JR01-2008 BREACHING TRUST
We are very pleased to introduce the rst Inormation Warare Monitor/ONI Asia jointreport,
Breaching Trust: An analysis of surveillance and security practices onChina’s TOM-Skype platform
, written by Nart Villeneuve, Psiphon Fellow, the CitizenLab, Munk Centre or International Studies, the University o Toronto.
Surveillance is a practice oten shrouded in secrecy. Although many people may be vaguely awarethat governments and corporations regularly engage in surveillance (indeed, oten in collusion) it isa practice that is dicult to identiy and document directly. Not surprisingly, thereore, surveillancepractices are oten the subject o speculation and conspiracy theories. Our lives today are surroundedby mediated communications, serviced by third parties and private entities, sent through channelsthat pass through multiple political jurisdictions, each step o which oers an opportunity or sur-veillance. Can we rely on the assurances o the service providers and technology companies who tellus they are secure and private? Should we trust the assurances o a well-known global brand?The ndings unearthed and documented by Nart Villeneuve in
suggest that we cannot.Here we have a major sotware tool used to make telephone calls and send instant messages over theInternet, advertising secure end-to-end encryption, and widely touted by activists and dissidents asa sae way to communicate sensitive inormation, logging sensitive keywords and uploading entiretranscripts o conversations to servers in China, which themselves are insecure. How insecure?Villeneuve was able to view, download, and archive millions o private communications, ranging rombusiness transactions to political correspondence, along with their identiying personal inormation.Although some have mooted that Skype is equipped with a backdoor or intelligence, and thatTOM-Skype in particular contained a Trojan Horse or the Chinese government, the company publiclydenied these suspicions. Villeneuve’s research denitively shows these denials are untrue. AlthoughVilleneuve’s trail runs cold at the doorstep o eight TOM-Skype servers in China, the underlying pur-pose o such widespread and systematic surveillance seems obvious. Dissidents and ordinary citizensare being systematically monitored and tracked.While there have been other recent revelations o corporate complicity in China’s censorship andsurveillance regime – the Yahoo case involving Shi Tao and others comes to mind — the acts laid outin
are o such massive proportions that these other cases pale in comparison.The lessons to be drawn rom this case are numerous and issues o corporate social responsibilitywill be raised. I there was any doubt that your electronic communications – even secure chat – canleave a trace,
will put that case to rest. This is a wake up call to everyone who hasever put their (blind) aith in the assurances oered up by network intermediaries like Skype. Declara-tions and privacy policies are no substitute or the type o due diligence that the research put orthhere represents.
Director, the Citizen Lab, Munk Centre or International Studies, University o Toronto.
Principal, The SecDev Group, Ottawa, Canada.