University of Toronto researchers have uncovered a huge filtering system in China that tracks and keeps records of text messages containing politically charged words sent through the internet phone application Skype.
The system keeps track of text messages, but not voice calls, sent through TOM-Skype, a joint venture between the Chinese wireless company TOM Online — a division of the Hong Kong-based TOM Group Ltd. — and eBay, the web auction company that bought online phone service Skype in 2005.
The discovery once again shines a spotlight on the collective internet filtering efforts at work in China — known as the Great Firewall of China — and raises the possibility that the data could be used for surveillance.
The report is from Citizen Lab, a group of security researchers and human rights activists who focus on the intersection of civic politics and digital media. The group is housed at the university's Munk Centre for International Studies.
The report, entitled Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform, was published Wednesday on the University of Toronto's Information Warfare Monitor website.
Nart Villeneuve, a research fellow at the Citizen Lab, made the discovery.
Villeneuve monitored data generated by TOM-Skype and noted that when offensive words were sent using the service, an encrypted message was sent to an internet address. The trail led him to TOM Online's computers, where, due to a security lapse, he was able to read their computer directories over the web.
He and his Citizen Lab colleagues were able to view, download and archive 166,766 unique messages that had been filtered and they successfully translated close to 100,000.
While some contained obscenity-filled language, many messages appeared to contain keywords related to sensitive topics such as the religious group Falun Gong, Taiwan independence and opposition to the Communist Party of China.
Keywords do not appear to be the only reason why certain messages were flagged, however, as the researchers were unable themselves to trigger the filtering of data by sending messages containing those words. The researchers suggest geography and known addresses may also play a role in what messages were being filtered. In addition to keeping track of the text in the messages, the system also recorded Skype caller information.
Further testing would be required to determine conclusively that the messages were being used for surveillance and not just filtering, say the report's authors. However, regardless of intent, they say the system could be used for surveillance.
Jennifer Caukin, an eBay spokeswoman, issued a statement to CBC News on Thursday saying in April 2006, Skype publicly disclosed that TOM operated a text filter that blocked certain words on chat messages but said it did not compromise TOM customers' privacy.
"Last night, we learned that this practice was changed without our knowledge or consent and we are extremely concerned. We deeply apologize for the breach of privacy relating to chat messages on TOM's servers in China and we are urgently addressing this situation with TOM," she wrote.
The Citizen Lab researchers said the report runs counter to the belief — popular among dissidents in China — that Skype's encryption technology protects users from government monitoring.
Citizen Lab head Ron Deibert and colleague Rafal Rohozinski said in the report the findings are further proof that even secure chats can leave a trace.
"This is a wake-up call to everyone who has ever put their (blind) faith in the assurances offered up by network intermediaries like Skype," they wrote. "Declarations and privacy policies are no substitute for the type of due diligence that the research put forth here represents."