Microsoft Report: Gov Surveillance Agencies Snooping on Skype Calls

Susanne Posel
Occupy Corporatism
March 22, 2013


Microsoft has released their first transparency report that details domestic and international law enforcement requests on information on 137,424 accounts. Globally the total inquiries were 75,378 which affected less than .02% of users.
US law enforcement has made 11,073 requests on users. International law enforcement has made 4,713 requests on 15,409 accounts. In fact, the US was number 2 in total requests for disclosure of user information.
This amounts to 14% of law enforcement making requests for digital data on citizens in the US.
Microsoft explained that the data they provided was paid for by the agency making the request and would not provide this data to agencies unwilling to pay for it.
Brad Smith, executive vice president of legal and corporate, said that Microsoft will continue to provide these reports as does Google and Twitter.
Microsoft purchased Skype for $8.5 billion in 2011, which is used by over 600 million people across the globe.
In an open letter to Skype, wherein the confusion over privacy was discussed with regard to governmental access as well as third parties who can use Skype user data and communications.
The letter states: “We understand that the transition of ownership to Microsoft, and the corresponding shifts in jurisdiction and management, may have made some questions of lawful access, user data collection, and the degree of security of Skype communications temporarily difficult to authoritatively answer. However, we believe that from the time of the original announcement of a merger in October 2011, and on the eve of Microsoft’s integration of Skype into many of its key software and services, the time has come for Microsoft to publicly document Skype’s security and privacy practices.”
Confusion over jurisdiction continues as Skype’s headquarters are located in Luxemburg, Germany and Microsoft’s headquarters are in Redmond, Washington State. Microsoft/Skype’s compliance with US intelligence requests from the federal government under the Communications Assistance for Law Enforcement Act (CALEA) allow US surveillance agencies to access digital data from corporations such as Skype.
Public disclosure of governmental surveillance activities defines the security of calls on platforms such as Skype, wire-taps as well as peer-to-peer communications that may be compromised. Understanding how Skype and Microsoft cooperate with federal, foreign and local law enforcement explain the nature of investigations and how citizens can expect their privacy to be infringed upon. This also explains how international law is applicable when surveillance is being conducted.
Microsoft outlines how information on users is generated:
• personally identifiable information on users
• non-identifiable information
• actual contents of Skype-to-Skype audio and video conversations
Government surveillance agencies and third-party advertising corporations can request user data such as:
• customer names
• credit card information
• phone company
• phone exchanges
• age
• gender
• country of residence
• Microsoft account information
• Personal user ID
• IP history, Xbox gamer profiles
Microsoft claims not to store Skype call conversations and send them with encryption codes across the internet through Microsoft servers. The corporation has divulged “traffic data” such as who called, when and for how long.
The Federal Bureau of Investigations (FBI) uses National Security Letters (NSLs) to request private customer information from financial institutions, phone companies, internet service providers (ISPs) and other corporations that data mine their customers for “marketing purposes”.
Under Title 18 USC, Section 2709 and expanded by the USA Patriot Act, Section 505, NSLs are legally issued while their existence is kept in the shadows. This abuse of power has resulted in infringement on the 4th Amendment rights of Americans across the nation.
NSLs are sent by the thousands without judicial oversight. Recently US District Court Judge Susan Illston ruled that the FBI must stop using these letters for the next 3 months while the Department of Justice (DoJ) is able to review their validity and whether they comply with the US Constitution and the 4th Amendment rights of Americans.
When the US government wants to have completely secure and anonymous communications over the internet, they use Tor.
Tor “is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features.” The service was originally designed for the US Navy by the US Naval Research Laboratory. Its “primary purpose” was to protect “government communications.”
Tor is now used by law enforcement, journalists, and activists, the US military and average citizens.
Tor is based on onion routing which is “made up of projects researching, designing, building, and analyzing anonymous communications systems. The focus is on practical systems for low-latency Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routing servers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom — the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network.”
Field agents use this open source software to “mask the sites they are visiting, protecting military interests and operations, as well as protecting themselves from physical harm.”
When DARPA designed the internet “its primary purpose was to be able to facilitate distributed, robust communications in case of local strikes. However, some functions must be centralized, such as command and control sites. It’s the nature of the Internet protocols to reveal the geographic location of any server that is reachable online. Tor’s hidden services capacity allows military command and control to be physically secure from discovery and takedown.”
Tor also facilitates secure surveillance of targets and insurgents.