Security researchers recently found that IM conversations on the Chinese Skype program were not only filtered, but also recorded on a massive, nonsecure, server. The possibility of surveillance flies in the face of Skype's supposed strong encryption, and has provoked outcry among privacy advocates.
Users of the TOM-Skype platform, marketed in cooperation with a Chinese company, were "regularly scanned for sensitive keywords, and if present, the resulting data [were] uploaded and stored on servers in China," according to the report by Nart Villeneuve. Voice communications may have been catalogged, but researchers reported they did not find recorded conversations.
It wasn't just TOM-Skype users who were affected. Any Skype user who communicated with a TOM-Skype user was vulnerable, according to the report. And it didn't appear that keywords were the only trigger. Other factors, possibly individual usernames, might have been used to catalog data.
Villeneuve has posted a Q&A on his website that outlines some of the most common questions. (h/t Rebecca)
Although TOM-Skype was designed to prevent transmission of some keywords, such as an un-redacted "f*ck," Skype had claimed the filtering happened before the message was encrypted for transmission to the receiver, Villeneuve writes in the Q&A. His findings, if true, would contradict this claim.
Free expression advocates have been sharply critical of eBay, Skype's parent company, for this behavior. Rebecca MacKinnon, a professor at Hong Kong University and an expert on Chinese internet restrictions, writes:
"While Skype claims to have fixed the problem, the fact that TOM-Skype was enabling surveillance and privacy breaches in such a shocking manner for a significant period of time demonstrates that eBay/Skype as a company has not placed enough emphasis on protecting users' rights and interests."
Aside from an outpour from censorship activists, this finding also shows that many messages that were logged without users' knowledge were available to a hacker because the servers storing the information were not secure. The report notes that the servers were probably compromised before what the researchers might consider their "benign attack."
In fact, evidence suggests that the servers used to store captyured data have been compromised in the past and used to host pirated movies and torrents (for peer-to-peer file sharing).
Obviously, people who want to communicate securely in China will need to use other technologies.
This blog is often faced with the question of whether to post methods of accessing sites that are inaccessible from China because of government controls. I want to turn the question to readers, who I hope will have some opinions. Help me decide whether to reinstate a workaround for Chinese Wikipedia.
The argument for posting: I tend to believe it would be selfish to keep circumvention methods to myself when others who are less habitually engaged with technology news would also appreciate a way around the blocks. For instance, before the BBC News site was unblocked, I posted information on a URL that would let users through because of a quirk in the addressing on the BBC site--namely, the newsvote.bbc.co.uk mirror of news.bbc.co.uk was not blocked. I believed readers of Sinobyte would like to be able to use BBC News, and I got positive feedback in private.
The argument against posting: People who argue against posting workarounds hold that publicizing circumvention increases the likelihood of detection, and following that, more thorough blocks. It's a simple and persuasive point. If the authorities responsible for implementing blocks want something inaccessible, they might keep track of how people are beating their blocks and try to fight back.
Dealing with disagreements: Back when I posted the BBC URL, someone dashed off a comment criticizing my journalistic responsibility. I disagreed on that point and responded as follows: "I appreciate your concern, but in my experience merely posting something like this doesn't get a block in place. Moreover, on the journalistic responsibility point, this post doesn't put anyone in jeopardy, and most Internet users around here know how to get to what they need anyway. Guides on higher-profile sites than mine telling users how to access censored sites haven't led to simple blocks of several proxies. I think this URL an easy and valuable thing for some readers, and I know I'd appreciate seeing it in my RSS."
Indeed, especially on the journalistic ethics argument, I feel a particularly strong inclination to post the information. I was educated (or was it indoctrinated?) in a particular U.S. sense of proper press behavior. The main document of journalistic ethics in the United States is the Society of Professional Journalists' Code of Ethics. It's a long list of "don'ts" phrased as "dos." In my reading, the code gives arguments both for and against posting.
- For: under the heading "Seek Truth and Report it," the code asks us to:
-- Support the open exchange of views, even views they find repugnant.
