Skype President Addresses Chinese Privacy Breach
You may have seen some reports in the media about a security and privacy breach in the software provided by our Chinese partner, TOM Online. I’m writing to let you know where we stand, and what we’re doing to resolve the problem.
Some brief background: In China, TOM is the majority local partner in our joint venture that brings Skype functionality to Chinese citizens. The software is distributed in China by TOM and TOM, just like any other communications company in China, has established procedures to meet local laws and regulations. These regulations include the requirement to monitor and block instant messages containing certain words deemed “offensive” by the Chinese authorities.
It is common knowledge that censorship does exist in China and that the Chinese government has been monitoring communications in and out of the country for many years. This, in fact, is true for all forms of communication such as emails, fixed and mobile phone calls, and instant messaging between people within China and between China and other countries. TOM, like every other communications service provider operating in China, has an obligation to be compliant if they are to be able to operate in China at all.
In April 2006, Skype publicly disclosed that TOM operated a text filter that blocked certain words in chat messages, and it also said that if the message is found unsuitable for displaying, it is simply discarded and not displayed or transmitted anywhere. It was our understanding that it was not TOM’s protocol to upload and store chat messages with certain keywords, and we are now inquiring with TOM to find out why the protocol changed.
We also learned yesterday about the existence of a security breach that made it possible for people to gain access to those stored messages on TOM’s servers. We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach. In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM.
It’s important to remind everybody that the issues highlighted in yesterday’s Information Warfare Monitor / ONI Asia report refer only to communications in which one or more parties are using TOM software to conduct instant messaging. It does not affect communications where all parties are using standard Skype software. Skype-to-Skype communications are, and always have been, completely secure and private.
I passionately believe in Skype’s mission to enable the world’s conversations. Allowing the world to communicate for free empowers and links people and communities everywhere. Our challenge is to bring this valuable service to people all over, including China, while being transparent to our users and staying within the boundaries of the local laws. We are committed to meet this challenge.
Update: Josh answers some common questions about the privacy breach.