Several organizations have called on Microsoft to release details on who it shares Skype data with and what type of data it collects. The software giant purchased Skype in 2011 and last year several groups pointed out that as a result Skype had become less secure, plus Microsoft had filed a patent that looked like it would allow it to eavesdrop on Skype calls. Microsoft was cagey about what data it shared and with whom, but with millions using Skype the question of who and how those video and voice calls might be intercepted could become a big issue.
Skype was created as a true peer-to-peer network where users connected to each other via a decentralized route. Yes, there were so-called super nodes, but as a whole the platform was relatively secure because of its architecture. With the Microsoft acquisition, Skype’s original architecture (which was never really discussed by the company) was tweaked. But people were still unsure how it worked, only that some of the steps Microsoft had taken, seemed to risk exposing user’s conversations.
Hence the petition. The Electronic Frontier Foundation, the Calyx Institute, Reporters Without Borders, the Egyptian Initiative for Personal Rights and even individuals sent a request to Microsoft asking for a transparency report similar to what Google and Twitter release twice a year. Google just released their’s actually. From the letter:
We understand that the transition of ownership to Microsoft, and the corresponding shifts in jurisdiction and management, may have made some questions of lawful access, user data collection, and the degree of security of Skype communications temporarily difficult to authoritatively answer. However, we believe that from the time of the original announcement of a merger in October 2011, and on the eve of Microsoft’s integration of Skype into many of its key software and services, the time has come for Microsoft to publicly document Skype’s security and privacy practices.
As consumers put more of their faith in IP communications platforms and governments seek to write new laws governing how those digital conversations are protected or the bits comprising those conversations are gathered, it’s vital the companies shine a light on who is asking for what data and how they behave when that happens. Of course, given that these platforms are controlled by private companies, there is relatively little accountability outside government laws (which are behind the times or interested in grabbing this information) and societal pressure. Let’s see if this societal pressure works.