--Give voice to the voiceless; official and unofficial sources of information can be equally valid. - Against: meanwhile, under "Minimize Harm," we see:
--Show compassion for those who may be affected adversely by news coverage. Use special sensitivity when dealing with children and inexperienced sources or subjects.
--Recognize that gathering and reporting information may cause harm or discomfort. Pursuit of the news is not a license for arrogance.
SPJ's code is by no means my personal code, but it is a useful starting point from a perspective of professionalism. In essence, this 20th century formulation of journalistic ethics asks us to weigh the value of free information with any harm that information may have.
My argument for posting: As I've mentioned above, I tend to lean toward publishing workarounds. It's not only because I tend to believe making this information more widespread is good for free information; it's because I see the potential harm as minimal. In the BBC example, far from causing an overall block, having the workaround posted happened to precede the full unblocking of BBC News' English site (and in one city, the Chinese version). Likewise, with the recent question of whether to keep the Wikipedia workaround online, this comes at a time when the English version is already available and the Chinese one still subject to a block. Celebrate as I may that I can read two major sites without a proxy, the censorship (the "harm," if you like) is still in place for Chinese users unable to read English well.
The Internet blocking regime in China, in my experience, is full of holes. It's popular to speculate that authorities know they cannot affect a total block but are working instead to deter users not committed to accessing restricted information and perhaps to encourage self-censorship. Especially in English, vocal critics of internet censorship remain unblocked. Rebecca MacKinnon, a former reporter who teaches at Hong Kong University, blogs vocally about freedom issues. Ted Chien, who asked me to take down the URL, a decision I'm taking under consideration now, blogs about some of the same issues in English and Chinese on Blogspot, which is now unblocked.
Even before a recent opening that may be connected to the Olympics in August, government blocks were far from complete. Determined individuals can get through the blocks, and the government does little to eliminate proxies, even as it blocks a large amount of information through site-wide blocks or keyword filtering. And when one workaround fails, another inevitably arises. Though I haven't actually had any of my several free proxies blocked while working from Beijing over the last nine months or so, friends who have seen theirs go have simply switched. My ultimate question, then, is what's the value of a workaround if we don't tell people about it?
I'd love to hear from others on this issue. Please comment here or e-mail me directly at sinobyte /[at]/ gwbstr.com.
So you're a fan of intellectual property innovation and you want to bring Creative Commons to Hong Kong. What are your pitches? Exalting the free market and smearing Hollywood.
Creative Commons, founded by Stanford law professor Lawrence Lessig, develops licenses that let creators allow or disallow a variety of reuses of the work. It's catchphrase, if it has one, is "Some Rights Reserved."
Will Creative Commons make it to Hong Kong?
(Credit: Creative Commons / Sinobyte)Teams of lawyers have adapted these licenses to more than 40 national jurisdictions, including mainland China, but the Hong Kong efforts are still under way.
Rebecca MacKinnon--an excellent media blogger, an assistant professor at Hong Kong University, and a member of CC's Hong Kong team--writes in her blog about the progress of the Hong Kong effort. She also recounts two arguments for CC in Hong Kong:
The first is from Pindar Wong, an ICANN board member who founded Hong Kong's first ISP:
...Hong Kong is one of the freest economies in the world. So let the market decide. The Creative Commons license should be there by default. Once it's there, then we can start doing things that are very interesting...This is a starting point not an ending point.
The second from Joi Ito, chair of CC's board and a longtime media blogger:
What's really a pity is that this Hollywood regime is infecting other governments into thinking that by having a strong copyright regime they will encourage the content business. When in fact by encouraging the amateur business, they may sell more video cameras and televisions and network connections and bandwidth, and we would probably make a lot more money supporting the sharing economy in Asia than we would trying to build a Hollywood inside Hong Kong.
I am a supporter (and a user, at my other site) of CC. I'm hoping it gets up and running in Hong Kong's legal structure sooner rather than later.
- prev
- 1
- next
