JR01-2008
Joint Report
Information Warfare Monitor ONI Asia
BREACHING TRUST:
http://www.inowar-monitor.net/breachingtrust/
An analysis of surveillance andsecurity practices on China’sTOM-Skype platform
Nart Villeneuve, Psiphon Fellow, the Citizen Lab
2
JR01-2008 BREACHING TRUST
October 1, 2008
Author Bio
Nart Villeneuve
is the CTO o psiphon inc and the psiphon research ellow at theCitizen Lab, Munk Centre or International Studies, University o Toronto. He is agraduate o the University o Toronto and the ormer Director o Technical Researchat the Citizen Lab where he analyzed the Internet ltering policies o over ortycountries as part o the OpenNet Initiative (ONI). Nart is also a senior researchassociate at the Inormation Warare Monitor. His research ocuses on Internetcensorship around the world as well as the evasion tactics used to bypass Internetltering systems.
Projects
The Inormation Warare Monitor
is a joint project o The SecDev Group, and the Citizen Lab, atthe Munk Centre or International Studies, University o Toronto.
http://www.inowar-monitor.netONI Asia
is a sub-project o the OpenNet Initiative, ocusing on censorship and surveillance in theAsia region, unded by IDRC Canada, and executed by the SecDev Group.
http://www.idrc.ca/panasia/ev-120961-201-1-DO_TOPIC.htmlThe OpenNet Initiative
is a collaborative partnership o our leading academic institutions: theCitizen Lab at the Munk Centre or International Studies, University o Toronto, Berkman Center orInternet & Society at Harvard Law School, the Advanced Network Research Group at the CambridgeSecurity Programme, University o Cambridge, and the Oxord Internet Institute, Oxord University.
http://opennet.netThe Citizen Lab
is an interdisciplinary research and development laboratory based at the MunkCentre or International Studies, University o Toronto, ocusing on the Internet, global security, andhuman rights.
http://citizenlab.orgThe SecDev Group
is an operational “think tank” based in Ottawa, Canada ocusing on emergingsecurity issues including new media and inormation warare.
http://secdev.com
3
JR01-2008 BREACHING TRUST
Foreword
We are very pleased to introduce the rst Inormation Warare Monitor/ONI Asia jointreport,
Breaching Trust: An analysis of surveillance and security practices onChina’s TOM-Skype platform
, written by Nart Villeneuve, Psiphon Fellow, the CitizenLab, Munk Centre or International Studies, the University o Toronto.
Surveillance is a practice oten shrouded in secrecy. Although many people may be vaguely awarethat governments and corporations regularly engage in surveillance (indeed, oten in collusion) it isa practice that is dicult to identiy and document directly. Not surprisingly, thereore, surveillancepractices are oten the subject o speculation and conspiracy theories. Our lives today are surroundedby mediated communications, serviced by third parties and private entities, sent through channelsthat pass through multiple political jurisdictions, each step o which oers an opportunity or sur-veillance. Can we rely on the assurances o the service providers and technology companies who tellus they are secure and private? Should we trust the assurances o a well-known global brand?The ndings unearthed and documented by Nart Villeneuve in
Breaching Trust
suggest that we cannot.Here we have a major sotware tool used to make telephone calls and send instant messages over theInternet, advertising secure end-to-end encryption, and widely touted by activists and dissidents asa sae way to communicate sensitive inormation, logging sensitive keywords and uploading entiretranscripts o conversations to servers in China, which themselves are insecure. How insecure?Villeneuve was able to view, download, and archive millions o private communications, ranging rombusiness transactions to political correspondence, along with their identiying personal inormation.Although some have mooted that Skype is equipped with a backdoor or intelligence, and thatTOM-Skype in particular contained a Trojan Horse or the Chinese government, the company publiclydenied these suspicions. Villeneuve’s research denitively shows these denials are untrue. AlthoughVilleneuve’s trail runs cold at the doorstep o eight TOM-Skype servers in China, the underlying pur-pose o such widespread and systematic surveillance seems obvious. Dissidents and ordinary citizensare being systematically monitored and tracked.While there have been other recent revelations o corporate complicity in China’s censorship andsurveillance regime – the Yahoo case involving Shi Tao and others comes to mind — the acts laid outin
Breaching Trust
are o such massive proportions that these other cases pale in comparison.The lessons to be drawn rom this case are numerous and issues o corporate social responsibilitywill be raised. I there was any doubt that your electronic communications – even secure chat – canleave a trace,
Breaching Trust
will put that case to rest. This is a wake up call to everyone who hasever put their (blind) aith in the assurances oered up by network intermediaries like Skype. Declara-tions and privacy policies are no substitute or the type o due diligence that the research put orthhere represents.
Ron Deibert,
Director, the Citizen Lab, Munk Centre or International Studies, University o Toronto.
Raal Rohozinski,
Principal, The SecDev Group, Ottawa, Canada.
Search History:
Result 00 of 00
00 results for result for
p.
Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform
The report reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype, marketed by the domestic Chinese company TOM Online. TOM-Skype routinely collects, logs and captures millions…
(More)
15.1K
Reads
81
Readcasts
7
Embed Views
