine translation, the top five offending phrases were:

• Communist, 15,156 messages (15.71%)
• Communist Party, 12,446 messages (12.90%)
• Falun, 6,744 messages (6.99%)
• Hu Jintao, 3,331 messages (3.45%)
• Taiwan Independence, 2,363 (2.45%)

So, over 1/4 of the messages logged contained a reference to Communism in one sort or another.

Researchers first noted the monitoring when Nart Villeneuve, a senior research fellow at Citizen Lab, began using an analysis tool to monitor data that was generated by the TOM-Skype software. It should also be noted that international conversations were monitored as well, meaning that users with standard Skype software communicating with those with TOM-Skype software are at risk of monitoring, too.

The appendix of the above-linked report shows just how researchers were able to access logs, etc. to determine monitoring, BTW. It was pretty simple, and leads to further questions about security of the TOM-Skype servers — but that’s another story.

Update: In a blog post, Skype President Josh Silverman said that Skype had no knowledge of the monitoring:

In April 2006, Skype publicly disclosed that TOM operated a text filter that blocked certain words in chat messages, and it also said that if the message is found unsuitable for displaying, it is simply discarded and not displayed or transmitted anywhere. It was our understanding that it was not TOM’s protocol to upload and store chat messages with certain keywords, and we are now inquiring with TOM to find out why the protocol changed.

We also learned yesterday about the existence of a security breach that made it possible for people to gain access to those stored messages on TOM’s servers. We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach. In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM.

It’s important to remind everybody that the issues highlighted in yesterday’s Information Warfare Monitor / ONI Asia report refer only to communications in which one or more parties are using TOM software to conduct instant messaging. It does not affect communications where all parties are using standard Skype software. Skype-to-Skype communications are, and always have been, completely secure and private.