Breaching trust : an analysis of surveillance and security practices on China's TOM-Skype platform

Files

133320.pdf (1.31 MB)

Date

2008

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

The SecDev Group, Ottawa, ON , CA

Abstract

Our investigation reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype, marketed by the domestic Chinese company TOM Online. TOM-Skype routinely collects, logs and captures millions of records that include personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform. These records are kept on publicly-accessible servers, along with the information required to decrypt these log files. These files contain the full text of chat messages sent and/or received by TOM-Skype users that contain particular keywords that trigger TOM-Skype’s content-filtering capability. Our investigation revealed eight servers that are part of the TOM-Skype surveillance network. In addition, we found one server hosting a special version of TOM-Skype designed for use in “net bars” or cybercafés. This server contained log files and information that revealed the list of the words that the system censored. Another server captured data from TOM Online’s wireless services, and contained logs of SMS messages and other sensitive information. The log files obtained during the course of the investigation reveal information such as the IP addresses, usernames (and land line phone numbers) used to place or receive TOM-Skype calls, as well as the full content of filtered messages and the time and date of each message. The collected data affects all TOM-Skype users and also captures the personal information of any Skype users that interacted with registered TOM-Skype users. This represents a severe security and privacy breach. It also raises troubling questions regarding how these practices are related to the Government of China’s censorship and surveillance policies. The captured messages contain keywords relating to sensitive topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China...

Description

Keywords

INTERNET, CENSORSHIP, FREEDOM OF INFORMATION, SURVEILLANCE, PRIVACY, CHINA

Citation

URI

http://hdl.handle.net/10625/46870
 http://www.infowar-monitor.net/breachingtrust/

DOI

Collections

IDRC Research Results / Résultats de recherches du CRDI
2000-2009 / Années 2000-2009
Communications Policy and Regulations / Politiques et réglementation en matière de communications
Governance / Gouvernance
Research Results (Pan Asia) / Résultats de recherches (Pan Asie)