Wednesday, October 22, 2008

China’s TOM-Skype Platform Analysis

Earlier this month Nart Villeneuve and the Information Warfare Monitor released an interesting joint report titled BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform. Villeneuve is CTO of psiphon inc and the psiphon research fellow at the Citizen Lab, Munk Centre for International Studies, University of Toronto. His research focuses on International Internet censorship and the evasion tactics used to bypass Internet filtering systems.

In the report Villeneuve takes a look at confidentiality and security issues with TOM-Skype, the Chinese version of Skype. If you are not familiar with Skype, it is a software application users download and install on their computers. Once installed it allows users to make free computer-to-computer voice calls over the Internet. In 2004, Skype connected with TOM Online, a large wireless provider in China. The two companies put together a Chinese version of Skype called TOM-Skype and released it to the Chinese public.

Shortly after TOM-Skype’s release in 2006, human rights groups started to question the applications security practices, and several accused the company of censoring chat. Here’s a piece from Villeneuve’s report:

Human rights groups criticized Skype, suggesting that the company was “legitimizing China’s system of censorship”, while others suggested that TOM-Skype contained Trojan horse capabilities that could be used for surveillance by the Chinese Government.

Skype responded to those criticisms stating:

The text filter does not affect in any way the security and encryption mechanisms of Skype.

Full end-to-end security is preserved and there is no compromise of people’s privacy.

Calls, chats and all other forms of communication on Skype continue to be encrypted and secure.

There is absolutely no filtering on voice communications.

Skype also said that censored messages are simply discarded and not displayed or transmitted anywhere. Villeneuve’s current report challenges these statements, documenting and questioning the security practices of TOM-Skype. Major findings from his report include:

The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.

These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.

The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.

Analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.

The report is both upsetting and fascinating. It includes a technical section describing how Villeneuve believes the content is being censored and logged and how security and privacy are being breached. In the report forward Villeneuve says:

The lessons to be drawn from this case are numerous and issues of corporate social responsibility will be raised. If there was any doubt that your electronic communications – even secure chat – can leave a trace, Breaching Trust will put that case to rest.

This is a wake up call to everyone who has ever put their (blind) faith in the assurances offered up by network intermediaries like Skype. Declarations and privacy policies are no substitute for the type of due diligence that the research put forth here represents.

This is an excellent case study that could be used (for example) in a networking, Internet security or policy course. The entire 16 page report can be downloaded in PDF format here.


Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

It's worth reading Skype President Josh Silverman's comments on the security breach, which address some of the concerns raised by our users.