A group of Canadian activists have discovered a massive surveillance system on the Chinese Skype platform. In just two months, the researchers from Citizen Lab – an internet research division from the University of Toronto – noticed that the Ebay-owned servers archived more than 166,000 censored messages from 44,000 users. The Canadians were able to download copies of the censored data because they found a security hole in the Chinese computers.
I received an email from Ronald Deibert, the director of the Citizen Lab, containing the major findings of the study:
The full text chat messages of TOM-Skype users, along with Skype users who have
communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and
if present, the resulting data are uploaded and stored on servers in China.
- These text messages, along with millions of records containing personal information, are
stored on insecure publicly-accessible web servers together with the encryption key required to
decrypt the data.
- The captured messages contain specific keywords relating to sensitive political topics such
as Taiwan independence, the Falun Gong, and political opposition to the Communist Party
- Our analysis suggests that the surveillance is not solely keyword-driven. Many of the
captured messages contain words that are too common for extensive logging, suggesting
that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.
After Yahoo! and Google, also Ebay can be added to the list of large web companies who participate in Chinese censorship practices. Deibert and his colleague Rafal Rohozinski wrote in the foreword of the report: “This is a wake up call to everyone who has ever put their (blind) faith in the assurances offered up by network intermediaries like Skype. Declarations and privacy policies are no substitute for the type of due diligence that the research put forth here represents.”