CNET también está disponible en español.

Ir a español

Don't show this again


Skype: We didn't know about security issues

The company's president says he knew its Chinese partner filtered messages, but he was unaware that it was storing personal information in an insecure way.

Skype's president said that the company was largely unaware of a major security breach affecting Skype users in China.

In a blog published Thursday, Josh Silverman, Skype's president, explained he did not realize that TOM-Skype, Skype's partner in China, was logging and storing users' instant messages that were deemed offensive by the Chinese government.

He said the company knew that instant-messaging chats were monitored by the government, as all communications in China are. And he explained that Skype disclosed this to users in 2006, explaining that a text filter was being used to block certain words in chat messages. But he added that his understanding was that messages deemed unsuitable were "simply discarded and not displayed or transmitted anywhere."

"It was our understanding that it was not TOM's protocol to upload and store chat messages with certain keywords," he writes in the blog. "And we are now inquiring with TOM to find out why the protocol changed."

Earlier this week, Canadian researchers at the Citizen Lab at the University of Toronto published a report in which they said that "TOM-Skype was censoring and logging text chats that contain specific, sensitive keywords and may be engaged in more targeted surveillance."

The report also said the service was logging and capturing millions of records that include personal information and contact details for any text chat and voice calls placed to TOM-Skype users, including calls from Skype users. In addition, TOM was storing this information in a way that was inadequate in protecting the privacy of TOM-Skype users, the report said.

Silverman said that once Skype became aware of the problem it contacted executives at TOM, and the security issue regarding stored personal information has been resolved. But he also noted the company's concern that TOM has been storing this information.

"We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach," he said. "In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM."

Silverman pointed out in his blog that TOM, like all other ISPs in China, is required by the Chinese government to monitor all communication. And he said it is "common knowledge that censorship does exist in China." Keywords that triggered action included words related to Taiwanese independence, the banned religious group Falun Gong, and political opposition to the Chinese Communist Party.

But he tried to reassure Skype users that Skype's computer-to-computer voice calls are completely secure.

"(The security breach) does not affect communications where all parties are using standard Skype software," he said. "Skype-to-Skype communications are, and always have been, completely secure and private."