Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
69Activity
0 of .
Results for:
No results containing your search query
P. 1
Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform

Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform

Ratings:

4.67

(12)
|Views: 3,006 |Likes:
Published by The SecDev Group
The report reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype, marketed by the domestic Chinese company TOM Online. TOM-Skype routinely collects, logs and captures millions of records that include personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform.

These findings raise key questions. To what extent do TOM Online and Skype cooperate with the Chinese government in monitoring the communications of activists and dissidents as well as ordinary citizens? On what legal basis is TOM-Skype capturing and logging this volume and detail of personal user data and communication, and who has access to it?
The report reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype, marketed by the domestic Chinese company TOM Online. TOM-Skype routinely collects, logs and captures millions of records that include personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform.

These findings raise key questions. To what extent do TOM Online and Skype cooperate with the Chinese government in monitoring the communications of activists and dissidents as well as ordinary citizens? On what legal basis is TOM-Skype capturing and logging this volume and detail of personal user data and communication, and who has access to it?

More info:

Published by: The SecDev Group on Mar 27, 2009
Copyright:Attribution Non-commercial No-derivs

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF or read online from Scribd
See more
See less

05/10/2014

pdf

 
 JR01-2008
 Joint Report
Information Warfare Monitor ONI Asia
BREACHING TRUST:
http://www.inowar-monitor.net/breachingtrust/ 
An analysis of surveillance andsecurity practices on China’sTOM-Skype platform
Nart Villeneuve, Psiphon Fellow, the Citizen Lab
 
2
 JR01-2008 BREACHING TRUST 
October 1, 2008
Author Bio
Nart Villeneuve
is the CTO o psiphon inc and the psiphon research ellow at theCitizen Lab, Munk Centre or International Studies, University o Toronto. He is agraduate o the University o Toronto and the ormer Director o Technical Researchat the Citizen Lab where he analyzed the Internet ltering policies o over ortycountries as part o the OpenNet Initiative (ONI). Nart is also a senior researchassociate at the Inormation Warare Monitor. His research ocuses on Internetcensorship around the world as well as the evasion tactics used to bypass Internetltering systems.
Projects
The Inormation Warare Monitor
is a joint project o The SecDev Group, and the Citizen Lab, atthe Munk Centre or International Studies, University o Toronto.
http://www.inowar-monitor.netONI Asia
is a sub-project o the OpenNet Initiative, ocusing on censorship and surveillance in theAsia region, unded by IDRC Canada, and executed by the SecDev Group.
http://www.idrc.ca/panasia/ev-120961-201-1-DO_TOPIC.htmlThe OpenNet Initiative
is a collaborative partnership o our leading academic institutions: theCitizen Lab at the Munk Centre or International Studies, University o Toronto, Berkman Center orInternet & Society at Harvard Law School, the Advanced Network Research Group at the CambridgeSecurity Programme, University o Cambridge, and the Oxord Internet Institute, Oxord University.
http://opennet.netThe Citizen Lab
is an interdisciplinary research and development laboratory based at the MunkCentre or International Studies, University o Toronto, ocusing on the Internet, global security, andhuman rights.
http://citizenlab.orgThe SecDev Group
is an operational “think tank” based in Ottawa, Canada ocusing on emergingsecurity issues including new media and inormation warare.
http://secdev.com
 
3
 JR01-2008 BREACHING TRUST 
Foreword
We are very pleased to introduce the rst Inormation Warare Monitor/ONI Asia jointreport,
 Breaching Trust: An analysis of surveillance and security practices onChina’s TOM-Skype platform
, written by Nart Villeneuve, Psiphon Fellow, the CitizenLab, Munk Centre or International Studies, the University o Toronto.
Surveillance is a practice oten shrouded in secrecy. Although many people may be vaguely awarethat governments and corporations regularly engage in surveillance (indeed, oten in collusion) it isa practice that is dicult to identiy and document directly. Not surprisingly, thereore, surveillancepractices are oten the subject ospeculation and conspiracy theories. Our lives today are surroundedby mediated communications, serviced by third parties and private entities, sent through channelsthat pass through multiple political jurisdictions, each step o which oers an opportunity or sur-veillance. Can we rely on the assurances o the service providers and technology companies who tellus they are secure and private? Should we trust the assurances o a well-known global brand?The ndings unearthed and documented by Nart Villeneuve in
 Breaching Trust 
suggest that we cannot.Here we have a major sotware tool used to make telephone calls and send instant messages over theInternet, advertising secure end-to-end encryption, and widely touted by activists and dissidents asa sae way to communicate sensitive inormation, logging sensitive keywords and uploading entiretranscripts o conversations to servers in China, which themselves are insecure. How insecure?Villeneuve was able to view, download, and archive millions o private communications, ranging rombusiness transactions to political correspondence, along with their identiying personal inormation.Although some have mooted that Skype is equipped with a backdoor or intelligence, and thatTOM-Skype in particular contained a Trojan Horse or the Chinese government, the company publiclydenied these suspicions. Villeneuve’s research denitively shows these denials are untrue. AlthoughVilleneuve’s trail runs cold at the doorstep o eight TOM-Skype servers in China, the underlying pur-pose o such widespread and systematic surveillance seems obvious. Dissidents and ordinary citizensare being systematically monitored and tracked.While there have been other recent revelations o corporate complicity in China’s censorship andsurveillance regime – the Yahoo case involving Shi Tao and others comes to mind — the acts laid outin
 Breaching Trust 
are o such massive proportions that these other cases pale in comparison.The lessons to be drawn rom this case are numerous and issues o corporate social responsibilitywill be raised. I there was any doubt that your electronic communications – even secure chat – canleave a trace,
 Breaching Trust 
will put that case to rest. This is a wake up call to everyone who hasever put their (blind) aith in the assurances oered up by network intermediaries like Skype. Declara-tions and privacy policies are no substitute or the type o due diligence that the research put orthhere represents.
Ron Deibert,
Director, the Citizen Lab, Munk Centre or International Studies, University o Toronto.
Raal Rohozinski,
Principal, The SecDev Group, Ottawa, Canada.

Activity (69)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
cfleee liked this
Ahmad liked this
myownservice liked this
sazalina liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->